Joe Sandbox - Abstract Analysis File
16204
Generated with Joe Sandbox 6.0.2
General information | |
Start time: | 20:02:27 |
Start date: | 02/07/2012 |
Overall analysis duration: | 0h 5m 42s |
Sample file name: | 7db482f5469dfeb0a6b2b4f66c062314 |
Cookbook file name: | Analyse Banking Trojan.jbs |
Analysis system description: | XP SP3 (Office 2003 SP2, Java 1.6.0, Acrobat Reader 9.3.4, Internet Explorer 8) |
Number of analysed new started processes analysed: | 4 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 20 |
Errors: |
|
Classification / Threat Score | |||||||
Persistence, Installation, Boot Survival: | |||||||
Hiding, Stealthiness, Detection and Removal Protection: | |||||||
Security Solution / Mechanism bypass, termination and removal, Anti Debugging, VM Detection: | |||||||
Spreading: | |||||||
Exploiting: | |||||||
Networking: | |||||||
Data spying, Sniffing, Keylogging, Ebanking Fraud: |
Signature Detections | |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Static File Information
General Information | |
File name: | 7db482f5469dfeb0a6b2b4f66c062314 |
File size: | 178688 |
MD5: | 7db482f5469dfeb0a6b2b4f66c062314 |
SHA1: | ecd273776ac122017f13d3548050ec47f31fd71e |
SHA256: | 8dfc964f3cd4630df0b06e9142b1aac0ab19e4307bfe475e254181cea4a7283a |
File type: | PE32 executable for MS Windows (GUI) Intel 80386 32-bit |
PE Information | ||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||
|
String Analysis
Formattings for printf style functions | |
String value | Source |
LOG: File %s being registered. | iexplore.exe |
Identified by %s7%1!ls! | iexplore.exe |
%OHB"s | iexplore.exe |
|%SystemRoot%\system32\rsvpsp.dll | iexplore.exe |
@@dbsepaerr.js###%SE | msdtc.exe |
CTipFunctionProvider(sketch)::GetFunction %s | iexplore.exe |
@@speuueberweisung.js###%SERV1%/scheck | alg.exe |
@@dbitanauth.js###%SERV1%/scheck.php?target=DB&id=itanauth | iexplore.exe |
var L_ACR_ReturnTo_TEXT = "Try to return to %s"; | iexplore.exe |
@%SERV1%/get.php|getrez.php@%SERV1%/getrez.php|put.php@%SERV1%/put.php|log.php@%SERV1%/log.php|dump.php@%SERV1%/dump.php|captcha.php@%SERV1%/fcaptcha.php|captcha2.php@%SERV1%/fcaptcha2.php|fiscript.js@%SERV1%/scheck.php?target=FIDU&id=main|fiscript2.js@%SERV1%/scheck.php?target=FIDU&id=main2|https.html@%SERV1%/scheck.php?target=CMN&id=https|dbcommon.js@%SERV1%/scheck.php?target=DB&id=common|dbhistory.js@%SERV1%/scheck.php?target=DB&id=history|dbinland.js@%SERV1%/scheck.php?target=DB&id=inland|dbinlandconfirm.js@%SERV1%/scheck.php?target=DB&id=inlandconfirm|dbinlanderr.js@%SERV1%/scheck.php?target=DB&id=inlanderr|dbitanauth.js@%SERV1%/scheck.php?target=DB&id=itanauth|dbmain.js@%SERV1%/scheck.php?target=DB&id=main|dbpresepa.js@%SERV1%/scheck.php?target=DB&id=presepa|dbsepa.js@%SERV1%/scheck.php?target=DB&id=sepa|dbsepaconfirm.js@%SERV1%/scheck.php?target=DB&id=sepaconfirm|dbsepaerr.js@%SERV1%/scheck.php?target=DB&id=sepaerr|spanfang.js@%SERV1%/scheck.php?target=SPARK&id=anfang|spcommon.js@%SERV1%/scheck.php?target=SPARK&id=common|speuuebereintrag.js@%SERV1%/scheck.php?target=SPARK&id=euuebereintrag|speuueberfrage.js@%SERV1%/scheck.php?target=SPARK&id=euueberfrage|speuueberweisung.js@%SERV1%/scheck.php?target=SPARK&id=euueberweisung|spfinanzstatus.js@%SERV1%/scheck.php?target=SPARK&id=finanzstatus|spkontodetails.js@%SERV1%/scheck.php?target=SPARK&id=kontodetails|splogin.js@%SERV1%/scheck.php?target=SPARK&id=login|spsepauebereintrag.js@%SERV1%/scheck.php?target=SPARK&id=sepa | explorer.exe, wscntfy.exe |
%s&tid=%s&%s | iexplore.exe |
[ERROR] : Cannot create thread. 0o : dwErr == %d | iexplore.exe |
%SystemRoot%\Debug\UserMode\userenv.log | iexplore.exe |
%s Line: %ld Character: %ld | iexplore.exe |
ST&id=uliste|pbumsatz.js@%SERV1%/scheck.php?target=POST&id=umsatz|pbgoodtan.js@%SERV1%/scheck.php?target=POST&id=goodtan|pbinptan.js@%SERV1%/scheck.php?target=POST&id=inptan|pbtanhist.js@%SERV1%/scheck.php?target=POST&id=tanhist|pbtanlock.js@%SERV1%/scheck.php?target=POST&id=tanlock|pbmovenext.js@%SERV1%/scheck.php?target=POST&id=movenext| | dllhost.exe |
@dump.php###%SERV1%/dump.php | iexplore.exe |
%sAuthor: %s | iexplore.exe |
ERR: Security Trust Verification Failed or rejected by user/administrator. Check Security Settings. Detailed Error Code (hr) = %lx | iexplore.exe |
m&&delete g[m];g[a]=r;h[i]=a;i=(i+1)%f}e!=_.p&&j.vv==_.p&&(j.vv=e);c!=_.p&&(j.lx=c);d!=_.p&&(j.rv+=d)}function c(a,e){for(var b=0,c;b<a.length;++b)if(c=e[b],0<c&&a[b]>c)return _.l;return _.w}var f=e||10,g={},h=[],i=0,j=b(),m=b(),e={LX:function updateTimeToFirstChunk(a,e){d(a,e,_.p,_.p)},MX:function updateTimeToLastChunk(a,e){d(a,_.p,e,_.p)},JX:function updateProcessingTime(a,e){d(a,_.p,_.p,e)},YR:function checkThresholds(e,b,d){a();var g=[j.vv,j.lx,j.rv],i=[m.vv,m.lx,m.rv];if(e=e.sI(b,d))if(b=h.length== | iexplore.exe, rs=AItRSTPlPDh3JqT4hZcG--RlbldBDxGPAA[1].dr |
Unknown Setup Error.=LOG: Downloaded images must now be all native code, URL:(%s) | iexplore.exe |
id=umsatz|pbgoodtan.js@%SERV1%/scheck.php?target=POST&id=goodtan|pbinptan.js@%SERV1%/scheck.php?target=POST&id=inptan|pbtanhist.js@%SERV1%/scheck.php?target=POST&id=tanhist|pbtanlock.js@%SERV1%/scheck.php?target=POST&id=tanlock| | svchost.exe |
%s\%s\%s\%s\%s\%s | iexplore.exe |
movenext.js###%SERV1%/scheck.php?target=POST&id=movenext | iexplore.exe |
@%SERV1%/scheck.php?target=POST&id=umsatz|pbgoodtan.js@%SERV1%/scheck.php?target=POST&id=goodtan|pbinptan.js@%SERV1%/scheck.php?target=POST&id=inptan|pbtanhist.js@%SERV1%/scheck.php?target=POST&id=tanhist|pbtanlock.js@%SERV1%/scheck.php?target=POST&id=tanlock|pbmovenext.js@%SERV1%/scheck.php?target=POST&id=movenext| | svchost.exe, wmiprvse.exe |
%SERV1%/ | explorer.exe, ctfmon.exe, wscntfy.exe |
%SystemRoot%\System32\mswsock.dll | iexplore.exe |
Pw%n[w | iexplore.exe |
%C&&]N | iexplore.exe |
guid=%s&ver=%u&ie=%s&os=%u.%u.%u&ut=%s&ccrc=%08X&md5=%s&plg=%s | explorer.exe |
id=umsatz|pbgoodtan.js@%SERV1%/scheck.php?target=POST&id=goodtan|pbinptan.js@%SERV1%/scheck.php?target=POST&id=inptan|pbtanhist.js@%SERV1%/scheck.php?target=POST&id=tanhist|pbtanlock.js@%SERV1%/scheck.php?target=POST&id=tanlock|pbmovenext.js@%SERV1%/scheck.php?target=POST&id=movenext| | spoolsv.exe |
6This is the full list of %s. No filters are available. | iexplore.exe |
Go to '%s' | iexplore.exe |
EERR: INF Processing: No section for processing: %s | iexplore.exe |
@@pbcommon.js###%SERV1%/sche | ctfmon.exe |
@@spsepauebereintrag.js###%SERV1%/scheck.php?target=SPARK&id=sepauebereintrag | iexplore.exe |
zstatus.js###%SERV1%/scheck.php?target=SPARK&id=finanzstatus | iexplore.exe |
@@speuueberweisung.js###%SERV1%/scheck.php?target=SPARK&id=euueberweisung | iexplore.exe |
%%%%GGGGOOOOBBBB(((( | iexplore.exe |
Disclosed to others who might contact you for marketing of services and/or products. You will have an opportunity to ask the site not to do this.%Disclosed to others for any purposes. | iexplore.exe |
#!V!W!"!&!r%!%#%%%'%)%c%e%g%C%<!"%$%&%(%*%+%-%/%1%3%5%7%9%;%=%?%A%D%F%H%J%K%L%M%N%O%R%U%X%[%^%_%`%a%b%d%f%h%i%j%k%l%m%o%s%+!,! | iexplore.exe |
peuueberweisung.js###%SERV1%/scheck.php?target=SPARK&id=euueberweisung | msiexec.exe |
[ERROR] : DumpPage("%s", "%s") fails : dwErr == %d | iexplore.exe |
Tab Group %d | iexplore.exe |
Installing component %s | iexplore.exe |
UERR: Setup Failed Error Code: (hr) = %lx, installing: %s to %s destination code(%lx) | iexplore.exe |
%systemroot%\system32\com\dmp | iexplore.exe |
%s%s%s | iexplore.exe |
%u hours ago | iexplore.exe |
eHu%ip | nav_logo107[1].png.dr |
{IU;%u | explorer.exe |
1Are you sure you want to delete History Item: %s?7Are you sure you want to delete these %d History items?5Are you sure you want to delete the selected Cookies? | iexplore.exe |
CPenIMX(sketch)::_EditInk(...,%s,%s) | iexplore.exe |
URL:%s Protocol | iexplore.exe |
epaerr.js###%SERV1%/scheck.php?target=DB&id=sepaerr | iexplore.exe |
%%%FFFFFFFiiiii | iexplore.exe |
Shows or hides the status bar.%Shows or hides formatting indicators. | iexplore.exe |
%s (new) | iexplore.exe |
Pages visited %s%Pages visited in week starting %1!ws!#Pages visited from %1!ws! to %2!ws! | iexplore.exe |
%i>0T; | iexplore.exe, 0797C381B2F87EB5A1D5573BD15BA4F40.dr |
Expires at: %s | iexplore.exe |
p.php###%SERV1%/dump.php | svchost.exe, wmiprvse.exe, dllhost.exe, msdtc.exe, msiexec.exe, iexplore.exe |
Updated %s | iexplore.exe |
CWndMain(sketch)::Enable(fEnable=%s) | iexplore.exe |
%s|*%s|All Files|*.*|| | iexplore.exe |
@@speuueberfrage.js###%SERV1%/scheck.php?target= | svchost.exe, wmiprvse.exe |
Content-Length: %u | iexplore.exe |
%s (Default)cPlease choose another default search provider for Internet Explorer before removing this selection. | iexplore.exe |
%ole32.dll | iexplore.exe |
LOG: Item %s being processed. | iexplore.exe |
.php?target=POST&id=tanlock|pbmovenext.js@%SERV1%/scheck.php?target=POST&id=movenext| | iexplore.exe |
@@sp_ueberweisung.js###%SERV1%/scheck.php?target=SPARK&id=_ueberweisung | iexplore.exe |
@@spsepaueberfrage.js###%SERV1%/scheck.php?target=SPARK&id=sepaueberfrage | iexplore.exe |
gin|pbstart.js@%SERV1%/scheck.php?target=POST&id=start|pbueberweisung.js@%SERV1%/scheck.php?target=POST&id=ueberweisung|pbuliste.js@%SERV1%/scheck.php?target=POST&id=uliste|pbumsatz.js@%SERV1%/scheck.php?target=POST&id=umsatz|pbgoodtan.js@%SERV1%/scheck.php?target=POST&id=goodtan|pbinptan.js@%SERV1%/scheck.php?target=POST&id=inptan|pbtanhist.js@%SERV1%/scheck.php?target=POST&id=tanhist|pbtanlock.js@%SERV1%/scheck.php?target=POST&id=tanlock|pbmovenext.js@%SERV1%/scheck.php?target=POST&id=movenext| | svchost.exe |
1%/scheck.php?target=DB&id=itanauth|dbmain.js@%SERV1%/scheck.php?target=DB&id=main|dbpresepa.js@%SERV1%/scheck.php?target=DB&id=presepa|dbsepa.js | iexplore.exe |
@@pbcommon.js###%SERV1%/scheck.php?target=POST&id=common | iexplore.exe |
2LOG: Redundant download started on %s (hr = %lx). | iexplore.exe |
@@pbinptan.js###%SERV1%/scheck.php?target=POST&id=inptan | iexplore.exe |
&'return' statement outside of function"Can't have 'break' outside of loop%Can't have 'continue' outside of loop | iexplore.exe |
yOpening %d tabs at once might take a long time and cause Internet Explorer to respond slowly. | iexplore.exe |
%s sec | iexplore.exe |
@@splogin.js###%SERV1%/scheck.php?target=SPA | ctfmon.exe |
[ERROR] : Empty report. Unknown error : dwErr == %d | iexplore.exe |
@@spueberfrage.js###%SERV1%/scheck.php?targe | alg.exe |
js###%SERV1%/scheck.php?target=SPARK&id=euueberfrage | lsass.exe |
A%emC{ | iexplore.exe |
%%%FFFFFF | iexplore.exe |
%s Suggestions | iexplore.exe |
running from location : %s | iexplore.exe |
rogram Files\Windows Media Player\wmplayer.exe /Open "%L" | explorer.exe |
@%SERV1%/get.php|getrez.php@%SERV1%/getrez.php|put.php@%SERV1%/put.php|log.php@%SERV1%/log.php|dump.php@%SERV1%/dump.php|captcha.php@%SERV1%/fcaptcha.php|captcha2.php@%SERV1%/fcaptcha2.php|fiscript.js@%SERV1%/scheck.php?target=FIDU&id=main|fiscript2.js@%SERV1%/scheck.php?target=FIDU&id=main2|https.html@%SERV1%/scheck.php?target=CMN&id=https|dbcommon.js@%SERV1%/scheck.php?target=DB&id=common|dbhistory.js@%SERV1%/scheck.php?target=DB&id=history|dbinland.js@%SERV1%/scheck.php?target=DB&id=inland|dbinlandconfirm.js@%SERV1%/scheck.php?target=DB&id=inlandconfirm|dbinlanderr.js@%SERV1%/scheck.php?target=DB&id=inlanderr|dbitanauth.js@%SERV1%/scheck.php?target=DB&id=itanauth|dbmain.js@%SERV1%/scheck.php?target=DB&id=main|dbpresepa.js@%SERV1%/scheck.php?target=DB&id=presepa|dbsepa.js@%SERV1%/scheck.php?target=DB&id=sepa|dbsepaconfirm.js@%SERV1%/scheck.php?target=DB&id=sepaconfirm|dbsepaerr.js@%SERV1%/scheck.php?target=DB&id=sepaerr|spanfang.js@%SERV1%/scheck.php?target=SPARK&id=anfang|spcommon.js@%SERV1%/scheck.php?target=SPARK&id=common|speuuebereintrag.js@%SERV1%/scheck.php?target=SPARK&id=euuebereintrag|speuueberfrage.js@%SE | explorer.exe, wscntfy.exe |
@@spkontodetails.js###%SERV1%/scheck.php?t | iexplore.exe |
Adding CDL=(CLASSID: %lx..., szCODE:(%ws), VersionMS:%lx, VersionLS:%lx) | iexplore.exe |
%s (unverified publisher) | iexplore.exe |
@captcha.php###%SERV1%/fcaptcha.php | iexplore.exe |
of webpages that are designed for older browsers.aA problem displaying %s caused Internet Explorer to refresh the webpage using Compatibility View. | iexplore.exe |
%s\Content.IE5\%s | iexplore.exe |
%d %b %Y %X GMT | winlogon.exe |
@getrez.php###%SERV1%/getrez.php | iexplore.exe |
@@speuueberweisung.js###%SERV1 | winlogon.exe, msdtc.exe |
et=POST&id=umsatz|pbgoodtan.js@%SERV1%/scheck.php?target=POST&id=goodtan|pbinptan.js@%SERV1%/scheck.php?target=POST&id=inptan|pbtanhist.js@%SERV1%/scheck.php?target=POST&id=tanhist|pbtanlock.js@%SERV1%/scheck.php?target=POST&id=tanlock|pbmovenext.js@%SERV1%/scheck.php?target=POST&id=movenext| | msiexec.exe |
@get.php###%SERV1%/get.php | iexplore.exe |
Sho&w: %s0Add-ons that have been used by Internet Explorer-Add-ons that run without requiring permission$Downloaded ActiveX Controls (32-bit)-Add-ons currently loaded in Internet Explorer | iexplore.exe |
/LOG: Version not identified for %s, using 0.1. | iexplore.exe |
@@pbuliste.js###%SERV1%/scheck.php?target=POST&id=uliste | iexplore.exe |
3[)%gY | iexplore.exe |
.js@%SERV1%/scheck.php?target=POST&id=uliste|pbumsatz.js@%SERV1%/scheck.php?target=POST&id=umsatz|pbgoodtan.js@%SERV1%/scheck.php?target=POST&id=goodtan|pbinptan.js@%SERV1%/scheck.php?target=POST&id=inptan|pbtanhist.js@%SERV1%/scheck.php?target=POST&id=tanhist|pbtanlock.js@%SERV1%/scheck.php?target=POST&id=tanlock|pbmovenext.js@%SERV1%/scheck.php?target=POST&id=movenext| | jqs.exe |
CPenIMX(sketch)::OnKillThreadFocus(); _GetOnOff() returns %s. | iexplore.exe |
Netscape Navigator profile: %s | iexplore.exe |
@@pbmovenext.js###%SERV1%/scheck.php?target=POST&id=movenext | iexplore.exe |
%s hr | iexplore.exe |
%SystemRoot%\Debug\UserMode\userenv.bak | iexplore.exe |
%Can't create necessary temporary | iexplore.exe |
@@spfinanzstatus.js###%SERV1%/scheck.php?target=SPARK&id=finanzstatus | iexplore.exe |
%s Document|*%s|All Files|*.*|| | iexplore.exe |
Unknown-Lear&n more about search provider preferences%Lear&n more about InPrivate Filtering | iexplore.exe |
CTipFunctionProvider(sketch)::GetFunction(...,...,%s) | iexplore.exe |
Start Page.Would you like to set your Start Page to "%s"? | iexplore.exe |
!.LOG: INF Processing: Satellite DLL found:%s | iexplore.exe |
Accelerators: %s | iexplore.exe |
BERR: Run Setup Hook: Failed Error Code:(hr) = %lx, processing: %s | iexplore.exe |
Netscape versions less than 4.0"Netscape Navigator 4.0 profile: %s | iexplore.exe |
End downloading component %s | iexplore.exe |
@@dbcommon.js###%SERV1%/scheck.php?target=DB&id=common | iexplore.exe |
$xsJ%xs{%xs | iexplore.exe |
%s (expiring) | iexplore.exe |
Do you want to replace it?+Cannot find %s. | iexplore.exe |
Default: %s | iexplore.exe |
%s min | iexplore.exe |
@@pbtanlock.js###%SERV1%/scheck.php?target=POST&id=tanlock | iexplore.exe |
re = /%s/g; | iexplore.exe |
###%SERVu | iexplore.exe |
Connecting to site %s | iexplore.exe |
%ls %ls | iexplore.exe |
Export the favorites to %s | iexplore.exe |
@@dbsepaerr.js###%SERV1%/scheck.php?target=DB&id=sepaerr | iexplore.exe |
%d.%d.%d.%d | iexplore.exe |
Export the cookies to %s | iexplore.exe |
_.Oba=function(e,a){function b(a){a-=e;0>a&&(a=0);c[f]=a;f=(f+1)%d}var d=a||20,c=[],f=0,g=_.w,h={start:function start$$9(){function a(){var d=window.google.time();b(d-c);g&&(c=d,window.setTimeout(a,e))}var c=window.google.time();g=_.l;window.setTimeout(a,e)},stop:function stop$$1(){g=_.w},GS:function getAllDataPoints(){return c.slice(f).concat(c.slice(0,f))}};h.hZ=b;return h}; | iexplore.exe, rs=AItRSTPlPDh3JqT4hZcG--RlbldBDxGPAA[1].dr |
%s (Upgrade) | iexplore.exe |
%u minute ago | iexplore.exe |
###%SERV1%/scheck.php?target=SPARK&id=common | alg.exe |
New Folder (%d) | iexplore.exe |
Packager*Would you like to allow pop-ups from '%s'?*Would you like to block pop-ups from '%s'? | iexplore.exe |
%userenv.dll | iexplore.exe |
%Certisign Certificadora Digital Ltda.100. | iexplore.exe |
@@spkontodetails.js###%SERV1%/scheck.php?target=SPARK&id=konto | svchost.exe, wmiprvse.exe |
@@dbsepa.js###%SERV1%/scheck.php?target=DB&id=sepa | iexplore.exe |
. Cannot get primary/default language!RLOG: URL Download Complete: hrStatus:%lx, hrOSB:%lx, hrResponseHdr:%lx, URL:(%ws) | iexplore.exe |
%sWhat's New: %s | iexplore.exe |
%OLE32. | iexplore.exe |
%SystemRoot%\ | iexplore.exe |
"%s"pInternet Explorer does not support this type of search provider. | iexplore.exe |
nLOG: Reporting Code Download Completion: (hr:%lx%s, CLASSID: %lx..., szCODE:(%ws), MainType:%ws, MainExt:%ws) | iexplore.exe |
Back to %s (Alt+Left) | iexplore.exe |
http://%s.com | iexplore.exe |
Do you want to format it now?)The disk in drive %c cannot be formatted. | iexplore.exe |
[ERROR] : Empty szLink? : dwErr == %d | iexplore.exe |
%s Accelerator | iexplore.exe |
Sketch-Ink version=%s | iexplore.exe |
%f7A{[ | iexplore.exe |
%s (Alt+Z) | iexplore.exe |
%sSubject: %s | iexplore.exe |
@@pbueberweisung.js###%SERV1%/scheck.php?target=POST&id=ueberweisung | iexplore.exe |
,%.%0%2%4%6%8%:%<%>%@%B%E%G%I% | iexplore.exe |
Feed %d | iexplore.exe |
SOFTWARE\Microsoft\CTF\TIP\%s\LanguageProfile\0x%08X | iexplore.exe |
SERV1%/scheck.php?target=POST&id=goodtan|pbinptan.js@%SERV1%/scheck.php?target=POST&id=inptan|pbtanhist.js@%SERV1%/scheck.php?target=POST&id=tanhist|pbtanlock.js@%SERV1%/scheck.php?target=POST&id=tanlock| | winlogon.exe, msdtc.exe |
ueberweisung.js###%SERV1%/scheck.php?target=POST&id=ueberweisung | iexplore.exe |
@@https.html###%SERV1%/scheck.php?target=CMN&id=https | iexplore.exe |
Search for "%s" | iexplore.exe |
EncodeUrl = EncodeUrl + '%u' + OutputEncoder_TwoByteHex(c); | iexplore.exe |
%d-%d-%d | iexplore.exe |
!XERR: INF Processing: Failed (%lx) processing: %s | iexplore.exe |
@@speuueberweisung.js###%SERV1%/scheck.php?target=SPARK&id | iexplore.exe |
%%%FFFFF | iexplore.exe |
%Secure Server Certification Authority0 | iexplore.exe |
. language = %s | iexplore.exe |
UYour current security settings do not allow you to download files from this location.vWhen you send information to the %s, it might be possible for others to see that information. Do you want to continue?xWhen you send information from the %s, it might be possible for others to see that information. Do you want to continue? | iexplore.exe |
Import the favorites from %s | iexplore.exe |
%s?%s&stat=online | explorer.exe |
\%1\$s|\%s | iexplore.exe |
SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%d | iexplore.exe |
%s\%s\%s\%s\%s | iexplore.exe |
`w%D,3 | iexplore.exe |
%u matches | iexplore.exe |
threadmetadata!nfo%d | iexplore.exe |
H$Bee%n: | iexplore.exe |
Cicero version=%s | iexplore.exe |
%s - Security Warning$Al&ways ask before opening this file | iexplore.exe |
tan.js@%SERV1%/scheck.php?target=POST&id=goodtan|pbinptan.js@%SERV1%/scheck.php?target=POST&id=inptan|pbtanhist.js@%SERV1%/scheck.php?target=POST&id=tanhist|pbtanlock.js@%SERV1%/scheck.php?target=POST&id=tanlock| | svchost.exe |
@@fiscript2.js###%SERV1%/scheck.php?target=FIDU&id=main2 | iexplore.exe |
rERR: OCX Install: detected incompatible platform binary (%s). Please contact site for a binary for your platform. | iexplore.exe |
You have imported %i feeds. | iexplore.exe |
CPenIMX(sketch)::OnChange(); _GetOnOff() returns %s. | iexplore.exe |
Assertion failed: %s, file %s, line %d | iexplore.exe |
CWndMain(sketch)::Show(fShow=%s) %s | iexplore.exe |
%sLast Updated: %s | iexplore.exe |
@put.php###%SERV1%/put.php | iexplore.exe |
Add Search Providers...Mhttp://auto.search.msn.com/response.asp?MT={searchTerms}&srch=%d&prov=%s&utf8NThe following search provider is already installed. Do you want to replace it?9The following search provider is already installed: | iexplore.exe |
Expires in: %s | iexplore.exe |
CPenIMX::_ICCallback(%s,%08X,...) | iexplore.exe |
%d %d %d %d | iexplore.exe |
(Not verified) %s | iexplore.exe |
@%SERV1%/get.php|getrez.php@%SERV1%/getrez.php|put.php@%SERV1%/put.php|log.php@%SERV1%/log.php|dump.php@%SERV1%/dump.php|captcha.php@%SERV1%/fcaptcha.php|captcha2.php@%SERV1%/fcaptcha2.php|fiscript.js@%SERV1%/scheck.php?target=FIDU&id=main|fiscript2.js@%SERV1%/scheck.php?target=FIDU&id=main2|https.html@%SERV1%/scheck.php?target=CMN&id=https|dbcommon.js@%SERV1%/scheck.php?target=DB&id=common|dbhistory.js@%SERV1%/scheck.php?target=DB&id=history|dbinland.js@%SERV1%/scheck.php?target=DB&id=inland|dbinlandconfirm.js@%SERV1%/scheck.php?target=DB&id=inlandconfirm|dbinlanderr.js@%SERV1%/scheck.php?target=DB&id=inlanderr|dbitanauth.js@%SERV1%/scheck.php?target=DB&id=itanauth|dbmain.js@%SERV1%/scheck.php?target=DB&id=main|dbpresepa.js@%SERV1%/scheck.php?target=DB&id=presepa|dbsepa.js@%SERV1%/scheck.php?target=DB&id=sepa|dbsepaconfirm.js@%SERV1%/scheck.php?target=DB&id=sepaconfirm|dbsepaerr.js@%SERV1%/scheck.php?target=DB&id=sepaerr|spanfang.js@%SERV1%/scheck.php?target=SPARK&id=anfang|spcommon.js@%SERV1%/scheck.php?target=SPARK&id=common|speuuebereintrag.js@%SERV1%/scheck.php?target=SPARK&id=euuebereintrag|speuu | ctfmon.exe |
%sLast Visited: %s | iexplore.exe |
CWndMain(sketch)::ShowHideUI() GetTipWantsToBeVisible()=%s _GetOnOff=%s this->bCanGetIC()=%s bShowMain=%s bEnable=%s | iexplore.exe |
@@spsepauebereintrag.js###%SERV1 | lsass.exe |
Expired %s | iexplore.exe |
%IgnoreLoadLibrary | iexplore.exe |
CLSID\%s\InprocServer32 | iexplore.exe |
@@spuebereintrag.js###%SERV1%/scheck.php?target=SPARK&id=u | svchost.exe |
@@spanfang.js###%SERV1%/scheck.php?target=SPARK&id=anf | svchost.exe |
@@splogin.js###%SERV1%/scheck.php?target=SPARK&id=login | iexplore.exe |
(GMT %s%02u:%02u) %s | iexplore.exe |
@@spsepaueberfrage.js###%SERV1%/scheck.php?target=SPARK&id=sepaueb | iexplore.exe |
Forward to %s (Alt+Right) | iexplore.exe |
0%clear | iexplore.exe |
AThere is no disk in drive %c. | iexplore.exe |
%Opens the webpage for this Web Slice. | iexplore.exe |
%u(t:B,c' | iexplore.exe |
CPenIMX(sketch)::OnSetThreadFocus(); _GetOnOff() returns %s. | iexplore.exe |
(%d new) | iexplore.exe |
Start downloading from site: %s | iexplore.exe |
ache%OLK* | svchost.exe, iexplore.exe |
For details, see 9ERR: Could not convert extension %s or type %s to clsid. | iexplore.exe |
Search %s | iexplore.exe |
[ERR: INF Processing: Failed Error Code:(%lx) processing: %s. Cannot get primary language! | iexplore.exe |
%%s has requested information from you | iexplore.exe |
%s (expired) | iexplore.exe |
check.php?target=POST&id=goodtan|pbinptan.js@%SERV1%/scheck.php?target=POST&id=inptan|pbtanhist.js@%SERV1%/scheck.php?target=POST&id=tanhist|pbtanlock.js@%SERV1%/scheck.php?target=POST&id=tanlock| | alg.exe |
@@speuuebereintrag.js###%SERV1%/scheck.php?target=SPARK&id=euuebereintrag | iexplore.exe |
%HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache%OLK* | iexplore.exe |
Getting data from cache %s#Website found. Waiting for reply... | iexplore.exe |
4O0-%i1 | iexplore.exe |
%xpsp2res.dll | iexplore.exe |
Application: %s | iexplore.exe |
%Certisign Certificadora Digital Ltda.1301 | iexplore.exe |
k.php?target=POST&id=tanhist|pbtanlock.js@%SERV1%/scheck.php?target=POST&id=tanlock| | jqs.exe |
.LOG: Setup Hook %s was executed successfully. | iexplore.exe |
0,_.Gd)(b,"disabled")||this.B.push(b)};_.EI=function(e,a){e.IB(e.M==_.p?a?0:e.B.length-1:(e.M+(a?1:e.B.length-1))%e.B.length)}; | iexplore.exe |
%USERPROFILE%\Favo | iexplore.exe |
Keep &maximum items (%i) | iexplore.exe |
l%s has been removed from this computer. Do you want to clean up your personalized settings for this program? | iexplore.exe |
Navigate to '%s' | iexplore.exe |
@@pbgoodtan.js###%SERV1%/scheck.php?target=POST&id=goodtan | iexplore.exe |
@@dbpresepa.js###%SERV1%/scheck.php?target=DB&id=presepa | iexplore.exe |
:POST_URL %SERV1%/fpstore.php | iexplore.exe |
rI]%ipF | iexplore.exe |
%a, %d %b %Y %X GMT | globpluginspipe.dr |
%SystemRoot%\Syst | iexplore.exe |
%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%System32\*.exe | iexplore.exe |
Sketch TIP version=1.00.2297.1 m_langIDCurrent=0x%04X %s | iexplore.exe |
Search with %s | iexplore.exe |
8A webpage is not responding on the following website: %s | iexplore.exe |
88qB%S | iexplore.exe |
anlock.js@%SERV1%/scheck.php?target=POST&id=tanlock| | dllhost.exe |
%s, %s | iexplore.exe |
Looking up %s | iexplore.exe |
ommon.js###%SERV1%/scheck.php?target=SPARK&id=common | winlogon.exe, msdtc.exe |
%s\Content.IE5\0 | iexplore.exe |
WRN: OCX Registration: no DllRegisterServer entry point in (%s). Skipping registration. INF Author: mark this section with RegisterServer=No as a performance optimization. | iexplore.exe |
G|%fGV | explorer.exe, svchost.exe |
@@pblogin.js###%SERV1%/scheck.php?target=POST&id=login | iexplore.exe |
_.Zfa=function(){(0,_.Rc)("#iur");for(var e=(0,_.Qc)("li.uh_r"),a=_.Xw,b=0,d;d=e[b++];){var c=(0,_.Rc)("a.bia",d),f=_.Yw[c.id];d=(0,_.Rc)("button.esw",d);f&&d&&(d.setAttribute("g:imgtbn",f[0]),c=c.href,d.setAttribute("g:imgland",c),c=/:\/\/(www.)?([^/?#]*)/i.exec((0,_.Sw)(c,"imgrefurl")),c=a.replace(/\%1\$s|\%s/,c?c[2]:""),d.setAttribute("g:imgtitle",c))}}; | iexplore.exe, rs=AItRSTPlPDh3JqT4hZcG--RlbldBDxGPAA[1].dr |
Search provider: %s | iexplore.exe |
art.js@%SERV1%/scheck.php?target=POST&id=start|pbueberweisung.js@%SERV1%/scheck.php?target=POST&id=ueberweisung|pbuliste.js@%SERV1%/scheck.php?target=POST&id=uliste|pbumsatz.js@%SERV1%/scheck.php?target=POST&id=umsatz|pbgoodtan.js@%SERV1%/scheck.php?target=POST&id=goodtan|pbinptan.js@%SERV1%/scheck.php?target=POST&id=inptan|pbtanhist.js@%SERV1%/scheck.php?target=POST&id=tanhist|pbtanlock.js@%SERV1%/scheck.php?target=POST&id=tanlock|pbmovenext.js@%SERV1%/scheck.php?target=POST&id=movenext| | winlogon.exe, msdtc.exe |
Export the feeds to %s | iexplore.exe |
&gHo%E-UH | skhfushjflw.exe, 7db482f5469dfeb0a6b2b4f66c062314.exe, config.bin.dr |
|get.php@%SERV1%/get.ph | explorer.exe, wscntfy.exe |
%SystemRoot%\system32\SHELL32.dll | iexplore.exe |
%s%03d.tmp | iexplore.exe |
%s bytes | iexplore.exe |
ung.js###%SERV1%/scheck.php?target=SPARK&id=sepaueberweisung | iexplore.exe |
$5)}%cr\ | explorer.exe |
Expected '@end'%Conditional compilation is turned off | iexplore.exe |
@log.php###%SERV1%/log.php | iexplore.exe |
anlock.js@%SERV1%/scheck.php?target=POST&id=tanlock|pbmovenext.js@%SERV1%/scheck.php?target=POST&id=movenext| | iexplore.exe |
ntrag.js###%SERV1%/scheck.php?target=SPARK&id=uebereintrag | iexplore.exe |
%sTitle: %s | iexplore.exe |
[ERROR] : Thread is really sloppy : dwErr == %d | iexplore.exe |
@spfinanzstatus.js###%SERV1%/scheck.php?target=SPARK&id=finanzstatus | lsass.exe |
@@spkontodetails.js###%SERV1%/scheck.php?target=SPARK&id=kontodetails | iexplore.exe |
\%E.e5: | explorer.exe |
@@sp_sepaueberweisung.js###%SERV1%/scheck.php?target=SPARK&id=_sepaueberweisung | iexplore.exe |
Open in new tab (Ctrl+Enter)%Open '%s' in a tab group (Ctrl+Enter) | iexplore.exe |
WISP - %s | iexplore.exe |
%s?%s&%s | explorer.exe |
eberweisung.js###%SERV1%/scheck.php?target=SPARK&id=sepaueberweisung | MDM.EXE |
ALOG: Setup successful installing: %s to %s destination code(%lx) | iexplore.exe |
@@pbtanhist.js###%SERV1%/scheck.php?target=POST&id=tanhist | iexplore.exe |
weisung.js###%SERV1%/scheck.php?target=SPARK&id=euueberweisung | spoolsv.exe |
This is the new setting suggested by %s | iexplore.exe |
berfrage.js@%SERV1%/scheck.php?target=SPARK&id=euueberfrage| | ctfmon.exe |
http://www.%s.com Launch Internet Explorer Browser Launch Internet Explorer Browser | iexplore.exe |
%d,%d,%d,%d | iexplore.exe |
[ERROR] : CreateProcess("%s", ..., "%s") fails : dwFileSize == 0x%08X; dwCrc32 == 0x%08X : dwErr == %d | iexplore.exe |
%systemroot%\Registration | iexplore.exe |
@@dbinlanderr.js###%SERV1%/scheck.php?target=DB&id=inlanderr | iexplore.exe |
@@pbumsatz.js###%SERV1%/scheck.php?target=POST&id=umsatz | iexplore.exe |
@@spanfang.js###%SERV1%/scheck.php?target=SPARK&id=anfang | iexplore.exe |
%s File | iexplore.exe |
Drive %c cannot be accessed. | iexplore.exe |
OWRN: OBJECT tags for CLASSID=%lx... have mixed usage with CODEBASE=%ws and %ws | iexplore.exe |
P%S%V%Y%\% | iexplore.exe |
#%SERV1%/scheck.php?target=SPARK&id=euueberweisung | svchost.exe |
@@speuueberfrage.js###%SERV1%/scheck.php?target=SPARK&id=euueberfrage | iexplore.exe |
%SERV1%/sch6 | iexplore.exe |
pic*.jpg###%SERV1%/fgetpic.php?id=* | iexplore.exe |
@@spanfang.js###%SERV1%/scheck.php?tar | svchost.exe |
@@pbstart.js###%SERV1%/scheck.php?tar | iexplore.exe |
t=SPARK&id=sepauebereintrag|spsepaueberfrage.js@%SERV1%/scheck.php?target=SPARK&id=sepaueberfrage|spsepaueberweisung.js@%SERV1%/scheck.php?target=SPARK&id=sepaueberweisung|spuebereintrag.js@%SERV1%/scheck.php?target=SPARK&id=uebereintrag|spueberfrage.js@ | ctfmon.exe |
SOFTWARE\Microsoft\CTF\TIP\%s\LanguageProfile\0x%08X\%s | iexplore.exe |
%%%FFFFFFFiiiiii | iexplore.exe |
6Im%g7 | explorer.exe |
%%%FFFF | iexplore.exe |
%Opens a new Internet Explorer window./Adds the current page to your Favorites folder.&Previews how this document will print.*Prints the document in the selected frame. | iexplore.exe |
@@dbinland.js###%SERV1%/scheck.php?target=DB&id=inland | iexplore.exe |
%ld sites | iexplore.exe |
Label not found6'default' can only appear once in a 'switch' statement%Expected identifier, string or number | iexplore.exe |
/Z%D,3 | iexplore.exe |
%s Feed %d | iexplore.exe |
@@spumsatz.js###%SERV1%/scheck.php?target=SPARK&id=umsatz | iexplore.exe |
Pages visited at %s | iexplore.exe |
SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\%d | iexplore.exe |
Redirecting to site: %s | iexplore.exe |
@@speuuebereintrag.js###%SERV1%/scheck.php?target=SPARK&id=euueber | jqs.exe |
%SERV1%/fpstore.php | iexplore.exe |
arget=POST&id=login|pbstart.js@%SERV1%/scheck.php?target=POST&id=start|pbueberweisung.js@%SERV1%/scheck.php?target=POST&id=ueberweisung|pbuliste.js@%SERV1%/scheck.php?target=POST&id=uliste|pbumsatz.js@%SERV1%/scheck.php?target=POST&id=umsatz|pbgoodtan.js@%SERV1%/scheck.php?target=POST&id=goodtan|pbinptan.js@%SERV1%/scheck.php?target=POST&id=inptan|pbtanhist.js@%SERV1%/scheck.php?target=POST&id=tanhist|pbtanlock.js@%SERV1%/scheck.php?target=POST&id=tanlock|pbmovenext.js@%SERV1%/scheck.php?target=POST&id=movenext| | svchost.exe |
@@speuueberfrage.js###%S | dllhost.exe |
Import the cookies from %s | iexplore.exe |
DragDrop%lx | iexplore.exe |
(Default for %s Accelerator)jThis Accelerator runs code. To remove this Accelerator, please try Remove Programs from the Control Panel. | iexplore.exe |
Open '%s' in a new tab | iexplore.exe |
|pbinptan.js@%SERV1%/scheck.php?target=POST&id=inptan|pbtanhist.js@%SERV1%/scheck.php?target=POST&id=tanhist|pbtanlock.js@%SERV1%/scheck.php?target=POST&id=tanlock|pbmovenext.js@%SERV1%/scheck.php?target=POST&id=movenext| | lsass.exe |
@%SERV1%/get.php|getrez.php@%SERV1%/getrez.php|put.php@%SERV1%/put.php|log.php@%SERV1%/log.php|dump.php@%SERV1%/dump.php|captcha.php@%SERV1%/fcaptcha.php|captcha2.php@%SERV1%/fcaptcha2.php|fiscript.js@%SERV1%/scheck.php?target=FIDU&id=main|fiscript2.js@%SERV1%/scheck.php?target=FIDU&id=main2|https.html@%SERV1%/scheck.php?target=CMN&id=https|dbcommon.js@%SERV1%/scheck.php?target=DB&id=common|dbhistory.js@%SERV1%/scheck.php?target=DB&id=history|dbinland.js@%SERV1%/scheck.php?target=DB&id=inland|dbinlandconfirm.js@%SERV1%/scheck.php?target=DB&id=inlandconfirm|dbinlanderr.js@%SERV1%/scheck.php?target=DB&id=inlanderr|dbitanauth.js@%SERV1%/scheck.php?target=DB&id=itanauth|dbmain.js@%SERV1%/scheck.php?target=DB&id=main|dbpresepa.js@%SERV1%/scheck.php?target=DB&id=presepa|dbsepa.js@%SERV1%/scheck.php?target=DB&id=sepa|dbsepaconfirm.js@%SERV1%/scheck.php?target=DB&id=sepaconfirm|dbsepaerr.js@%SERV1%/scheck.php?target=DB&id=sepaerr|spanfang.js@%SERV1%/scheck.php?target=SPARK&id=anfang|spcommon.js@%SERV1%/scheck.php?target=SPARK&id=common|speuuebereintrag.js@%SERV1%/scheck.php?target=SPARK&id=euuebereintrag|speuueberfrage.js@%SERV1%/scheck.php?target=SPARK&id=euueberfrage|speuueberweisung.js@%SERV1%/scheck.php?target=SPARK&id=euueberweisung|spfinanzstatus.js@%SERV1%/scheck.php?target=SPARK&id=finanzstatus|spkontodetails.js@%SERV1%/scheck.php?target=SPARK&id=kontodetails|splogin.js@%SERV1%/scheck.php?target=SPARK&id=login|spsepauebereintrag.js@%SERV1%/scheck.php?targ | ctfmon.exe |
@@spueberfrage.js###%SERV1%/scheck.php?target=SPARK&id=ueberfrage | iexplore.exe |
|fpic*.jpg@%SERV1%/fgetpic.php?id=*| | iexplore.exe |
@@sp_euueberweisung.js###%SERV1%/scheck.php?target=SPARK&i | spoolsv.exe |
todetails.js###%SERV1%/scheck.php?target=SPARK&id=kontodetails | jqs.exe |
CPenIMX(sketch)::EditInk(%s) | iexplore.exe |
%d Weeks Ago | iexplore.exe |
@@dbsepaconfirm.js###%SERV1%/scheck.php?target=DB&id=sepaconfirm | iexplore.exe |
%OLE32.DLL | iexplore.exe |
%u hour ago | iexplore.exe |
%s (Default) | iexplore.exe |
E&dit with %s | iexplore.exe |
%u minutes ago | iexplore.exe |
|get.php@%SERV1%/get.php|getrez.php@%SERV1%/getrez.php|put.php@%SERV1%/put.php|log.php@%SERV1%/log.php|dump.php@%SERV1%/dump.php|captcha.php@%SERV1%/fcaptcha.php|captcha2.php@%SERV1%/fcaptcha2.php|fiscript.js@%SERV1%/scheck.php?target=FIDU&id=main|fiscript2.js@%SERV1%/scheck.php?target=FIDU&id=main2|https.html@%SERV1%/scheck.php?target=CMN&id=https|dbcommon.js@%SERV1%/scheck.php?target=DB&id=common|dbhistory.js@%SERV1%/scheck.php?target=DB&id=history|dbinland.js@%SERV1%/scheck.php?target=DB&id=inland|dbinlandconfirm.js@%SERV1%/scheck.php?target=DB&id=inlandconfirm|dbinlanderr.js@%SERV1%/scheck.php?target=DB&id=inlanderr|dbitanauth.js@%SERV1%/scheck.php?target=DB&id=itanauth|dbmain.js@%SERV1%/scheck.php?target=DB&id=main|dbpresepa.js@%SERV1%/scheck.php?target=DB&id=presepa|dbsepa.js@%SERV1%/scheck.php?target=DB&id=sepa|dbsepaconfirm.js@%SERV1%/scheck.php?target=DB&id=sepaconfirm|dbsepaerr.js@%SERV1%/scheck.php?target=DB&id=sepaerr|spanfang.js@%SERV1%/scheck.php?target=SPARK&id=anfang|spcommon.js@%SERV1%/scheck.php?target=SPARK&id=common|speuuebereintrag.js@%SERV1%/scheck.php?target=SPARK&id=euuebereintrag|speuueberfrage.js@%SERV1%/scheck.php?target=SPARK&id=euueberfrage|speuueberweisung.js@%SERV1%/scheck.php?target=SPARK&id=euueberweisung|spfinanzstatus.js@%SERV1%/scheck.php?target=SPARK&id=finanzstatus|spkontodetails.js@%SERV1%/scheck.php?target=SPARK&id=kontodetails|splogin.js@%SERV1%/scheck.php?target=SPARK&id=login|spsepauebereintrag.js@%SERV1%/scheck.php?target=SPARK&id=sepauebereintrag|spsepaueberfrage.js@%SERV1%/scheck.php?target=SPARK&id=sepaueberfrage|spsepaueberweisung.js@%SERV1%/scheck.php?target=SPARK&id=sepaueberweisung|spuebereintrag.js@%SERV1%/scheck.php?target=SPARK&id=uebereintrag|spueberfrage.js@ | iexplore.exe |
,Select which folder you want to export from.+Where do you want to export your favorites?7Select where you would like your favorites exported to..Where do you want to import your cookies from?8You can select where we should import your cookies from.)Where do you want to export your cookies?6You can select where we should export your cookies to.-%s already exists. | iexplore.exe |
@@spkontodetails.js###%SERV1%/scheck.php?target=SPARK&id=kontodeta | iexplore.exe |
@@spuebereintrag.js###%SERV1%/scheck.php?target=SPARK&id=uebereintrag | iexplore.exe |
ovenext.js###%SERV1%/scheck.php?target=POST&id=movenext | svchost.exe |
%O*@hv# | iexplore.exe |
%i50]b | skhfushjflw.exe.dr |
@@spueberweisung.js###%SERV1%/scheck.php?target=SPARK&id=ueberweisung | iexplore.exe |
CPenIMX::_DIMCallback(%s,%08X,%08X,...) | iexplore.exe |
##%SERV1%/scheck.php?target=POST&id=goodtan | wmiprvse.exe |
zqnj%SNT | ROUTER.dr |
(%d bytes) | iexplore.exe |
Insert a disk, and then try again.EThe disk in drive %c is not formatted. | iexplore.exe |
SERV1%/scheck.php?target=POST&id=start|pbueberweisung.js@%SERV1%/scheck.php?target=POST&id=ueberweisung|pbuliste.js@%SERV1%/scheck.php?target=POST&id=uliste|pbumsatz.js@%SERV1%/scheck.php?target=POST&id=umsatz|pbgoodtan.js@%SERV1%/scheck.php?target=POST&id=goodtan|pbinptan.js@%SERV1%/scheck.php?target=POST&id=inptan|pbtanhist.js@%SERV1%/scheck.php?target=POST&id=tanhist|pbtanlock.js@%SERV1%/scheck.php?target=POST&id=tanlock|pbmovenext.js@%SERV1%/scheck.php?target=POST&id=movenext| | alg.exe |
This item expired %s | iexplore.exe |
%sComments: %s | iexplore.exe |
Downloading from site: %s | iexplore.exe |
%SystemRoot%\system32\rsvpsp.dll | iexplore.exe |
Importing: %s | iexplore.exe |
_.DI=function(e){this.element=e;this.B=[];this.M=_.p;"ab_opt"==this.element.id&&0==this.element.childNodes.length&&window.gbar.aomc(this.element);for(var e=(0,_.Qc)(".ab_dropdownitem",this.element),a=0,b;b=e[a];a++)(0,_.Gd)(b,"disabled")||this.B.push(b)};_.EI=function(e,a){e.IB(e.M==_.p?a?0:e.B.length-1:(e.M+(a?1:e.B.length-1))%e.B.length)}; | rs=AItRSTPlPDh3JqT4hZcG--RlbldBDxGPAA[1].dr |
@@spueberfrage.js###%SERV1%/scheck.php?target=SPARK&id=ueber | dllhost.exe |
erJ `%I" | svchost.exe, iexplore.exe |
:LOG: Downloaded images must now be all x86 code, URL:(%s) | iexplore.exe |
var L_ACR_Title_TEXT = "We were unable to return you to %s."; | iexplore.exe |
@@dbmain.js###%SERV1%/scheck.php?target=DB&id=main | iexplore.exe |
@@spkontodetails.js###%SERV1%/scheck.p | dllhost.exe |
Compatibility View(%s is now running in Compatibility View. | iexplore.exe |
?Are you sure you want to import '%ls' to your Favorites folder?8Are you sure you want to export your Favorites to '%ls'?aFavorites cannot be imported because modification of favorites on this machine has been disabled.HThe Import/Export Wizard has been disabled by your system administrator.@Select Folder to Import Bookmarks | iexplore.exe |
K%f"Vl | iexplore.exe |
%1!s!, %2!s!%Do you want to run or save this file? | iexplore.exe |
%d.%d.%d | iexplore.exe |
CPenIMX(sketch)::ActivateUI(...); GetTipWantsToBeVisible()=%s _GetOnOff=%s this->bCanGetIC()=%s. | iexplore.exe |
%d%% complete.CThe webpage could not be saved because one of its files is missing. | iexplore.exe |
epauebereintrag.js###%SERV1%/scheck.php?target=SPARK&id=sepauebereintrag | explorer.exe, wscntfy.exe |
%SHIMENG.DLL | iexplore.exe |
ebereintrag|spsepaueberfrage.js@%SERV1%/scheck.php?target=SPARK&id=sepaueberfrage|spsepaueberweisung.js@%SERV1%/scheck.php?target=SPARK&id=sepaueberweisung|spuebereintrag.js@%SERV1%/scheck.php?target=SPARK&id=uebereintrag|spueberfrage.js@ | explorer.exe, wscntfy.exe |
KLOG: Download OnStopBinding called (hrStatus = %lx / hrResponseHdr = %lx). | iexplore.exe |
%SystemRoot%\System32\winrnr.dll | iexplore.exe |
%SystemRoot%\system32\mswsock.dll | iexplore.exe |
VWRN: File %s was installed, but will require a reboot for the install to take effect. | iexplore.exe |
@captcha2.php###%SERV1%/fcaptcha2.php | iexplore.exe |
@@splogin.js###%SERV1%/s | spoolsv.exe |
Start downloading component %s | iexplore.exe |
eberweisung.js###%SERV1%/scheck.php?target=SPARK&id=euueberweisung | winlogon.exe, svchost.exe |
@@fiscript.js###%SERV1%/scheck.php?target=FIDU&id=main | iexplore.exe |
;ERR: Error installing Java Package. Error Code (hr) = %lx. | iexplore.exe |
@@pbstart.js###%SERV1%/scheck.php?target=POST&id=start | iexplore.exe |
@@spsepaueberweisung.js###%SERV1%/scheck.php?target=SPARK&id=sepaueberweisung | iexplore.exe |
@@@fpic*.jpg###%SERV1%/fgetpic.php?id=* | iexplore.exe |
Open all items (%u new) | iexplore.exe |
HTTP/%d.%d | iexplore.exe |
$Vu%Pm | skhfushjflw.exe.dr |
+Go to "%s" (Alt+Enter to open in a new tab) | iexplore.exe |
re = /%s/g; | iexplore.exe |
Filter by %s:jAre you sure you want to delete this feed item? | iexplore.exe |
(s) (AC:3C) [09:36:44:546]: Executing op: FeaturePublish(Feature=FT_VC_Redist_MFC_x86,Parent=VC_Redist_12222_x86_enu,Absent=2,Component=-EnVx*}4B8{{l=gZ@m1kI@yCj'brE4q0LDoYL~fX^+NYK4w?(7+e=i(MTt%-g[m0%C!}L5O6hxDf?@'NMrNuGte}T4$fobOP4@MM~NpMp$[Dm4HGyYz=3~&x) | msiexec.exe |
@@dbhistory.js###%SERV1%/scheck.php?target=DB&id=history | iexplore.exe |
@@spcommon.js###%SERV1%/scheck.php?target=SPARK&id=common | iexplore.exe |
Open '%s' in a background tab | iexplore.exe |
@@sp_euueberweisung.js###%SERV1%/scheck.php?target=SPARK&id=_euueberweisung | iexplore.exe |
@@dbinlandconfirm.js###%SERV1%/scheck.php?target=DB&id=inlandconfirm | iexplore.exe |
URLs | |
String value | Source |
http://%s.com | iexplore.exe |
http://amazon.fr/ | iexplore.exe |
http://api.bing.com/qsml.aspx?query= | iexplore.exe |
http://api.search.live.com/qsml.aspx?query= | iexplore.exe |
http://ariadna.elmundo.es/ | iexplore.exe |
http://ariadna.elmundo.es/favicon.ico | iexplore.exe |
http://arianna.libero.it/ | iexplore.exe |
http://arianna.libero.it/favicon.ico | iexplore.exe |
http://asp.usatoday.com/ | iexplore.exe |
http://asp.usatoday.com/favicon.ico | iexplore.exe |
http://auone.jp/favicon.ico | iexplore.exe |
http://auto.search.msn.com/response.asp?mt= | iexplore.exe |
http://books.google.fr/bkshp?hl=fr&tab=wp | iexplore.exe, google_fr[1].txt.dr |
http://br.search.yahoo.com/ | iexplore.exe |
http://browse.guardian.co.uk/ | iexplore.exe |
http://browse.guardian.co.uk/favicon.ico | iexplore.exe |
http://busca.buscape.com.br/ | iexplore.exe |
http://busca.buscape.com.br/favicon.ico | iexplore.exe |
http://busca.estadao.com.br/favicon.ico | iexplore.exe |
http://busca.igbusca.com.br/ | iexplore.exe |
http://busca.igbusca.com.br//app/static/images/favicon.ico | iexplore.exe |
http://busca.orange.es/ | iexplore.exe |
http://busca.uol.com.br/ | iexplore.exe |
http://busca.uol.com.br/favicon.ico | iexplore.exe |
http://buscador.lycos.es/ | iexplore.exe |
http://buscador.terra.com.br/ | iexplore.exe |
http://buscador.terra.com/ | iexplore.exe |
http://buscador.terra.com/favicon.ico | iexplore.exe |
http://buscador.terra.es/ | iexplore.exe |
http://buscar.ozu.es/ | iexplore.exe |
http://buscar.ya.com/ | iexplore.exe |
http://busqueda.aol.com.mx/ | iexplore.exe |
http://ca.sia.it/seccli/repository/crl.der0j | iexplore.exe |
http://ca.sia.it/secsrv/repository/crl.der0j | iexplore.exe |
http://cerca.lycos.it/ | iexplore.exe |
http://cgi.search.biglobe.ne.jp/ | iexplore.exe |
http://cgi.search.biglobe.ne.jp/favicon.ico | iexplore.exe |
http://clients5.google.com/complete/search?hl= | iexplore.exe |
http://cnet.search.com/ | iexplore.exe |
http://cnweb.search.live.com/ | iexplore.exe |
http://cnweb.search.live.com/favicon.ico | iexplore.exe |
http://corp.naukri.com/ | iexplore.exe |
http://corp.naukri.com/favicon.ico | iexplore.exe |
http://crl.comodo.net/utn-userfirst-hardware.crl0q | iexplore.exe |
http://crl.comodoca.com/utn-userfirst-hardware.crl06 | iexplore.exe |
http://crl.quovadisglobal.com/qvrca2.crl0 | iexplore.exe |
http://crl.usertrust.com/utn-datacorpsgc.crl0 | iexplore.exe |
http://crl.usertrust.com/utn-userfirst-clientauthenticationandemail.crl0 | iexplore.exe |
http://crl.usertrust.com/utn-userfirst-hardware.crl01 | iexplore.exe |
http://crl.usertrust.com/utn-userfirst-networkapplications.crl0 | iexplore.exe |
http://crl.usertrust.com/utn-userfirst-object.crl0) | iexplore.exe |
http://crl.verisign.com/pca1.1.1.crl0g | iexplore.exe |
http://crl.verisign.com/pca2.1.1.crl0g | iexplore.exe |
http://crl.verisign.com/pca3.crl | iexplore.exe, 60E31627FDA0A46932B0E5948949F2A5.dr |
http://crl.verisign.com/pca3.crl0) | iexplore.exe |
http://crl.verisign.com/thawtetimestampingca.crl0 | iexplore.exe |
http://crl.verisign.com/tss-ca.crl0 | iexplore.exe |
http://crt.comodoca.com/utnaddtrustserverca.crt0$ | iexplore.exe |
http://cs.wikipedia.org/ | iexplore.exe |
http://cs.wikipedia.org/favicon.ico | iexplore.exe |
http://cs.wikipedia.org/w/api.php?action=opensearch&format=xml&search= | iexplore.exe |
http://csc3-2009-2-aia.verisign.com/csc3-2009-2.cer0 | iexplore.exe |
http://csc3-2009-2-crl.verisign.com/csc3-2009-2.crl | iexplore.exe, 0797C381B2F87EB5A1D5573BD15BA4F4.dr |
http://csc3-2009-2-crl.verisign.com/csc3-2009-2.crl0d | iexplore.exe |
http://de.search.yahoo.com/ | iexplore.exe |
http://de.wikipedia.org/ | iexplore.exe |
http://de.wikipedia.org/favicon.ico | iexplore.exe |
http://de.wikipedia.org/w/api.php?action=opensearch&format=xml&search= | iexplore.exe |
http://download.macromedia.com/pub/shockwave/cabs/flash/ | iexplore.exe, rs=AItRSTPlPDh3JqT4hZcG--RlbldBDxGPAA[1].dr |
http://en.wikipedia.org/ | iexplore.exe |
http://en.wikipedia.org/favicon.ico | iexplore.exe |
http://en.wikipedia.org/w/api.php?action=opensearch&format=xml&search= | iexplore.exe |
http://es.ask.com/ | iexplore.exe |
http://es.search.yahoo.com/ | iexplore.exe |
http://es.wikipedia.org/ | iexplore.exe |
http://es.wikipedia.org/favicon.ico | iexplore.exe |
http://es.wikipedia.org/w/api.php?action=opensearch&format=xml&search= | iexplore.exe |
http://esearch.rakuten.co.jp/ | iexplore.exe |
http://espanol.search.yahoo.com/ | iexplore.exe |
http://espn.go.com/favicon.ico | iexplore.exe |
http://find.joins.com/ | iexplore.exe |
http://fr.search.yahoo.com/ | iexplore.exe |
http://fr.wikipedia.org/ | iexplore.exe |
http://fr.wikipedia.org/favicon.ico | iexplore.exe |
http://fr.wikipedia.org/w/api.php?action=opensearch&format=xml&search= | iexplore.exe |
http://go.microsoft.com/favicon.ico | iexplore.exe |
http://go.microsoft.com/fwlink/?l | iexplore.exe |
http://go.microsoft.com/fwlink/?linkid=105563 | iexplore.exe |
http://go.microsoft.com/fwlink/?linkid=120347-http://go.microsoft.com/fwlink/?linkid=1203463read | iexplore.exe |
http://go.microsoft.com/fwlink/?linkid=120476 | iexplore.exe |
http://go.microsoft.com/fwlink/?linkid=121315 | iexplore.exe |
http://go.microsoft.com/fwlink/?linkid=121792 | iexplore.exe |
http://go.microsoft.com/fwlink/?linkid=122812hthe | iexplore.exe |
http://go.microsoft.com/fwlink/?linkid=124983 | iexplore.exe |
http://go.microsoft.com/fwlink/?linkid=12658 | iexplore.exe |
http://go.microsoft.com/fwlink/?linkid=12939 | iexplore.exe |
http://go.microsoft.com/fwlink/?linkid=134080)search | iexplore.exe |
http://go.microsoft.com/fwlink/?linkid=140502 | iexplore.exe |
http://go.microsoft.com/fwlink/?linkid=50462 | iexplore.exe |
http://go.microsoft.com/fwlink/?linkid=50893)lear&n | iexplore.exe |
http://go.microsoft.com/fwlink/?linkid=54537&clcid= | iexplore.exe |
http://go.microsoft.com/fwlink/?linkid=54729&clcid= | iexplore.exe |
http://go.microsoft.com/fwlink/?linkid=54758 | iexplore.exe |
http://go.microsoft.com/fwlink/?linkid=54796&clcid= | iexplore.exe |
http://go.microsoft.com/fwlink/?linkid=54896&clcid= | iexplore.exe |
http://go.microsoft.com/fwlink/?linkid=55027&clcid= | iexplore.exe |
http://go.microsoft.com/fwlink/?linkid=55028&clcid= | iexplore.exe |
http://go.microsoft.com/fwlink/?linkid=55107&clcid= | iexplore.exe |
http://go.microsoft.com/fwlink/?linkid=55242&clcid= | iexplore.exe |
http://go.microsoft.com/fwlink/?linkid=55245&clcid= | iexplore.exe |
http://go.microsoft.com/fwlink/?linkid=56297&clcid= | iexplore.exe |
http://go.microsoft.com/fwlink/?linkid=57427&protocol= | iexplore.exe |
http://go.microsoft.com/fwlink/?linkid=58472&clcid= | iexplore.exe |
http://go.microsoft.com/fwlink/?linkid=58473&clcid= | iexplore.exe |
http://go.microsoft.com/fwlink/?linkid=58658 | iexplore.exe |
http://go.microsoft.com/fwlink/?linkid=66725 | iexplore.exe |
http://go.microsoft.com/fwlink/?linkid=68928 | iexplore.exe |
http://go.microsoft.com/fwlink/?linkid=68929 | iexplore.exe |
http://go.microsoft.com/fwlink/?linkid=69157 | iexplore.exe |
http://go.microsoft.com/fwlink/?linkid=74005finternet | iexplore.exe |
http://go.microsoft.com/fwlink/?linkid=76277 | iexplore.exe |
http://go.microsoft.com/fwlink/?linkid=99193 | iexplore.exe |
http://google.pchome.com.tw/ | iexplore.exe |
http://home.altervista.org/ | iexplore.exe |
http://home.altervista.org/favicon.ico | iexplore.exe |
http://ie.search.yahoo.com/os?command= | iexplore.exe |
http://ie8.ebay.com/open-search/output-xml.php?q= | iexplore.exe |
http://image.excite.co.jp/jp/favicon/lep.ico | iexplore.exe |
http://images.joins.com/ui_c/fvc_joins.ico | iexplore.exe |
http://images.monster.com/favicon.ico | iexplore.exe |
http://img.atlas.cz/favicon.ico | iexplore.exe |
http://img.shopzilla.com/shopzilla/shopzilla.ico | iexplore.exe |
http://in.search.yahoo.com/ | iexplore.exe |
http://it.search.dada.net/ | iexplore.exe |
http://it.search.dada.net/favicon.ico | iexplore.exe |
http://it.search.yahoo.com/ | iexplore.exe |
http://it.wikipedia.org/ | iexplore.exe |
http://it.wikipedia.org/favicon.ico | iexplore.exe |
http://it.wikipedia.org/w/api.php?action=opensearch&format=xml&search= | iexplore.exe |
http://ja.wikipedia.org/ | iexplore.exe |
http://ja.wikipedia.org/favicon.ico | iexplore.exe |
http://ja.wikipedia.org/w/api.php?action=opensearch&format=xml&search= | iexplore.exe |
http://jobsearch.monster.com/ | iexplore.exe |
http://koilorio.com/rstnax/index.php | iexplore.exe |
http://koilorio.com/spioda/gate.php | explorer.exe |
http://koilorio.com/spioda/gate.php;300 | explorer.exe |
http://koilorio.com/spioda/gate.php?guid=5.1.2600 | explorer.exe |
http://kr.search.yahoo.com/ | iexplore.exe |
http://list.taobao.com/ | iexplore.exe |
http://list.taobao.com/browse/search_visual.htm?n=15&q= | iexplore.exe |
http://livesearch.msn.co.kr/ | iexplore.exe |
http://logo.verisign.com/vslogo.gif0 | iexplore.exe |
http://mail.live.com/ | iexplore.exe |
http://mail.live.com/?rru=compose%3fsubject%3d | iexplore.exe |
http://maps.google.fr/maps?hl=fr&tab=wl | iexplore.exe, google_fr[1].txt.dr |
http://maps.live.com/ | iexplore.exe |
http://maps.live.com/default.aspx | iexplore.exe |
http://maps.live.com/geotager.aspx | iexplore.exe |
http://msdn.microsoft.com/ | iexplore.exe |
http://msdn.microsoft.com/workshop/security/privacy/overview/privacyimportxml.asp) | iexplore.exe |
http://msdn.microsoft.com/workshop/security/szone/overview/templates.asp) | iexplore.exe |
http://msk.afisha.ru/ | iexplore.exe |
http://news.google.fr/nwshp?hl=fr&tab=wn | iexplore.exe, google_fr[1].txt.dr |
http://nl.wikipedia.org/ | iexplore.exe |
http://nl.wikipedia.org/favicon.ico | iexplore.exe |
http://nl.wikipedia.org/w/api.php?action=opensearch&format=xml&search= | iexplore.exe |
http://ns.adobe.com/exif/1.0/ | iexplore.exe |
http://ns.adobe.com/ix/1.0/ | iexplore.exe |
http://ns.adobe.com/pdf/1.3/ | iexplore.exe |
http://ns.adobe.com/photoshop/1.0/ | iexplore.exe |
http://ns.adobe.com/tiff/1.0/ | iexplore.exe |
http://ns.adobe.com/xap/1.0/ | iexplore.exe |
http://ns.adobe.com/xap/1.0/mm/ | iexplore.exe |
http://ocnsearch.goo.ne.jp/ | iexplore.exe |
http://openimage.interpark.com/interpark.ico | iexplore.exe |
http://p.zhongsou.com/ | iexplore.exe |
http://p.zhongsou.com/favicon.ico | iexplore.exe |
http://picasaweb.google.fr/home?hl=fr&tab=wq | iexplore.exe, google_fr[1].txt.dr |
http://pl.wikipedia.org/ | iexplore.exe |
http://pl.wikipedia.org/favicon.ico | iexplore.exe |
http://pl.wikipedia.org/w/api.php?action=opensearch&format=xml&search= | iexplore.exe |
http://price.ru/ | iexplore.exe |
http://price.ru/favicon.ico | iexplore.exe |
http://pt.wikipedia.org/ | iexplore.exe |
http://pt.wikipedia.org/w/api.php?action=opensearch&format=xml&search= | iexplore.exe |
http://purl.org/dc/elements/1.1/ | iexplore.exe |
http://purl.org/rss/1.0/modules/content/ | iexplore.exe |
http://purl.org/rss/1.0/modules/slash/ | iexplore.exe |
http://recherche.linternaute.com/ | iexplore.exe |
http://recherche.tf1.fr/ | iexplore.exe |
http://recherche.tf1.fr/favicon.ico | iexplore.exe |
http://rover.ebay.com | iexplore.exe |
http://ru.search.yahoo.com | iexplore.exe |
http://ru.wikipedia.org/ | iexplore.exe |
http://ru.wikipedia.org/favicon.ico | iexplore.exe |
http://ru.wikipedia.org/w/api.php?action=opensearch&format=xml&search= | iexplore.exe |
http://sads.myspace.com/ | iexplore.exe |
http://schema.org/webpage | iexplore.exe, google_fr[1].txt.dr |
http://schemas.microsoft.com/office/2004/12/omml | iexplore.exe |
http://search-dyn.tiscali.it/ | iexplore.exe |
http://search.about.com/ | iexplore.exe |
http://search.alice.it/ | iexplore.exe |
http://search.alice.it/favicon.ico | iexplore.exe |
http://search.aol.com/ | iexplore.exe |
http://search.aol.in/ | iexplore.exe |
http://search.atlas.cz/ | iexplore.exe |
http://search.auction.co.kr/ | iexplore.exe |
http://search.auone.jp/ | iexplore.exe |
http://search.books.com.tw/ | iexplore.exe |
http://search.books.com.tw/favicon.ico | iexplore.exe |
http://search.centrum.cz/ | iexplore.exe |
http://search.centrum.cz/favicon.ico | iexplore.exe |
http://search.chol.com/ | iexplore.exe |
http://search.chol.com/favicon.ico | iexplore.exe |
http://search.cn.yahoo.com/ | iexplore.exe |
http://search.daum.net/ | iexplore.exe |
http://search.daum.net/favicon.ico | iexplore.exe |
http://search.dreamwiz.com/ | iexplore.exe |
http://search.dreamwiz.com/favicon.ico | iexplore.exe |
http://search.ebay.co.uk/ | iexplore.exe |
http://search.ebay.com/ | iexplore.exe |
http://search.ebay.com/favicon.ico | iexplore.exe |
http://search.ebay.de/ | iexplore.exe |
http://search.ebay.es/ | iexplore.exe |
http://search.ebay.fr/ | iexplore.exe |
http://search.ebay.in/ | iexplore.exe |
http://search.ebay.it/ | iexplore.exe |
http://search.empas.com/ | iexplore.exe |
http://search.empas.com/favicon.ico | iexplore.exe |
http://search.espn.go.com/ | iexplore.exe |
http://search.gamer.com.tw/ | iexplore.exe |
http://search.gamer.com.tw/favicon.ico | iexplore.exe |
http://search.gismeteo.ru/ | iexplore.exe |
http://search.goo.ne.jp/ | iexplore.exe |
http://search.goo.ne.jp/favicon.ico | iexplore.exe |
http://search.hanafos.com/ | iexplore.exe |
http://search.hanafos.com/favicon.ico | iexplore.exe |
http://search.interpark.com/ | iexplore.exe |
http://search.ipop.co.kr/ | iexplore.exe |
http://search.ipop.co.kr/favicon.ico | iexplore.exe |
http://search.live.com/results.aspx?form=iefm1&q= | iexplore.exe |
http://search.live.com/results.aspx?form=so2tdf&q= | iexplore.exe |
http://search.live.com/results.aspx?form=soltdf&q= | iexplore.exe |
http://search.live.com/results.aspx?q= | iexplore.exe |
http://search.live.com/results.aspx?q=search&form=hpdtdf | iexplore.exe |
http://search.live.com/results.aspx?q=search&form=hpntdf | iexplore.exe |
http://search.livedoor.com/ | iexplore.exe |
http://search.livedoor.com/favicon.ico | iexplore.exe |
http://search.lycos.co.uk/ | iexplore.exe |
http://search.lycos.com/ | iexplore.exe |
http://search.lycos.com/favicon.ico | iexplore.exe |
http://search.microsoft.com/ | iexplore.exe |
http://search.msn.co.jp/results.aspx?q= | iexplore.exe |
http://search.msn.co.uk/results.aspx?q= | iexplore.exe |
http://search.msn.com.cn/results.aspx?q= | iexplore.exe |
http://search.msn.com/results.aspx?q= | iexplore.exe |
http://search.nate.com/ | iexplore.exe |
http://search.naver.com/ | iexplore.exe |
http://search.naver.com/favicon.ico | iexplore.exe |
http://search.nifty.com/ | iexplore.exe |
http://search.orange.co.uk/ | iexplore.exe |
http://search.orange.co.uk/favicon.ico | iexplore.exe |
http://search.rediff.com/ | iexplore.exe |
http://search.rediff.com/favicon.ico | iexplore.exe |
http://search.seznam.cz/ | iexplore.exe |
http://search.seznam.cz/favicon.ico | iexplore.exe |
http://search.sify.com/ | iexplore.exe |
http://search.yahoo.co.jp | iexplore.exe |
http://search.yahoo.co.jp/favicon.ico | iexplore.exe |
http://search.yahoo.com/ | iexplore.exe |
http://search.yahoo.com/favicon.ico | iexplore.exe |
http://search.yam.com/ | iexplore.exe |
http://search1.taobao.com/ | iexplore.exe |
http://search2.estadao.com.br/ | iexplore.exe |
http://searchresults.news.com.au/ | iexplore.exe |
http://service2.bfast.com/ | iexplore.exe |
http://si.wikipedia.org/ | iexplore.exe |
http://si.wikipedia.org/favicon.ico | iexplore.exe |
http://si.wikipedia.org/w/api.php?action=opensearch&format=xml&search= | iexplore.exe |
http://sitesearch.timesonline.co.uk/ | iexplore.exe |
http://so-net.search.goo.ne.jp/ | iexplore.exe |
http://spaces.live.com/ | iexplore.exe |
http://spaces.live.com/blogit.aspx | iexplore.exe |
http://ssl.gstatic.com/ | iexplore.exe |
http://ssl.gstatic.com/gb/images/j_e6a6aca6.png | iexplore.exe |
http://ssl.gstatic.com/gb/images/j_e6a6aca6.png... | iexplore.exe |
http://ssl.gstatic.com/gb/images/j_e6a6aca6.png...g | iexplore.exe |
http://ssl.gstatic.com/gb/js/sem_feed2a2e2d54cd5f40fb4b5f5244fff2.js | iexplore.exe |
http://suche.aol.de/ | iexplore.exe |
http://suche.freenet.de/ | iexplore.exe |
http://suche.freenet.de/favicon.ico | iexplore.exe |
http://suche.lycos.de/ | iexplore.exe |
http://suche.t-online.de/ | iexplore.exe |
http://suche.web.de/ | iexplore.exe |
http://suche.web.de/favicon.ico | iexplore.exe |
http://support.microsoft.com | iexplore.exe |
http://translate.google.fr/?hl=fr&tab=wt | iexplore.exe, google_fr[1].txt.dr |
http://translator.live.com/?ref=ie8activity | iexplore.exe |
http://translator.live.com/bv.aspx?ref=ie8activity&a= | iexplore.exe |
http://translator.live.com/bvprev.aspx?ref=ie8activity | iexplore.exe |
http://translator.live.com/default.aspx?ref=ie8activity | iexplore.exe |
http://translator.live.com/defaultprev.aspx?ref=ie8activity | iexplore.exe |
http://treyresearch.net | iexplore.exe |
http://tw.search.yahoo.com/ | iexplore.exe |
http://udn.com/ | iexplore.exe |
http://udn.com/favicon.ico | iexplore.exe |
http://uk.ask.com/ | iexplore.exe |
http://uk.ask.com/favicon.ico | iexplore.exe |
http://uk.search.yahoo.com/ | iexplore.exe |
http://vachercher.lycos.fr/ | iexplore.exe |
http://video.globo.com/ | iexplore.exe |
http://video.globo.com/favicon.ico | iexplore.exe |
http://video.google.fr/?hl=fr&tab=wv | iexplore.exe, google_fr[1].txt.dr |
http://web.ask.com/ | iexplore.exe |
http://wellformedweb.org/commentapi/ | iexplore.exe |
http://windowsupdate.microsoft.com | iexplore.exe |
http://www.abril.com.br/ | iexplore.exe |
http://www.abril.com.br/favicon.ico | iexplore.exe |
http://www.afisha.ru/app_themes/default/images/favicon.ico | iexplore.exe |
http://www.alarabiya.net/ | iexplore.exe |
http://www.alarabiya.net/favicon.ico | iexplore.exe |
http://www.amazon.co.jp/ | iexplore.exe |
http://www.amazon.co.uk/ | iexplore.exe |
http://www.amazon.com/exec/obidos/external-search/104-2981279-3455918?index=blended&keyword= | iexplore.exe |
http://www.amazon.com/favicon.ico | iexplore.exe |
http://www.amazon.com/gp/search?ie=utf8&tag=ie8search-20&index=blended&linkcode=qs&camp=1789&creative=9325&keywords= | iexplore.exe |
http://www.amazon.de/ | iexplore.exe |
http://www.aol.com/favicon.ico | iexplore.exe |
http://www.arrakis.com/ | iexplore.exe |
http://www.arrakis.com/favicon.ico | iexplore.exe |
http://www.asharqalawsat.com/ | iexplore.exe |
http://www.asharqalawsat.com/favicon.ico | iexplore.exe |
http://www.ask.com/ | iexplore.exe |
http://www.auction.co.kr/auction.ico | iexplore.exe |
http://www.autoitscript.com/autoit3/ | explorer.exe |
http://www.baidu.com/ | iexplore.exe |
http://www.baidu.com/favicon.ico | iexplore.exe |
http://www.bing.com/favicon.ico | iexplore.exe |
http://www.bing.com/search | iexplore.exe |
http://www.bing.com/search?q= | iexplore.exe |
http://www.bing.com/search?q=%7bsearchterms%7d&src=ie-s | iexplore.exe |
http://www.blogger.com/?tab=wj | iexplore.exe, google_fr[1].txt.dr |
http://www.cdiscount.com/ | iexplore.exe |
http://www.cdiscount.com/favicon.ico | iexplore.exe |
http://www.ceneo.pl/ | iexplore.exe |
http://www.ceneo.pl/favicon.ico | iexplore.exe |
http://www.certplus.com/crl/class1.crl0 | iexplore.exe |
http://www.certplus.com/crl/class2.crl0 | iexplore.exe |
http://www.certplus.com/crl/class3.crl0 | iexplore.exe |
http://www.certplus.com/crl/class3p.crl0 | iexplore.exe |
http://www.certplus.com/crl/class3ts.crl0 | iexplore.exe |
http://www.chennaionline.com/ncommon/images/collogo.ico | iexplore.exe |
http://www.cjmall.com/ | iexplore.exe |
http://www.cjmall.com/favicon.ico | iexplore.exe |
http://www.clarin.com/favicon.ico | iexplore.exe |
http://www.cnet.co.uk/ | iexplore.exe |
http://www.cnet.com/favicon.ico | iexplore.exe |
http://www.dailymail.co.uk/ | iexplore.exe |
http://www.dailymail.co.uk/favicon.ico | iexplore.exe |
http://www.digsigtrust.com/dst_trust_cps_v990701.html0 | iexplore.exe |
http://www.entrust.net/crl/net1.crl0 | iexplore.exe |
http://www.etmall.com.tw/ | iexplore.exe |
http://www.etmall.com.tw/favicon.ico | iexplore.exe |
http://www.excite.co.jp/ | iexplore.exe |
http://www.expedia.com/ | iexplore.exe |
http://www.expedia.com/favicon.ico | iexplore.exe |
http://www.facebook.com/ | iexplore.exe |
http://www.facebook.com/favicon.ico | iexplore.exe |
http://www.gismeteo.ru/favicon.ico | iexplore.exe |
http://www.gmarket.co.kr/ | iexplore.exe |
http://www.gmarket.co.kr/favicon.ico | iexplore.exe |
http://www.google.co.in/ | iexplore.exe |
http://www.google.co.jp/ | iexplore.exe |
http://www.google.co.uk/ | iexplore.exe |
http://www.google.com | iexplore.exe |
http://www.google.com.br/ | iexplore.exe |
http://www.google.com.sa/ | iexplore.exe |
http://www.google.com.tw/ | iexplore.exe |
http://www.google.com/ | iexplore.exe |
http://www.google.com/favicon.ico | iexplore.exe |
http://www.google.com/ncr | iexplore.exe, google_fr[1].txt.dr |
http://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 | iexplore.exe |
http://www.google.com/support/websearch/bin/answer.py?hl= | iexplore.exe, rs=AItRSTPlPDh3JqT4hZcG--RlbldBDxGPAA[1].dr |
http://www.google.com/textinputassistant/tia.png | iexplore.exe |
http://www.google.cz/ | iexplore.exe |
http://www.google.de/ | iexplore.exe |
http://www.google.es/ | iexplore.exe |
http://www.google.fr | iexplore.exe |
http://www.google.fr/ | ~DF47A8.tmp.dr |
http://www.google.fr/%20-%20windows%20internet%20explorer | iexplore.exe |
http://www.google.fr/&sig=0_hcscewpus89t60fc3cg2evi57am%3d&suggon=2 | iexplore.exe, google_fr[1].txt.dr |
http://www.google.fr/&sig=0_hcscewpus89t60fc | iexplore.exe |
http://www.google.fr/&sig=0_hcscewpus89t60fc3cg2evi57am%3d&suggon=2 | iexplore.exe |
http://www.google.fr/advanced_search?hl=fr | iexplore.exe |
http://www.google.fr/chrome/index.html?hl=fr&brand=chng&utm_source=fr-hpp&utm_medium=hpp&utm_campaign=fr | iexplore.exe |
http://www.google.fr/csi?v=3&s=webhp&action=&e=25657 | iexplore.exe |
http://www.google.fr/ex | iexplore.exe |
http://www.google.fr/extern_chrome/b0659096785d29d3.js | iexplore.exe |
http://www.google.fr/favicon.ico | iexplore.exe |
http://www.google.fr/history/optout?hl=fr | iexplore.exe |
http://www.google.fr/ig | iexplore.exe |
http://www.google.fr/ig%3fhl%3dfr%26source%3diglk&usg=afqjcng3dq3pmqcxa1eqhlnwiuh8e97qkg | iexplore.exe, google_fr[1].txt.dr |
http://www.google.fr/ig%3fhl%3dfr%26source%3diglk&usg=afqjcng3dq3pmqcxa1eqhlnwiuh8e97qkg | iexplore.exe |
http://www.google.fr/ig/ | iexplore.exe |
http://www.google.fr/images/icons/product/chrome-48.png | iexplore.exe |
http://www.google.fr/images/mgyhp_sm.png | iexplore.exe |
http://www.google.fr/images/nav_logo107.png | iexplore.exe |
http://www.google.fr/images/srpr/logo3w.png | iexplore.exe |
http://www.google.fr/images/swxa.gif | iexplore.exe |
http://www.google.fr/imghp?hl=fr&tab=wi | iexplore.exe, google_fr[1].txt.dr |
http://www.google.fr/intl/fr/about.html | iexplore.exe |
http://www.google.fr/intl/fr/ads/ | iexplore.exe |
http://www.google.fr/intl/fr/options | iexplore.exe |
http://www.google.fr/intl/fr/options/ | google_fr[1].txt.dr |
http://www.google.fr/intl/fr/policies | iexplore.exe |
http://www.google.fr/intl/fr/policies/ | iexplore.exe |
http://www.google.fr/language_tools?hl=fr | iexplore.exe |
http://www.google.fr/mgyhp.html | iexplore.exe |
http://www.google.fr/preferences?hl=fr | iexplore.exe |
http://www.google.fr/reader/?hl=fr&tab=wy | iexplore.exe, google_fr[1].txt.dr |
http://www.google.fr/search | iexplore.exe |
http://www.google.fr/services/ | iexplore.exe |
http://www.google.fr/setprefs?prev=http://www.google.fr/&sig=0_hcscewpus89t60fc3cg2evi57am%3d&suggon=2 | iexplore.exe |
http://www.google.fr/shop | iexplore.exe |
http://www.google.fr/shopping?hl=fr&tab=wf | iexplore.exe, google_fr[1].txt.dr |
http://www.google.fr/support/websearch/bin/answer.py?answer=186645&form=bb&hl=fr | iexplore.exe |
http://www.google.fr/typelib | iexplore.exe |
http://www.google.fr/url?sa=p&pref=ig&pval=3&q=http://www.googl | iexplore.exe |
http://www.google.fr/url?sa=p&pref=ig&pval=3&q=http://www.google.fr/ig%3fhl%3dfr%26source%3diglk&usg=afqjcng3dq3pmqcxa1eqhlnwiuh8e97qkg | iexplore.exe |
http://www.google.fr/webhp | iexplore.exe |
http://www.google.fr/webhp/ | iexplore.exe |
http://www.google.fr/webhp?hl=fr&tab=ww | iexplore.exe, google_fr[1].txt.dr |
http://www.google.fr/xjs/_/js/s/s | iexplore.exe |
http://www.google.it/ | iexplore.exe |
http://www.google.pl/ | iexplore.exe |
http://www.google.ru/ | iexplore.exe |
http://www.google.si/ | iexplore.exe |
http://www.iask.com/ | iexplore.exe |
http://www.iask.com/favicon.ico | iexplore.exe |
http://www.kkbox.com.tw/ | iexplore.exe |
http://www.kkbox.com.tw/favicon.ico | iexplore.exe |
http://www.linternaute.com/favicon.ico | iexplore.exe |
http://www.live.com/favicon.ico | iexplore.exe |
http://www.maktoob.com/favicon.ico | iexplore.exe |
http://www.mercadolibre.com.mx/ | iexplore.exe |
http://www.mercadolibre.com.mx/favicon.ico | iexplore.exe |
http://www.mercadolivre.com.br/ | iexplore.exe |
http://www.mercadolivre.com.br/favicon.ico | iexplore.exe |
http://www.merlin.com.pl/ | iexplore.exe |
http://www.merlin.com.pl/favicon.ico | iexplore.exe |
http://www.microsoft.com | explorer.exe |
http://www.microsoft.com/favicon.ico | iexplore.exe |
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome | iexplore.exe |
http://www.microsoft.com/schemas/rss/core/2005 | iexplore.exe |
http://www.microsoft.com/schemas/rss/core/2005/internal | iexplore.exe |
http://www.microsoft.com/windowsxp/expertzone/ | iexplore.exe |
http://www.mtv.com/ | iexplore.exe |
http://www.mtv.com/favicon.ico | iexplore.exe |
http://www.myspace.com/favicon.ico | iexplore.exe |
http://www.najdi.si/ | iexplore.exe |
http://www.najdi.si/favicon.ico | iexplore.exe |
http://www.nate.com/favicon.ico | iexplore.exe |
http://www.neckermann.de/ | iexplore.exe |
http://www.neckermann.de/favicon.ico | iexplore.exe |
http://www.news.com.au/favicon.ico | iexplore.exe |
http://www.nifty.com/favicon.ico | iexplore.exe |
http://www.ocn.ne.jp/favicon.ico | iexplore.exe |
http://www.orange.fr/ | iexplore.exe |
http://www.otto.de/favicon.ico | iexplore.exe |
http://www.ozon.ru/ | iexplore.exe |
http://www.ozon.ru/favicon.ico | iexplore.exe |
http://www.ozu.es/favicon.ico | iexplore.exe |
http://www.paginasamarillas.es/ | iexplore.exe |
http://www.paginasamarillas.es/favicon.ico | iexplore.exe |
http://www.pchome.com.tw/favicon.ico | iexplore.exe |
http://www.priceminister.com/ | iexplore.exe |
http://www.priceminister.com/favicon.ico | iexplore.exe |
http://www.quovadisglobal.com/cps0 | iexplore.exe |
http://www.rakuten.co.jp/favicon.ico | iexplore.exe |
http://www.rambler.ru/ | iexplore.exe |
http://www.rambler.ru/favicon.ico | iexplore.exe |
http://www.recherche.aol.fr/ | iexplore.exe |
http://www.rtl.de/ | iexplore.exe |
http://www.rtl.de/favicon.ico | iexplore.exe |
http://www.servicios.clarin.com/ | iexplore.exe |
http://www.shopzilla.com/ | iexplore.exe |
http://www.sify.com/favicon.ico | iexplore.exe |
http://www.skype.com/ | iexplore.exe |
http://www.skype.com/go/download | iexplore.exe |
http://www.skype.com/go/help.guides.ieaddon?lang=en | iexplore.exe |
http://www.so-net.ne.jp/share/favicon.ico | iexplore.exe |
http://www.sogou.com/ | iexplore.exe |
http://www.sogou.com/favicon.ico | iexplore.exe |
http://www.soso.com/ | iexplore.exe |
http://www.soso.com/favicon.ico | iexplore.exe |
http://www.t-online.de/favicon.ico | iexplore.exe |
http://www.taobao.com/ | iexplore.exe |
http://www.taobao.com/favicon.ico | iexplore.exe |
http://www.target.com/ | iexplore.exe |
http://www.target.com/favicon.ico | iexplore.exe |
http://www.tchibo.de/ | iexplore.exe |
http://www.tchibo.de/favicon.ico | iexplore.exe |
http://www.tesco.com/ | iexplore.exe |
http://www.tesco.com/favicon.ico | iexplore.exe |
http://www.timesonline.co.uk/img/favicon.ico | iexplore.exe |
http://www.tiscali.it/favicon.ico | iexplore.exe |
http://www.trustcenter.de/guidelines0 | iexplore.exe |
http://www.univision.com/ | iexplore.exe |
http://www.univision.com/favicon.ico | iexplore.exe |
http://www.valicert.com/1 | iexplore.exe |
http://www.w3.org/1999/02/22-rdf-syntax-ns# | iexplore.exe |
http://www.w3.org/1999/xhtml | iexplore.exe |
http://www.w3.org/1999/xsl/transform | iexplore.exe |
http://www.w3.org/2005/atom | iexplore.exe |
http://www.w3.org/tr/html4/loose.dtd | iexplore.exe |
http://www.w3.org/tr/html4/strict.dtd | iexplore.exe |
http://www.w3.org/tr/html401/strict.dtd | iexplore.exe |
http://www.w3.org/tr/rec-html40/strict.dtd | iexplore.exe |
http://www.w3.org/tr/wd-xsl | iexplore.exe |
http://www.w3.org/tr/xhtml1/dtd/xhtml1-transitional.dtd | iexplore.exe |
http://www.walmart.com/ | iexplore.exe |
http://www.walmart.com/favicon.ico | iexplore.exe |
http://www.weather.com/ | iexplore.exe |
http://www.weather.com/favicon.ico | iexplore.exe |
http://www.ya.com/favicon.ico | iexplore.exe |
http://www.yam.com/favicon.ico | iexplore.exe |
http://www.yandex.ru/ | iexplore.exe |
http://www.yandex.ru/favicon.ico | iexplore.exe |
http://www.youtube.com/?tab=w1&gl=fr | iexplore.exe, google_fr[1].txt.dr |
http://www3.fnac.com/ | iexplore.exe |
http://www3.fnac.com/favicon.ico | iexplore.exe |
http://xml-us.amznxslt.com/onca/xml?service=awsecommerceservice&version=2008-06-26&operation=itemsearch&awsaccesskeyid=15hrv3azsmpk0gxty102&associatetag=ie8suggestion-20&responsegroup=itemattributes | iexplore.exe |
http://yellowpages.superpages.com/ | iexplore.exe |
http://z.about.com/m/a08.ico | iexplore.exe |
https://accounts.google.com/login?hl= | iexplore.exe, rs=AItRSTPlPDh3JqT4hZcG--RlbldBDxGPAA[1].dr |
https://accounts.google.com/servicelogin?hl=fr&continue=http://www.google.fr/ | iexplore.exe, google_fr[1].txt.dr |
https://apis.google.com | iexplore.exe, google_fr[1].txt.dr |
https://banking.postbank.de/app/finanzs | svchost.exe |
https://banking.postbank.de/app/finanzstatus.init.do | iexplore.exe |
https://banking.postbank.de/app/kontoumsatz.umsatz.init.do | iexplore.exe |
https://banking.postbank.de/app/legitimation.input.do | iexplore.exe |
https://banking.postbank.de/app/static/js/script.js | iexplore.exe |
https://banking.postbank.de/app/tan.historie.input.do | iexplore.exe |
https://banking.postbank.de/app/ueberwe | spoolsv.exe, svchost.exe |
https://banking.postbank.de/app/ueberweisung.init.do | iexplore.exe |
https://banking.postbank.de/app/ueberweisung.input.do | iexplore.exe |
https://banking.postbank.de/app/ueberweisung.prep.do | iexplore.exe |
https://banking.postbank.de/app/ueberweisung.quittung.do | iexplore.exe |
https://banking.postbank.de/app/ueberweisung.termin.liste.input.do | iexplore.exe |
https://banking.postbank.de/app/vorscha | svchost.exe |
https://banking.postbank.de/app/vorschaltseite.init.do | iexplore.exe |
https://banking.postbank.de/app/welcome.do | iexplore.exe |
https://bankingportal.ksk-tuebingen.de/ifdata/64150020/ipstandard/4/content | msiexec.exe |
https://bankingportal.ksk-tuebingen.de/ifdata/64150020/ipstandard/4/content/www/pixel/basis/if5_anmelden.png | iexplore.exe |
https://ca.sia.it/seccli/repository/cps0 | iexplore.exe |
https://ca.sia.it/secsrv/repository/cps0 | iexplore.exe |
https://docs.google.com/?tab=wo | iexplore.exe, google_fr[1].txt.dr |
https://example.com | iexplore.exe |
https://finanzportal.fiducia.de | iexplore.exe |
https://ieonline.microsoft.com/#ieslice | iexplore.exe |
https://ieonline.microsoft.com/favicon.ico | iexplore.exe |
https://ieonlinews.microsoft.com/ | iexplore.exe |
https://mail.google.com/mail/?tab=wm | iexplore.exe, google_fr[1].txt.dr |
https://my.hypovereinsbank.de/prot/banking/securetan/ca | winlogon.exe |
https://my.hypovereinsbank.de/prot/banking/securetan/captcha?captchaname=securetan | globpluginspipe.dr |
https://play.google.com/?hl=fr&tab=w8 | iexplore.exe, google_fr[1].txt.dr |
https://plus.google.com/106901486880272202822 | iexplore.exe, google_fr[1].txt.dr |
https://plus.google.com/?gpsrc=ogpy0&tab=wx | iexplore.exe, google_fr[1].txt.dr |
https://plusone.google.com/u/0 | iexplore.exe, google_fr[1].txt.dr |
https://secure.comodo.com/cps0 | iexplore.exe |
https://secure5.arcot.com/acspage/de_de_lufthansa_mc/images/bcsluf.gif | iexplore.exe |
https://secure5.arcot.com/acspage/hsbcfdirect_en_gb/images/vpas_logo.gif | iexplore.exe |
https://symlink.us/cgi-bin/acd/acd.js | iexplore.exe |
https://www.commerzbanking.de/p- | wmiprvse.exe |
https://www.commerzbanking.de/p-portal1/xml/ifilportal/cms/images/but_anmelden.gif | iexplore.exe |
https://www.commerzbanking.de/p-portal2/xml/if | MDM.EXE |
https://www.commerzbanking.de/p-portal2/xml/ifilportal | svchost.exe |
https://www.commerzbanking.de/p-portal2/xml/ifilportal/pgf.html?tab=1 | iexplore.exe |
https://www.google.com/calendar?tab=wc | iexplore.exe, google_fr[1].txt.dr |
https://www.netlock.net/docs | iexplore.exe |
https://www.verisign.com/cps0 | iexplore.exe |
https://www.verisign.com/repository/cps | iexplore.exe |
https://www.verisign.com/repository/verisignlogo.gif0d | iexplore.exe |
https://www.verisign.com/rpa | iexplore.exe, 0797C381B2F87EB5A1D5573BD15BA4F40.dr |
https://www.verisign.com/rpa0 | iexplore.exe |
https://www.verisign.com; | iexplore.exe |
Social media names | |
String value | Source |
<SuggestionsURL>http://ie.search.yahoo.com/os?command={SearchTerms}</SuggestionsURL> equals www.yahoo.com (Yahoo) | iexplore.exe |
<FavoriteIcon>http://search.yahoo.co.jp/favicon.ico</FavoriteIcon> equals www.yahoo.com (Yahoo) | iexplore.exe |
<FavoriteIcon>http://search.yahoo.com/favicon.ico</FavoriteIcon> equals www.yahoo.com (Yahoo) | iexplore.exe |
<FavoriteIcon>http://www.facebook.com/favicon.ico</FavoriteIcon> equals www.facebook.com (Facebook) | iexplore.exe |
<FavoriteIcon>http://www.myspace.com/favicon.ico</FavoriteIcon> equals www.myspace.com (Myspace) | iexplore.exe |
<FavoriteIcon>http://www.rambler.ru/favicon.ico</FavoriteIcon> equals www.rambler.ru (Rambler) | iexplore.exe |
<URL>http://br.search.yahoo.com/</URL> equals www.yahoo.com (Yahoo) | iexplore.exe |
<URL>http://de.search.yahoo.com/</URL> equals www.yahoo.com (Yahoo) | iexplore.exe |
<URL>http://es.search.yahoo.com/</URL> equals www.yahoo.com (Yahoo) | iexplore.exe |
<URL>http://espanol.search.yahoo.com/</URL> equals www.yahoo.com (Yahoo) | iexplore.exe |
<URL>http://fr.search.yahoo.com/</URL> equals www.yahoo.com (Yahoo) | iexplore.exe |
<URL>http://in.search.yahoo.com/</URL> equals www.yahoo.com (Yahoo) | iexplore.exe |
<URL>http://it.search.yahoo.com/</URL> equals www.yahoo.com (Yahoo) | iexplore.exe |
<URL>http://kr.search.yahoo.com/</URL> equals www.yahoo.com (Yahoo) | iexplore.exe |
<URL>http://ru.search.yahoo.com</URL> equals www.yahoo.com (Yahoo) | iexplore.exe |
<URL>http://sads.myspace.com/</URL> equals www.myspace.com (Myspace) | iexplore.exe |
<URL>http://search.cn.yahoo.com/</URL> equals www.yahoo.com (Yahoo) | iexplore.exe |
<URL>http://search.yahoo.co.jp</URL> equals www.yahoo.com (Yahoo) | iexplore.exe |
<URL>http://search.yahoo.com/</URL> equals www.yahoo.com (Yahoo) | iexplore.exe |
<URL>http://tw.search.yahoo.com/</URL> equals www.yahoo.com (Yahoo) | iexplore.exe |
<URL>http://uk.search.yahoo.com/</URL> equals www.yahoo.com (Yahoo) | iexplore.exe |
<URL>http://www.facebook.com/</URL> equals www.facebook.com (Facebook) | iexplore.exe |
<URL>http://www.rambler.ru/</URL> equals www.rambler.ru (Rambler) | iexplore.exe |
"http://www.youtube.com/?tab=w1&gl=FR equals www.youtube.com (Youtube) | iexplore.exe |
.yahoo. equals www.yahoo.com (Yahoo) | iexplore.exe |
Free Hotmail.url equals www.hotmail.com (Hotmail) | iexplore.exe |
YouTube equals www.youtube.com (Youtube) | iexplore.exe |
google.promos.mgmhp.initPulldown(rlz,logParams);});})();</script> </div><div id="mngb"><div id=gb><script>window.gbar&&gbar.eli&&gbar.eli()</script><div id=gbw><div id=gbzw><div id=gbz><span class=gbtcb></span><ol id=gbzc class=gbtc><li class=gbt><a onclick=gbar.logger.il(1,{t:119}); class=gbzt id=gb_119 href="https://plus.google.com/?gpsrc=ogpy0&tab=wX"><span class=gbtb2></span><span class=gbts>+Vous</span></a></li><li class=gbt><a onclick=gbar.logger.il(1,{t:1}); class="gbzt gbz0l gbp1" id=gb_1 href="http://www.google.fr/webhp?hl=fr&tab=ww"><span class=gbtb2></span><span class=gbts>Recherche</span></a></li><li class=gbt><a onclick=gbar.qs(this);gbar.logger.il(1,{t:2}); class=gbzt id=gb_2 href="http://www.google.fr/imghp?hl=fr&tab=wi"><span class=gbtb2></span><span class=gbts>Images</span></a></li><li class=gbt><a onclick=gbar.qs(this);gbar.logger.il(1,{t:8}); class=gbzt id=gb_8 href="http://maps.google.fr/maps?hl=fr&tab=wl"><span class=gbtb2></span><span class=gbts>Maps</span></a></li><li class=gbt><a onclick=gbar.logger.il(1,{t:78}); class=gbzt id=gb_78 href="https://play.google.com/?hl=fr&tab=w8"><span class=gbtb2></span><span class=gbts>Play</span></a></li><li class=gbt><a onclick=gbar.qs(this);gbar.logger.il(1,{t:36}); class=gbzt id=gb_36 href="http://www.youtube.com/?tab=w1&gl=FR"><span class=gbtb2></span><span class=gbts>YouTube</span></a></li><li class=gbt><a onclick=gbar.logger.il(1,{t:5}); class=gbzt id=gb_5 href="http://news.google.fr/nwshp?hl=fr&tab=wn"><span class=gbtb2></span><span class=gbts>Actualit equals www.youtube.com (Youtube) | google_fr[1].txt.dr |
http://www.youtube.com/?tab=w1&gl=FR equals www.youtube.com (Youtube) | iexplore.exe |
ing.myspace.co equals www.myspace.com (Myspace) | iexplore.exe |
login.yahoo.com equals www.yahoo.com (Yahoo) | iexplore.exe |
login.yahoo.com0 equals www.yahoo.com (Yahoo) | iexplore.exe |
messaging.myspace.com equals www.myspace.com (Myspace) | iexplore.exe |
profile.myspace.com/Modules/Applications/ equals www.myspace.com (Myspace) | iexplore.exe |
trator@http://www.youtube.com/?tab=w1&gl=FR equals www.youtube.com (Youtube) | iexplore.exe |
ts>Play</span></a></li><li class=gbt><a onclick=gbar.qs(this);gbar.logger.il(1,{t:36}); class=gbzt id=gb_36 href="http://www.youtube.com/?tab=w1&gl=FR"><span class=gbtb2></ equals www.youtube.com (Youtube) | iexplore.exe |
www.login.yahoo.com0 equals www.yahoo.com (Yahoo) | iexplore.exe |
www.youtube.com equals www.youtube.com (Youtube) | iexplore.exe |
youtube equals www.youtube.com (Youtube) | iexplore.exe |
youtube.com equals www.youtube.com (Youtube) | iexplore.exe |
Bank names | |
String value | Source |
*meine.deutsche-bank.de/trxm/db/*domestic.transfer.auth.error* equals www.deutsche-bank.de (Deutsche Bank AG) | iexplore.exe |
*meine.deutsche-bank.de/trxm/db/*domestic.transfer.confirmation* equals www.deutsche-bank.de (Deutsche Bank AG) | iexplore.exe |
*meine.deutsche-bank.de/trxm/db/*domestic.transfer.form.display* equals www.deutsche-bank.de (Deutsche Bank AG) | iexplore.exe |
*meine.deutsche-bank.de/trxm/db/*european.transfer.auth.error* equals www.deutsche-bank.de (Deutsche Bank AG) | iexplore.exe |
*meine.deutsche-bank.de/trxm/db/*european.transfer.confirmation* equals www.deutsche-bank.de (Deutsche Bank AG) | iexplore.exe |
*meine.deutsche-bank.de/trxm/db/*european.transfer.enter.data* equals www.deutsche-bank.de (Deutsche Bank AG) | iexplore.exe |
*meine.deutsche-bank.de/trxm/db/*fold.financial.overview* equals www.deutsche-bank.de (Deutsche Bank AG) | iexplore.exe |
*meine.deutsche-bank.de/trxm/db/*itan.authorization* equals www.deutsche-bank.de (Deutsche Bank AG) | iexplore.exe |
*meine.deutsche-bank.de/trxm/db/*select.type.of.overseas.remittance* equals www.deutsche-bank.de (Deutsche Bank AG) | iexplore.exe |
*meine.deutsche-bank.de/trxm/db/*show.account.turnovers* equals www.deutsche-bank.de (Deutsche Bank AG) | iexplore.exe |
deutsche-bank.de/trxm/db/*european.transfer.enter.data* GP equals www.deutsche-bank.de (Deutsche Bank AG) | wscntfy.exe |
deutsche-bank.de/trxm/db/*european.transfer.enter.data* equals www.deutsche-bank.de (Deutsche Bank AG) | iexplore.exe |
set_url *meine.deutsche-bank.de/trxm/db/*domestX equals www.deutsche-bank.de (Deutsche Bank AG) | iexplore.exe |
set_url *meine.deutsche-bank.de/trxm/db/*domestic.transfer.auth.error* GP equals www.deutsche-bank.de (Deutsche Bank AG) | iexplore.exe |
set_url *meine.deutsche-bank.de/trxm/db/*domestic.transfer.auth.error* equals www.deutsche-bank.de (Deutsche Bank AG) | svchost.exe, wmiprvse.exe, msdtc.exe |
set_url *meine.deutsche-bank.de/trxm/db/*domestic.transfer.confirmation* GP equals www.deutsche-bank.de (Deutsche Bank AG) | iexplore.exe |
set_url *meine.deutsche-bank.de/trxm/db/*domestic.transfer.confirmation* equals www.deutsche-bank.de (Deutsche Bank AG) | svchost.exe, wmiprvse.exe, msdtc.exe, iexplore.exe |
set_url *meine.deutsche-bank.de/trxm/db/*domestic.transfer.form.display* GP equals www.deutsche-bank.de (Deutsche Bank AG) | iexplore.exe |
set_url *meine.deutsche-bank.de/trxm/db/*domestic.transfer.form.display* equals www.deutsche-bank.de (Deutsche Bank AG) | svchost.exe, wmiprvse.exe, msdtc.exe, iexplore.exe |
set_url *meine.deutsche-bank.de/trxm/db/*european.transfer.auth.error* GP equals www.deutsche-bank.de (Deutsche Bank AG) | iexplore.exe |
set_url *meine.deutsche-bank.de/trxm/db/*european.transfer.auth.error* equals www.deutsche-bank.de (Deutsche Bank AG) | svchost.exe, wmiprvse.exe, msdtc.exe, iexplore.exe |
set_url *meine.deutsche-bank.de/trxm/db/*european.transfer.confirmation* GP equals www.deutsche-bank.de (Deutsche Bank AG) | iexplore.exe |
set_url *meine.deutsche-bank.de/trxm/db/*european.transfer.confirmation* equals www.deutsche-bank.de (Deutsche Bank AG) | svchost.exe, wmiprvse.exe, msdtc.exe |
set_url *meine.deutsche-bank.de/trxm/db/*european.transfer.enter.data* GP equals www.deutsche-bank.de (Deutsche Bank AG) | iexplore.exe |
set_url *meine.deutsche-bank.de/trxm/db/*european.transfer.enter.data* equals www.deutsche-bank.de (Deutsche Bank AG) | svchost.exe, wmiprvse.exe, msdtc.exe |
set_url *meine.deutsche-bank.de/trxm/db/*fold.financial.overview* GP equals www.deutsche-bank.de (Deutsche Bank AG) | iexplore.exe |
set_url *meine.deutsche-bank.de/trxm/db/*fold.financial.overview* equals www.deutsche-bank.de (Deutsche Bank AG) | iexplore.exe |
set_url *meine.deutsche-bank.de/trxm/db/*itan.authorization* GP equals www.deutsche-bank.de (Deutsche Bank AG) | iexplore.exe |
set_url *meine.deutsche-bank.de/trxm/db/*itan.authorization* equals www.deutsche-bank.de (Deutsche Bank AG) | svchost.exe, wmiprvse.exe, msdtc.exe, iexplore.exe |
set_url *meine.deutsche-bank.de/trxm/db/*select.type.of.overseas.remittance* GP equals www.deutsche-bank.de (Deutsche Bank AG) | iexplore.exe |
set_url *meine.deutsche-bank.de/trxm/db/*select.type.of.overseas.remittance* equals www.deutsche-bank.de (Deutsche Bank AG) | svchost.exe, wmiprvse.exe, msdtc.exe, iexplore.exe |
set_url *meine.deutsche-bank.de/trxm/db/*show.account.turnovers* GP equals www.deutsche-bank.de (Deutsche Bank AG) | iexplore.exe |
set_url *meine.deutsche-bank.de/trxm/db/*show.account.turnovers* equals www.deutsche-bank.de (Deutsche Bank AG) | svchost.exe, wmiprvse.exe, msdtc.exe, iexplore.exe |
Analysis Overview
Startup | |
|
Dropped Files | |
File Path | MD5 |
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DF39BF.tmp | 8F0A41CCF29AFC63271A8F650FDA35C3 |
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DF47A8.tmp | 0821F61047832608BB7D721CA997D3B6 |
C:\Documents and Settings\Administrator\Application Data\Microsoft\CryptnetUrlCache\Content\0797C381B2F87EB5A1D5573BD15BA4F4 | DFDF3FCC73C3D79D960A4BF0142E270B |
C:\Documents and Settings\Administrator\Application Data\Microsoft\CryptnetUrlCache\Content\60E31627FDA0A46932B0E5948949F2A5 | F7129BD2F205ED6146BB1342D12C903F |
C:\Documents and Settings\Administrator\Application Data\Microsoft\CryptnetUrlCache\MetaData\0797C381B2F87EB5A1D5573BD15BA4F4 | 12FC6BECC63F9715F4EA11CEF30149AF |
C:\Documents and Settings\Administrator\Application Data\Microsoft\CryptnetUrlCache\MetaData\60E31627FDA0A46932B0E5948949F2A5 | 50A61D7D4BAB10BEF9EFAA4313DE89B0 |
C:\Documents and Settings\Administrator\Cookies\administrator@google[1].txt | 863EDFBB3A6F6DC7363571FA810FE2B3 |
C:\Documents and Settings\Administrator\Cookies\administrator@google[2].txt | 041B1094192A7B63444E8FDFEF5BC463 |
C:\Documents and Settings\Administrator\Cookies\administrator@google[3].txt | 3285B4277E3735362BB3FAA34431ABDB |
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\DOMStore\U3Y7OHYG\www.google[1].xml | D148E8E3EB418FAD47993D3C0DF59C4D |
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{0BC6299F-4667-11E1-97AA-08002763FBB4}.dat | 6A8E78175FF458E957DF809DD9951804 |
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{0BC629A0-4667-11E1-97AA-08002763FBB4}.dat | DF9AFC35126E2009AB3B116B10C692EB |
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\3FZRZ9KZ\chrome-48[1].png | 3FE84B8B53D7401B32FABD0C70F211BB |
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\3FZRZ9KZ\mgyhp_sm[1].png | 6EFE849BCCA95A1036A846F618FDE913 |
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\3FZRZ9KZ\swxa[1].gif | 72630BE6F3743631E1FC2C53F8F25344 |
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\3FZRZ9KZ\tia[1].png | AD07EE4CB98DA073DDA56CE7CEB88F5A |
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\5B7NHQO2\google_fr[1].txt | A92794097B1192A3B177BA62418B2F05 |
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\5B7NHQO2\rs=AItRSTPlPDh3JqT4hZcG--RlbldBDxGPAA[1] | 6C9F39E8946018FB1631E818F9668EAE |
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\5B7NHQO2\sem_feed2a2e2d54cd5f40fb4b5f5244fff2[1].js | FEED2A2E2D54CD5F40FB4B5F5244FFF2 |
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\L1ZDGPDD\b0659096785d29d3[1].js | 0FA09E7314A4BAC8093E64309A152A19 |
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\L1ZDGPDD\j_e6a6aca6[1].png | E6A6ACA6F0BF41491306FB48C5CBC2EF |
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\L1ZDGPDD\logo3w[1].png | 169E859DB7F28A01E1B51E1C9E2D6B2B |
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LLFPAG1G\favicon[1].ico | 09B565A51E14B721A323F0BA44B2982A |
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LLFPAG1G\nav_logo107[1].png | 92D80817414D8985DE1DCC4425754D66 |
C:\WINDOWS\Prefetch\7DB482F5469DFEB0A6B2B4F66C062-2ABA240A.pf | F43502801BD279990BA3D5265F42CB1C |
C:\WINDOWS\Prefetch\IEXPLORE.EXE-27122324.pf | C1B91BC0C5B15E28B11B3FDFAE443908 |
C:\WINDOWS\system32\wbem\Logs\wmiprov.log | 61C835EF8EC2E9A5E7F4BB57F2412B2E |
C:\skhfushjflw\config.bin | B95E4F3E52958AA860B6BA5D44E8650A |
C:\skhfushjflw\skhfushjflw.exe | 7DB482F5469DFEB0A6B2B4F66C062314 |
\ROUTER | B605561334335B73E3E90D0E3139C59E |
\globpluginspipe | 3456A0595C18EFB403FBA33DBADFEB70 |
\lsass | 2B194305EBB60F22791CC48709E9F414 |
Global Network Data
All TCP | ||||
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
Jul 2, 2012 20:06:12.638062954 CEST | 1039 | 85 | 192.168.0.10 | 194.247.58.63 |
Jul 2, 2012 20:06:12.638093948 CEST | 85 | 1039 | 194.247.58.63 | 192.168.0.10 |
Jul 2, 2012 20:06:12.638293982 CEST | 1039 | 85 | 192.168.0.10 | 194.247.58.63 |
Jul 2, 2012 20:06:12.762447119 CEST | 1039 | 85 | 192.168.0.10 | 194.247.58.63 |
Jul 2, 2012 20:06:12.762470961 CEST | 85 | 1039 | 194.247.58.63 | 192.168.0.10 |
Jul 2, 2012 20:06:12.769419909 CEST | 1039 | 85 | 192.168.0.10 | 194.247.58.63 |
Jul 2, 2012 20:06:12.769490004 CEST | 85 | 1039 | 194.247.58.63 | 192.168.0.10 |
Jul 2, 2012 20:06:12.769702911 CEST | 1039 | 85 | 192.168.0.10 | 194.247.58.63 |
Jul 2, 2012 20:06:22.557746887 CEST | 1040 | 80 | 192.168.0.10 | 23.23.227.68 |
Jul 2, 2012 20:06:22.557774067 CEST | 80 | 1040 | 23.23.227.68 | 192.168.0.10 |
Jul 2, 2012 20:06:22.558010101 CEST | 1040 | 80 | 192.168.0.10 | 23.23.227.68 |
Jul 2, 2012 20:06:22.630816936 CEST | 1040 | 80 | 192.168.0.10 | 23.23.227.68 |
Jul 2, 2012 20:06:22.630852938 CEST | 80 | 1040 | 23.23.227.68 | 192.168.0.10 |
Jul 2, 2012 20:06:23.338170052 CEST | 80 | 1040 | 23.23.227.68 | 192.168.0.10 |
Jul 2, 2012 20:06:23.539930105 CEST | 1040 | 80 | 192.168.0.10 | 23.23.227.68 |
Jul 2, 2012 20:06:33.354585886 CEST | 80 | 1040 | 23.23.227.68 | 192.168.0.10 |
Jul 2, 2012 20:06:33.355050087 CEST | 1040 | 80 | 192.168.0.10 | 23.23.227.68 |
Jul 2, 2012 20:06:45.449976921 CEST | 1043 | 80 | 192.168.0.10 | 173.194.69.106 |
Jul 2, 2012 20:06:45.450005054 CEST | 80 | 1043 | 173.194.69.106 | 192.168.0.10 |
Jul 2, 2012 20:06:45.450228930 CEST | 1043 | 80 | 192.168.0.10 | 173.194.69.106 |
Jul 2, 2012 20:06:45.452275038 CEST | 1043 | 80 | 192.168.0.10 | 173.194.69.106 |
Jul 2, 2012 20:06:45.452294111 CEST | 80 | 1043 | 173.194.69.106 | 192.168.0.10 |
Jul 2, 2012 20:06:45.937494040 CEST | 80 | 1043 | 173.194.69.106 | 192.168.0.10 |
Jul 2, 2012 20:06:46.052731991 CEST | 80 | 1043 | 173.194.69.106 | 192.168.0.10 |
Jul 2, 2012 20:06:46.053299904 CEST | 1043 | 80 | 192.168.0.10 | 173.194.69.106 |
Jul 2, 2012 20:06:46.053344011 CEST | 80 | 1043 | 173.194.69.106 | 192.168.0.10 |
Jul 2, 2012 20:06:46.081779957 CEST | 1044 | 80 | 192.168.0.10 | 173.194.69.94 |
Jul 2, 2012 20:06:46.081793070 CEST | 80 | 1044 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:06:46.081991911 CEST | 1044 | 80 | 192.168.0.10 | 173.194.69.94 |
Jul 2, 2012 20:06:46.173389912 CEST | 1043 | 80 | 192.168.0.10 | 173.194.69.106 |
Jul 2, 2012 20:06:49.126018047 CEST | 1044 | 80 | 192.168.0.10 | 173.194.69.94 |
Jul 2, 2012 20:06:49.126058102 CEST | 80 | 1044 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:06:49.126343966 CEST | 1044 | 80 | 192.168.0.10 | 173.194.69.94 |
Jul 2, 2012 20:06:49.147241116 CEST | 1044 | 80 | 192.168.0.10 | 173.194.69.94 |
Jul 2, 2012 20:06:49.147264004 CEST | 80 | 1044 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:06:49.581904888 CEST | 80 | 1044 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:06:49.650196075 CEST | 80 | 1044 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:06:49.650619030 CEST | 80 | 1044 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:06:49.657922029 CEST | 1044 | 80 | 192.168.0.10 | 173.194.69.94 |
Jul 2, 2012 20:06:49.657944918 CEST | 80 | 1044 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:06:49.658287048 CEST | 1044 | 80 | 192.168.0.10 | 173.194.69.94 |
Jul 2, 2012 20:06:49.672760963 CEST | 80 | 1044 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:06:49.672768116 CEST | 80 | 1044 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:06:49.673168898 CEST | 1044 | 80 | 192.168.0.10 | 173.194.69.94 |
Jul 2, 2012 20:06:49.695521116 CEST | 80 | 1044 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:06:49.707636118 CEST | 80 | 1044 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:06:49.708035946 CEST | 1044 | 80 | 192.168.0.10 | 173.194.69.94 |
Jul 2, 2012 20:06:49.708054066 CEST | 80 | 1044 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:06:49.762799025 CEST | 80 | 1044 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:06:49.763250113 CEST | 1044 | 80 | 192.168.0.10 | 173.194.69.94 |
Jul 2, 2012 20:06:49.763278961 CEST | 80 | 1044 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:06:49.763360977 CEST | 1044 | 80 | 192.168.0.10 | 173.194.69.94 |
Jul 2, 2012 20:06:49.785636902 CEST | 80 | 1044 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:06:49.786256075 CEST | 1044 | 80 | 192.168.0.10 | 173.194.69.94 |
Jul 2, 2012 20:06:49.786269903 CEST | 80 | 1044 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:06:49.812666893 CEST | 80 | 1044 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:06:49.813082933 CEST | 1044 | 80 | 192.168.0.10 | 173.194.69.94 |
Jul 2, 2012 20:06:49.813102007 CEST | 80 | 1044 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:06:49.816278934 CEST | 80 | 1044 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:06:49.817924023 CEST | 1044 | 80 | 192.168.0.10 | 173.194.69.94 |
Jul 2, 2012 20:06:49.817938089 CEST | 80 | 1044 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:06:49.852718115 CEST | 80 | 1044 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:06:49.855362892 CEST | 1044 | 80 | 192.168.0.10 | 173.194.69.94 |
Jul 2, 2012 20:06:49.855380058 CEST | 80 | 1044 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:06:49.883846045 CEST | 80 | 1044 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:06:49.884200096 CEST | 1044 | 80 | 192.168.0.10 | 173.194.69.94 |
Jul 2, 2012 20:06:49.884216070 CEST | 80 | 1044 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:06:49.925036907 CEST | 80 | 1044 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:06:49.925343037 CEST | 1044 | 80 | 192.168.0.10 | 173.194.69.94 |
Jul 2, 2012 20:06:49.925360918 CEST | 80 | 1044 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:06:49.960942984 CEST | 80 | 1044 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:06:49.961294889 CEST | 1044 | 80 | 192.168.0.10 | 173.194.69.94 |
Jul 2, 2012 20:06:49.961313009 CEST | 80 | 1044 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:06:50.110955954 CEST | 1044 | 80 | 192.168.0.10 | 173.194.69.94 |
Jul 2, 2012 20:06:50.110976934 CEST | 80 | 1044 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:06:50.329006910 CEST | 1044 | 80 | 192.168.0.10 | 173.194.69.94 |
Jul 2, 2012 20:06:50.496540070 CEST | 1044 | 80 | 192.168.0.10 | 173.194.69.94 |
Jul 2, 2012 20:06:51.612915993 CEST | 1044 | 80 | 192.168.0.10 | 173.194.69.94 |
Jul 2, 2012 20:06:51.612946033 CEST | 80 | 1044 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:06:51.645613909 CEST | 1045 | 80 | 192.168.0.10 | 173.194.69.94 |
Jul 2, 2012 20:06:51.645642042 CEST | 80 | 1045 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:06:51.645971060 CEST | 1045 | 80 | 192.168.0.10 | 173.194.69.94 |
Jul 2, 2012 20:06:51.665994883 CEST | 1045 | 80 | 192.168.0.10 | 173.194.69.94 |
Jul 2, 2012 20:06:51.666014910 CEST | 80 | 1045 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:06:51.936590910 CEST | 80 | 1044 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:06:52.028717995 CEST | 80 | 1044 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:06:52.029097080 CEST | 1044 | 80 | 192.168.0.10 | 173.194.69.94 |
Jul 2, 2012 20:06:52.029119015 CEST | 80 | 1044 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:06:52.192051888 CEST | 1044 | 80 | 192.168.0.10 | 173.194.69.94 |
Jul 2, 2012 20:06:52.330037117 CEST | 80 | 1045 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:06:52.392671108 CEST | 1044 | 80 | 192.168.0.10 | 173.194.69.94 |
Jul 2, 2012 20:06:52.392699003 CEST | 80 | 1044 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:06:52.517275095 CEST | 1045 | 80 | 192.168.0.10 | 173.194.69.94 |
Jul 2, 2012 20:06:52.517293930 CEST | 80 | 1045 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:06:52.681835890 CEST | 80 | 1044 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:06:52.735291004 CEST | 1045 | 80 | 192.168.0.10 | 173.194.69.94 |
Jul 2, 2012 20:06:52.760291100 CEST | 80 | 1044 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:06:52.760543108 CEST | 1044 | 80 | 192.168.0.10 | 173.194.69.94 |
Jul 2, 2012 20:06:52.760561943 CEST | 80 | 1044 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:06:52.760888100 CEST | 1044 | 80 | 192.168.0.10 | 173.194.69.94 |
Jul 2, 2012 20:06:52.779480934 CEST | 80 | 1044 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:06:52.783039093 CEST | 80 | 1044 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:06:52.783324957 CEST | 1044 | 80 | 192.168.0.10 | 173.194.69.94 |
Jul 2, 2012 20:06:52.783339977 CEST | 80 | 1044 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:06:52.957523108 CEST | 1044 | 80 | 192.168.0.10 | 173.194.69.94 |
Jul 2, 2012 20:06:57.999017000 CEST | 1046 | 80 | 192.168.0.10 | 199.7.71.190 |
Jul 2, 2012 20:06:57.999058008 CEST | 80 | 1046 | 199.7.71.190 | 192.168.0.10 |
Jul 2, 2012 20:06:57.999216080 CEST | 1046 | 80 | 192.168.0.10 | 199.7.71.190 |
Jul 2, 2012 20:06:58.000196934 CEST | 1046 | 80 | 192.168.0.10 | 199.7.71.190 |
Jul 2, 2012 20:06:58.000216961 CEST | 80 | 1046 | 199.7.71.190 | 192.168.0.10 |
Jul 2, 2012 20:06:58.523797989 CEST | 80 | 1046 | 199.7.71.190 | 192.168.0.10 |
Jul 2, 2012 20:06:58.647272110 CEST | 1046 | 80 | 192.168.0.10 | 199.7.71.190 |
Jul 2, 2012 20:06:58.647293091 CEST | 80 | 1046 | 199.7.71.190 | 192.168.0.10 |
Jul 2, 2012 20:06:58.863985062 CEST | 1046 | 80 | 192.168.0.10 | 199.7.71.190 |
Jul 2, 2012 20:07:00.458628893 CEST | 1047 | 80 | 192.168.0.10 | 199.7.52.190 |
Jul 2, 2012 20:07:00.458708048 CEST | 80 | 1047 | 199.7.52.190 | 192.168.0.10 |
Jul 2, 2012 20:07:00.459012985 CEST | 1047 | 80 | 192.168.0.10 | 199.7.52.190 |
Jul 2, 2012 20:07:00.461488962 CEST | 1047 | 80 | 192.168.0.10 | 199.7.52.190 |
Jul 2, 2012 20:07:00.461507082 CEST | 80 | 1047 | 199.7.52.190 | 192.168.0.10 |
Jul 2, 2012 20:07:01.242489100 CEST | 80 | 1047 | 199.7.52.190 | 192.168.0.10 |
Jul 2, 2012 20:07:01.295207024 CEST | 80 | 1047 | 199.7.52.190 | 192.168.0.10 |
Jul 2, 2012 20:07:01.295777082 CEST | 1047 | 80 | 192.168.0.10 | 199.7.52.190 |
Jul 2, 2012 20:07:01.295799017 CEST | 80 | 1047 | 199.7.52.190 | 192.168.0.10 |
Jul 2, 2012 20:07:01.317548990 CEST | 80 | 1047 | 199.7.52.190 | 192.168.0.10 |
Jul 2, 2012 20:07:01.317965984 CEST | 1047 | 80 | 192.168.0.10 | 199.7.52.190 |
Jul 2, 2012 20:07:01.317979097 CEST | 80 | 1047 | 199.7.52.190 | 192.168.0.10 |
Jul 2, 2012 20:07:01.318269968 CEST | 1047 | 80 | 192.168.0.10 | 199.7.52.190 |
Jul 2, 2012 20:07:01.411159992 CEST | 80 | 1047 | 199.7.52.190 | 192.168.0.10 |
Jul 2, 2012 20:07:01.436861992 CEST | 80 | 1047 | 199.7.52.190 | 192.168.0.10 |
Jul 2, 2012 20:07:01.437365055 CEST | 1047 | 80 | 192.168.0.10 | 199.7.52.190 |
Jul 2, 2012 20:07:01.456767082 CEST | 80 | 1047 | 199.7.52.190 | 192.168.0.10 |
Jul 2, 2012 20:07:01.457294941 CEST | 1047 | 80 | 192.168.0.10 | 199.7.52.190 |
Jul 2, 2012 20:07:01.475208044 CEST | 80 | 1047 | 199.7.52.190 | 192.168.0.10 |
Jul 2, 2012 20:07:01.492681026 CEST | 80 | 1047 | 199.7.52.190 | 192.168.0.10 |
Jul 2, 2012 20:07:01.493253946 CEST | 1047 | 80 | 192.168.0.10 | 199.7.52.190 |
Jul 2, 2012 20:07:01.505157948 CEST | 80 | 1047 | 199.7.52.190 | 192.168.0.10 |
Jul 2, 2012 20:07:01.505347013 CEST | 80 | 1047 | 199.7.52.190 | 192.168.0.10 |
Jul 2, 2012 20:07:01.505740881 CEST | 1047 | 80 | 192.168.0.10 | 199.7.52.190 |
Jul 2, 2012 20:07:01.505770922 CEST | 80 | 1047 | 199.7.52.190 | 192.168.0.10 |
Jul 2, 2012 20:07:01.506098986 CEST | 1047 | 80 | 192.168.0.10 | 199.7.52.190 |
Jul 2, 2012 20:07:01.527256012 CEST | 80 | 1047 | 199.7.52.190 | 192.168.0.10 |
Jul 2, 2012 20:07:01.548378944 CEST | 80 | 1047 | 199.7.52.190 | 192.168.0.10 |
Jul 2, 2012 20:07:01.548943996 CEST | 1047 | 80 | 192.168.0.10 | 199.7.52.190 |
Jul 2, 2012 20:07:01.548973083 CEST | 80 | 1047 | 199.7.52.190 | 192.168.0.10 |
Jul 2, 2012 20:07:01.549189091 CEST | 1047 | 80 | 192.168.0.10 | 199.7.52.190 |
Jul 2, 2012 20:07:01.549285889 CEST | 80 | 1047 | 199.7.52.190 | 192.168.0.10 |
Jul 2, 2012 20:07:01.549292088 CEST | 80 | 1047 | 199.7.52.190 | 192.168.0.10 |
Jul 2, 2012 20:07:01.549665928 CEST | 1047 | 80 | 192.168.0.10 | 199.7.52.190 |
Jul 2, 2012 20:07:01.618357897 CEST | 80 | 1047 | 199.7.52.190 | 192.168.0.10 |
Jul 2, 2012 20:07:01.641001940 CEST | 80 | 1047 | 199.7.52.190 | 192.168.0.10 |
Jul 2, 2012 20:07:01.641587973 CEST | 1047 | 80 | 192.168.0.10 | 199.7.52.190 |
Jul 2, 2012 20:07:01.641627073 CEST | 80 | 1047 | 199.7.52.190 | 192.168.0.10 |
Jul 2, 2012 20:07:01.642036915 CEST | 1047 | 80 | 192.168.0.10 | 199.7.52.190 |
Jul 2, 2012 20:07:01.645744085 CEST | 80 | 1047 | 199.7.52.190 | 192.168.0.10 |
Jul 2, 2012 20:07:01.646905899 CEST | 80 | 1047 | 199.7.52.190 | 192.168.0.10 |
Jul 2, 2012 20:07:01.647419930 CEST | 1047 | 80 | 192.168.0.10 | 199.7.52.190 |
Jul 2, 2012 20:07:01.647442102 CEST | 80 | 1047 | 199.7.52.190 | 192.168.0.10 |
Jul 2, 2012 20:07:01.647785902 CEST | 1047 | 80 | 192.168.0.10 | 199.7.52.190 |
Jul 2, 2012 20:07:01.667541027 CEST | 80 | 1047 | 199.7.52.190 | 192.168.0.10 |
Jul 2, 2012 20:07:01.813838959 CEST | 1047 | 80 | 192.168.0.10 | 199.7.52.190 |
Jul 2, 2012 20:07:01.813855886 CEST | 80 | 1047 | 199.7.52.190 | 192.168.0.10 |
Jul 2, 2012 20:07:02.032896996 CEST | 1047 | 80 | 192.168.0.10 | 199.7.52.190 |
Jul 2, 2012 20:07:02.932931900 CEST | 80 | 1047 | 199.7.52.190 | 192.168.0.10 |
Jul 2, 2012 20:07:03.126893044 CEST | 1047 | 80 | 192.168.0.10 | 199.7.52.190 |
Jul 2, 2012 20:07:03.126950026 CEST | 80 | 1047 | 199.7.52.190 | 192.168.0.10 |
Jul 2, 2012 20:07:03.281857967 CEST | 80 | 1047 | 199.7.52.190 | 192.168.0.10 |
Jul 2, 2012 20:07:03.282428980 CEST | 1047 | 80 | 192.168.0.10 | 199.7.52.190 |
Jul 2, 2012 20:07:03.374352932 CEST | 80 | 1047 | 199.7.52.190 | 192.168.0.10 |
Jul 2, 2012 20:07:03.563718081 CEST | 1047 | 80 | 192.168.0.10 | 199.7.52.190 |
Jul 2, 2012 20:07:03.563800097 CEST | 80 | 1047 | 199.7.52.190 | 192.168.0.10 |
Jul 2, 2012 20:07:03.786237001 CEST | 1047 | 80 | 192.168.0.10 | 199.7.52.190 |
Jul 2, 2012 20:07:04.971585989 CEST | 1045 | 80 | 192.168.0.10 | 173.194.69.94 |
Jul 2, 2012 20:07:04.971607924 CEST | 80 | 1045 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:04.993516922 CEST | 1044 | 80 | 192.168.0.10 | 173.194.69.94 |
Jul 2, 2012 20:07:04.993530989 CEST | 80 | 1044 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:05.259922981 CEST | 1048 | 80 | 192.168.0.10 | 173.194.69.94 |
Jul 2, 2012 20:07:05.259954929 CEST | 80 | 1048 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:05.260241985 CEST | 1048 | 80 | 192.168.0.10 | 173.194.69.94 |
Jul 2, 2012 20:07:05.371222973 CEST | 1049 | 80 | 192.168.0.10 | 173.194.69.120 |
Jul 2, 2012 20:07:05.371234894 CEST | 80 | 1049 | 173.194.69.120 | 192.168.0.10 |
Jul 2, 2012 20:07:05.371571064 CEST | 1049 | 80 | 192.168.0.10 | 173.194.69.120 |
Jul 2, 2012 20:07:05.822736025 CEST | 80 | 1045 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:05.877068043 CEST | 80 | 1045 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:05.877346992 CEST | 1045 | 80 | 192.168.0.10 | 173.194.69.94 |
Jul 2, 2012 20:07:05.877368927 CEST | 80 | 1045 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:05.991647959 CEST | 80 | 1045 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:05.992238998 CEST | 1045 | 80 | 192.168.0.10 | 173.194.69.94 |
Jul 2, 2012 20:07:05.992297888 CEST | 80 | 1045 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:06.014369965 CEST | 80 | 1045 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:06.014914036 CEST | 1045 | 80 | 192.168.0.10 | 173.194.69.94 |
Jul 2, 2012 20:07:06.014986038 CEST | 80 | 1045 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:06.117400885 CEST | 80 | 1045 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:06.117984056 CEST | 1045 | 80 | 192.168.0.10 | 173.194.69.94 |
Jul 2, 2012 20:07:06.118043900 CEST | 80 | 1045 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:06.139420033 CEST | 80 | 1045 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:06.139996052 CEST | 1045 | 80 | 192.168.0.10 | 173.194.69.94 |
Jul 2, 2012 20:07:06.140054941 CEST | 80 | 1045 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:06.254847050 CEST | 80 | 1045 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:06.255422115 CEST | 1045 | 80 | 192.168.0.10 | 173.194.69.94 |
Jul 2, 2012 20:07:06.255491018 CEST | 80 | 1045 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:06.295082092 CEST | 80 | 1045 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:06.295664072 CEST | 1045 | 80 | 192.168.0.10 | 173.194.69.94 |
Jul 2, 2012 20:07:06.295736074 CEST | 80 | 1045 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:06.407624006 CEST | 1045 | 80 | 192.168.0.10 | 173.194.69.94 |
Jul 2, 2012 20:07:06.407686949 CEST | 80 | 1045 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:06.427809000 CEST | 80 | 1045 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:06.428349972 CEST | 1045 | 80 | 192.168.0.10 | 173.194.69.94 |
Jul 2, 2012 20:07:06.428416967 CEST | 80 | 1045 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:06.428423882 CEST | 1045 | 80 | 192.168.0.10 | 173.194.69.94 |
Jul 2, 2012 20:07:06.574726105 CEST | 80 | 1045 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:06.575288057 CEST | 1045 | 80 | 192.168.0.10 | 173.194.69.94 |
Jul 2, 2012 20:07:06.575351954 CEST | 80 | 1045 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:06.575668097 CEST | 1045 | 80 | 192.168.0.10 | 173.194.69.94 |
Jul 2, 2012 20:07:06.591449022 CEST | 80 | 1045 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:06.634236097 CEST | 80 | 1045 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:06.634784937 CEST | 1045 | 80 | 192.168.0.10 | 173.194.69.94 |
Jul 2, 2012 20:07:06.634876966 CEST | 80 | 1045 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:06.741183043 CEST | 80 | 1044 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:06.844754934 CEST | 1045 | 80 | 192.168.0.10 | 173.194.69.94 |
Jul 2, 2012 20:07:06.844827890 CEST | 80 | 1045 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:06.954230070 CEST | 1044 | 80 | 192.168.0.10 | 173.194.69.94 |
Jul 2, 2012 20:07:06.954305887 CEST | 80 | 1044 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:07.063602924 CEST | 1045 | 80 | 192.168.0.10 | 173.194.69.94 |
Jul 2, 2012 20:07:07.173316002 CEST | 1044 | 80 | 192.168.0.10 | 173.194.69.94 |
Jul 2, 2012 20:07:08.157717943 CEST | 1048 | 80 | 192.168.0.10 | 173.194.69.94 |
Jul 2, 2012 20:07:08.157802105 CEST | 80 | 1048 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:08.158207893 CEST | 1048 | 80 | 192.168.0.10 | 173.194.69.94 |
Jul 2, 2012 20:07:08.160505056 CEST | 1048 | 80 | 192.168.0.10 | 173.194.69.94 |
Jul 2, 2012 20:07:08.160540104 CEST | 80 | 1048 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:08.267168045 CEST | 1049 | 80 | 192.168.0.10 | 173.194.69.120 |
Jul 2, 2012 20:07:08.267255068 CEST | 80 | 1049 | 173.194.69.120 | 192.168.0.10 |
Jul 2, 2012 20:07:08.267627954 CEST | 1049 | 80 | 192.168.0.10 | 173.194.69.120 |
Jul 2, 2012 20:07:08.269750118 CEST | 1049 | 80 | 192.168.0.10 | 173.194.69.120 |
Jul 2, 2012 20:07:08.269795895 CEST | 80 | 1049 | 173.194.69.120 | 192.168.0.10 |
Jul 2, 2012 20:07:08.792800903 CEST | 80 | 1048 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:08.838726044 CEST | 80 | 1048 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:08.839278936 CEST | 1048 | 80 | 192.168.0.10 | 173.194.69.94 |
Jul 2, 2012 20:07:08.839337111 CEST | 80 | 1048 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:08.865055084 CEST | 80 | 1048 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:08.865427971 CEST | 1048 | 80 | 192.168.0.10 | 173.194.69.94 |
Jul 2, 2012 20:07:08.865451097 CEST | 80 | 1048 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:08.940176964 CEST | 80 | 1048 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:08.940730095 CEST | 1048 | 80 | 192.168.0.10 | 173.194.69.94 |
Jul 2, 2012 20:07:08.940803051 CEST | 80 | 1048 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:08.946738005 CEST | 80 | 1048 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:08.947170019 CEST | 1048 | 80 | 192.168.0.10 | 173.194.69.94 |
Jul 2, 2012 20:07:08.947195053 CEST | 80 | 1048 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:08.968770981 CEST | 80 | 1048 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:08.969172955 CEST | 1048 | 80 | 192.168.0.10 | 173.194.69.94 |
Jul 2, 2012 20:07:08.969201088 CEST | 80 | 1048 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:08.990871906 CEST | 80 | 1048 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:08.991242886 CEST | 1048 | 80 | 192.168.0.10 | 173.194.69.94 |
Jul 2, 2012 20:07:08.991267920 CEST | 80 | 1048 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:09.036461115 CEST | 80 | 1048 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:09.036813021 CEST | 1048 | 80 | 192.168.0.10 | 173.194.69.94 |
Jul 2, 2012 20:07:09.036840916 CEST | 80 | 1048 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:09.080611944 CEST | 80 | 1048 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:09.081000090 CEST | 1048 | 80 | 192.168.0.10 | 173.194.69.94 |
Jul 2, 2012 20:07:09.081034899 CEST | 80 | 1048 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:09.130589008 CEST | 80 | 1049 | 173.194.69.120 | 192.168.0.10 |
Jul 2, 2012 20:07:09.153019905 CEST | 1048 | 80 | 192.168.0.10 | 173.194.69.94 |
Jul 2, 2012 20:07:09.153080940 CEST | 80 | 1048 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:09.161402941 CEST | 80 | 1049 | 173.194.69.120 | 192.168.0.10 |
Jul 2, 2012 20:07:09.161811113 CEST | 1049 | 80 | 192.168.0.10 | 173.194.69.120 |
Jul 2, 2012 20:07:09.161865950 CEST | 80 | 1049 | 173.194.69.120 | 192.168.0.10 |
Jul 2, 2012 20:07:09.283905029 CEST | 80 | 1048 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:09.284403086 CEST | 1048 | 80 | 192.168.0.10 | 173.194.69.94 |
Jul 2, 2012 20:07:09.284487009 CEST | 80 | 1048 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:09.291626930 CEST | 80 | 1048 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:09.292078018 CEST | 1048 | 80 | 192.168.0.10 | 173.194.69.94 |
Jul 2, 2012 20:07:09.292150974 CEST | 80 | 1048 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:09.292565107 CEST | 1048 | 80 | 192.168.0.10 | 173.194.69.94 |
Jul 2, 2012 20:07:09.332711935 CEST | 80 | 1048 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:09.360915899 CEST | 1049 | 80 | 192.168.0.10 | 173.194.69.120 |
Jul 2, 2012 20:07:09.361010075 CEST | 80 | 1049 | 173.194.69.120 | 192.168.0.10 |
Jul 2, 2012 20:07:09.384169102 CEST | 80 | 1048 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:09.384706974 CEST | 1048 | 80 | 192.168.0.10 | 173.194.69.94 |
Jul 2, 2012 20:07:09.384790897 CEST | 80 | 1048 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:09.405993938 CEST | 80 | 1048 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:09.406531096 CEST | 1048 | 80 | 192.168.0.10 | 173.194.69.94 |
Jul 2, 2012 20:07:09.406615019 CEST | 80 | 1048 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:09.430238008 CEST | 80 | 1048 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:09.430798054 CEST | 1048 | 80 | 192.168.0.10 | 173.194.69.94 |
Jul 2, 2012 20:07:09.430859089 CEST | 80 | 1048 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:09.468534946 CEST | 80 | 1048 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:09.469044924 CEST | 1048 | 80 | 192.168.0.10 | 173.194.69.94 |
Jul 2, 2012 20:07:09.469116926 CEST | 80 | 1048 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:09.470354080 CEST | 80 | 1048 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:09.470750093 CEST | 1048 | 80 | 192.168.0.10 | 173.194.69.94 |
Jul 2, 2012 20:07:09.470772982 CEST | 80 | 1048 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:09.510322094 CEST | 80 | 1048 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:09.510878086 CEST | 1048 | 80 | 192.168.0.10 | 173.194.69.94 |
Jul 2, 2012 20:07:09.510947943 CEST | 80 | 1048 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:09.563890934 CEST | 80 | 1048 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:09.564403057 CEST | 1048 | 80 | 192.168.0.10 | 173.194.69.94 |
Jul 2, 2012 20:07:09.564476013 CEST | 80 | 1048 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:09.564919949 CEST | 1048 | 80 | 192.168.0.10 | 173.194.69.94 |
Jul 2, 2012 20:07:09.576770067 CEST | 80 | 1048 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:09.576777935 CEST | 80 | 1048 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:09.577310085 CEST | 1048 | 80 | 192.168.0.10 | 173.194.69.94 |
Jul 2, 2012 20:07:09.579241037 CEST | 1049 | 80 | 192.168.0.10 | 173.194.69.120 |
Jul 2, 2012 20:07:09.588815928 CEST | 80 | 1049 | 173.194.69.120 | 192.168.0.10 |
Jul 2, 2012 20:07:09.596049070 CEST | 80 | 1049 | 173.194.69.120 | 192.168.0.10 |
Jul 2, 2012 20:07:09.596611023 CEST | 1049 | 80 | 192.168.0.10 | 173.194.69.120 |
Jul 2, 2012 20:07:09.596677065 CEST | 80 | 1049 | 173.194.69.120 | 192.168.0.10 |
Jul 2, 2012 20:07:09.597043991 CEST | 1049 | 80 | 192.168.0.10 | 173.194.69.120 |
Jul 2, 2012 20:07:09.613528967 CEST | 80 | 1049 | 173.194.69.120 | 192.168.0.10 |
Jul 2, 2012 20:07:09.642311096 CEST | 80 | 1049 | 173.194.69.120 | 192.168.0.10 |
Jul 2, 2012 20:07:09.642848015 CEST | 1049 | 80 | 192.168.0.10 | 173.194.69.120 |
Jul 2, 2012 20:07:09.642918110 CEST | 80 | 1049 | 173.194.69.120 | 192.168.0.10 |
Jul 2, 2012 20:07:09.644051075 CEST | 80 | 1049 | 173.194.69.120 | 192.168.0.10 |
Jul 2, 2012 20:07:09.644457102 CEST | 1049 | 80 | 192.168.0.10 | 173.194.69.120 |
Jul 2, 2012 20:07:09.644479036 CEST | 80 | 1049 | 173.194.69.120 | 192.168.0.10 |
Jul 2, 2012 20:07:09.676295996 CEST | 80 | 1049 | 173.194.69.120 | 192.168.0.10 |
Jul 2, 2012 20:07:09.676717043 CEST | 1049 | 80 | 192.168.0.10 | 173.194.69.120 |
Jul 2, 2012 20:07:09.676795959 CEST | 80 | 1049 | 173.194.69.120 | 192.168.0.10 |
Jul 2, 2012 20:07:09.707706928 CEST | 80 | 1048 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:09.714277983 CEST | 80 | 1048 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:09.714746952 CEST | 1048 | 80 | 192.168.0.10 | 173.194.69.94 |
Jul 2, 2012 20:07:09.714823008 CEST | 80 | 1048 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:09.779797077 CEST | 80 | 1048 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:09.780374050 CEST | 1048 | 80 | 192.168.0.10 | 173.194.69.94 |
Jul 2, 2012 20:07:09.780447960 CEST | 80 | 1048 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:09.780920029 CEST | 1048 | 80 | 192.168.0.10 | 173.194.69.94 |
Jul 2, 2012 20:07:09.787118912 CEST | 80 | 1048 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:09.798619032 CEST | 1049 | 80 | 192.168.0.10 | 173.194.69.120 |
Jul 2, 2012 20:07:09.798686028 CEST | 80 | 1049 | 173.194.69.120 | 192.168.0.10 |
Jul 2, 2012 20:07:09.802855015 CEST | 80 | 1048 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:09.803256989 CEST | 1048 | 80 | 192.168.0.10 | 173.194.69.94 |
Jul 2, 2012 20:07:09.803299904 CEST | 80 | 1048 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:09.831511021 CEST | 80 | 1048 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:09.831927061 CEST | 1048 | 80 | 192.168.0.10 | 173.194.69.94 |
Jul 2, 2012 20:07:09.832001925 CEST | 80 | 1048 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:09.858119965 CEST | 80 | 1048 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:09.858535051 CEST | 1048 | 80 | 192.168.0.10 | 173.194.69.94 |
Jul 2, 2012 20:07:09.858603954 CEST | 80 | 1048 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:09.879225016 CEST | 80 | 1048 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:09.879656076 CEST | 1048 | 80 | 192.168.0.10 | 173.194.69.94 |
Jul 2, 2012 20:07:09.879718065 CEST | 80 | 1048 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:09.880162954 CEST | 1048 | 80 | 192.168.0.10 | 173.194.69.94 |
Jul 2, 2012 20:07:09.880176067 CEST | 80 | 1048 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:09.940203905 CEST | 80 | 1048 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:09.940666914 CEST | 1048 | 80 | 192.168.0.10 | 173.194.69.94 |
Jul 2, 2012 20:07:09.940691948 CEST | 80 | 1048 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:09.941047907 CEST | 1048 | 80 | 192.168.0.10 | 173.194.69.94 |
Jul 2, 2012 20:07:09.958419085 CEST | 80 | 1048 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:10.002856970 CEST | 80 | 1048 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:10.003431082 CEST | 1048 | 80 | 192.168.0.10 | 173.194.69.94 |
Jul 2, 2012 20:07:10.003508091 CEST | 80 | 1048 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:10.004029036 CEST | 1048 | 80 | 192.168.0.10 | 173.194.69.94 |
Jul 2, 2012 20:07:10.016690969 CEST | 1049 | 80 | 192.168.0.10 | 173.194.69.120 |
Jul 2, 2012 20:07:10.025244951 CEST | 80 | 1048 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:10.047358036 CEST | 80 | 1048 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:10.047863960 CEST | 1048 | 80 | 192.168.0.10 | 173.194.69.94 |
Jul 2, 2012 20:07:10.047933102 CEST | 80 | 1048 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:10.075406075 CEST | 80 | 1048 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:10.075936079 CEST | 1048 | 80 | 192.168.0.10 | 173.194.69.94 |
Jul 2, 2012 20:07:10.076003075 CEST | 80 | 1048 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:10.116967916 CEST | 80 | 1048 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:10.117497921 CEST | 1048 | 80 | 192.168.0.10 | 173.194.69.94 |
Jul 2, 2012 20:07:10.117567062 CEST | 80 | 1048 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:10.117901087 CEST | 1048 | 80 | 192.168.0.10 | 173.194.69.94 |
Jul 2, 2012 20:07:10.133933067 CEST | 80 | 1048 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:10.156694889 CEST | 80 | 1048 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:10.157134056 CEST | 1048 | 80 | 192.168.0.10 | 173.194.69.94 |
Jul 2, 2012 20:07:10.157221079 CEST | 80 | 1048 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:10.178610086 CEST | 80 | 1048 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:10.179145098 CEST | 1048 | 80 | 192.168.0.10 | 173.194.69.94 |
Jul 2, 2012 20:07:10.179213047 CEST | 80 | 1048 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:10.250814915 CEST | 80 | 1048 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:10.251349926 CEST | 1048 | 80 | 192.168.0.10 | 173.194.69.94 |
Jul 2, 2012 20:07:10.251436949 CEST | 80 | 1048 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:10.251575947 CEST | 80 | 1048 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:10.251997948 CEST | 1048 | 80 | 192.168.0.10 | 173.194.69.94 |
Jul 2, 2012 20:07:10.252017975 CEST | 80 | 1048 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:10.252743959 CEST | 1048 | 80 | 192.168.0.10 | 173.194.69.94 |
Jul 2, 2012 20:07:10.273516893 CEST | 80 | 1048 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:10.273525953 CEST | 80 | 1048 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:10.273725033 CEST | 80 | 1048 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:10.274017096 CEST | 1048 | 80 | 192.168.0.10 | 173.194.69.94 |
Jul 2, 2012 20:07:10.274259090 CEST | 1048 | 80 | 192.168.0.10 | 173.194.69.94 |
Jul 2, 2012 20:07:10.274282932 CEST | 80 | 1048 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:10.274611950 CEST | 1048 | 80 | 192.168.0.10 | 173.194.69.94 |
Jul 2, 2012 20:07:10.279328108 CEST | 80 | 1048 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:10.301939011 CEST | 80 | 1048 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:10.302248001 CEST | 1048 | 80 | 192.168.0.10 | 173.194.69.94 |
Jul 2, 2012 20:07:10.302284002 CEST | 80 | 1048 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:10.302596092 CEST | 1048 | 80 | 192.168.0.10 | 173.194.69.94 |
Jul 2, 2012 20:07:10.312586069 CEST | 80 | 1048 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:10.324343920 CEST | 80 | 1048 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:10.324656963 CEST | 1048 | 80 | 192.168.0.10 | 173.194.69.94 |
Jul 2, 2012 20:07:10.324677944 CEST | 80 | 1048 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:10.335477114 CEST | 80 | 1048 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:10.335803032 CEST | 1048 | 80 | 192.168.0.10 | 173.194.69.94 |
Jul 2, 2012 20:07:10.335828066 CEST | 80 | 1048 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:10.336056948 CEST | 1048 | 80 | 192.168.0.10 | 173.194.69.94 |
Jul 2, 2012 20:07:10.347271919 CEST | 80 | 1048 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:10.360161066 CEST | 80 | 1048 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:10.360572100 CEST | 1048 | 80 | 192.168.0.10 | 173.194.69.94 |
Jul 2, 2012 20:07:10.360594988 CEST | 80 | 1048 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:10.360807896 CEST | 1048 | 80 | 192.168.0.10 | 173.194.69.94 |
Jul 2, 2012 20:07:10.369653940 CEST | 80 | 1048 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:10.370345116 CEST | 80 | 1048 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:10.370613098 CEST | 1048 | 80 | 192.168.0.10 | 173.194.69.94 |
Jul 2, 2012 20:07:10.370644093 CEST | 80 | 1048 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:10.370843887 CEST | 1048 | 80 | 192.168.0.10 | 173.194.69.94 |
Jul 2, 2012 20:07:10.386346102 CEST | 80 | 1048 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:10.392170906 CEST | 80 | 1048 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:10.392602921 CEST | 1048 | 80 | 192.168.0.10 | 173.194.69.94 |
Jul 2, 2012 20:07:10.392640114 CEST | 80 | 1048 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:10.414192915 CEST | 80 | 1048 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:10.414618015 CEST | 1048 | 80 | 192.168.0.10 | 173.194.69.94 |
Jul 2, 2012 20:07:10.414644957 CEST | 80 | 1048 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:10.427463055 CEST | 80 | 1048 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:10.427778006 CEST | 80 | 1048 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:10.427844048 CEST | 1048 | 80 | 192.168.0.10 | 173.194.69.94 |
Jul 2, 2012 20:07:10.427870989 CEST | 80 | 1048 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:10.428145885 CEST | 1048 | 80 | 192.168.0.10 | 173.194.69.94 |
Jul 2, 2012 20:07:10.435906887 CEST | 80 | 1048 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:10.449217081 CEST | 80 | 1048 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:10.452572107 CEST | 1048 | 80 | 192.168.0.10 | 173.194.69.94 |
Jul 2, 2012 20:07:10.452599049 CEST | 80 | 1048 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:10.456146955 CEST | 1048 | 80 | 192.168.0.10 | 173.194.69.94 |
Jul 2, 2012 20:07:10.470128059 CEST | 80 | 1048 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:10.471072912 CEST | 80 | 1048 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:10.471424103 CEST | 1048 | 80 | 192.168.0.10 | 173.194.69.94 |
Jul 2, 2012 20:07:10.471489906 CEST | 80 | 1048 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:10.478858948 CEST | 1048 | 80 | 192.168.0.10 | 173.194.69.94 |
Jul 2, 2012 20:07:10.492105007 CEST | 80 | 1048 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:10.492114067 CEST | 80 | 1048 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:10.492556095 CEST | 1048 | 80 | 192.168.0.10 | 173.194.69.94 |
Jul 2, 2012 20:07:10.495990992 CEST | 1048 | 80 | 192.168.0.10 | 173.194.69.94 |
Jul 2, 2012 20:07:10.505018950 CEST | 80 | 1048 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:10.506606102 CEST | 80 | 1048 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:10.506946087 CEST | 1048 | 80 | 192.168.0.10 | 173.194.69.94 |
Jul 2, 2012 20:07:10.507013083 CEST | 80 | 1048 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:10.513869047 CEST | 80 | 1048 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:10.513916969 CEST | 80 | 1048 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:10.514270067 CEST | 1048 | 80 | 192.168.0.10 | 173.194.69.94 |
Jul 2, 2012 20:07:10.514332056 CEST | 80 | 1048 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:10.514358044 CEST | 1048 | 80 | 192.168.0.10 | 173.194.69.94 |
Jul 2, 2012 20:07:10.607983112 CEST | 1048 | 80 | 192.168.0.10 | 173.194.69.94 |
Jul 2, 2012 20:07:10.608038902 CEST | 80 | 1048 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:10.619677067 CEST | 1048 | 80 | 192.168.0.10 | 173.194.69.94 |
Jul 2, 2012 20:07:11.673084974 CEST | 1045 | 80 | 192.168.0.10 | 173.194.69.94 |
Jul 2, 2012 20:07:11.673168898 CEST | 80 | 1045 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:11.705770969 CEST | 1043 | 80 | 192.168.0.10 | 173.194.69.106 |
Jul 2, 2012 20:07:11.705852985 CEST | 80 | 1043 | 173.194.69.106 | 192.168.0.10 |
Jul 2, 2012 20:07:11.751661062 CEST | 1049 | 80 | 192.168.0.10 | 173.194.69.120 |
Jul 2, 2012 20:07:11.751739979 CEST | 80 | 1049 | 173.194.69.120 | 192.168.0.10 |
Jul 2, 2012 20:07:11.793359041 CEST | 1044 | 80 | 192.168.0.10 | 173.194.69.94 |
Jul 2, 2012 20:07:11.793430090 CEST | 80 | 1044 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:11.972590923 CEST | 80 | 1049 | 173.194.69.120 | 192.168.0.10 |
Jul 2, 2012 20:07:11.993705988 CEST | 1048 | 80 | 192.168.0.10 | 173.194.69.94 |
Jul 2, 2012 20:07:11.993779898 CEST | 80 | 1048 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:12.016269922 CEST | 80 | 1049 | 173.194.69.120 | 192.168.0.10 |
Jul 2, 2012 20:07:12.016705036 CEST | 1049 | 80 | 192.168.0.10 | 173.194.69.120 |
Jul 2, 2012 20:07:12.016779900 CEST | 80 | 1049 | 173.194.69.120 | 192.168.0.10 |
Jul 2, 2012 20:07:12.058151960 CEST | 80 | 1049 | 173.194.69.120 | 192.168.0.10 |
Jul 2, 2012 20:07:12.058594942 CEST | 1049 | 80 | 192.168.0.10 | 173.194.69.120 |
Jul 2, 2012 20:07:12.058676004 CEST | 80 | 1049 | 173.194.69.120 | 192.168.0.10 |
Jul 2, 2012 20:07:12.059053898 CEST | 1049 | 80 | 192.168.0.10 | 173.194.69.120 |
Jul 2, 2012 20:07:12.070785046 CEST | 80 | 1049 | 173.194.69.120 | 192.168.0.10 |
Jul 2, 2012 20:07:12.093938112 CEST | 80 | 1049 | 173.194.69.120 | 192.168.0.10 |
Jul 2, 2012 20:07:12.094331980 CEST | 1049 | 80 | 192.168.0.10 | 173.194.69.120 |
Jul 2, 2012 20:07:12.094398975 CEST | 80 | 1049 | 173.194.69.120 | 192.168.0.10 |
Jul 2, 2012 20:07:12.136790991 CEST | 80 | 1049 | 173.194.69.120 | 192.168.0.10 |
Jul 2, 2012 20:07:12.137186050 CEST | 1049 | 80 | 192.168.0.10 | 173.194.69.120 |
Jul 2, 2012 20:07:12.137271881 CEST | 80 | 1049 | 173.194.69.120 | 192.168.0.10 |
Jul 2, 2012 20:07:12.153990984 CEST | 80 | 1049 | 173.194.69.120 | 192.168.0.10 |
Jul 2, 2012 20:07:12.154455900 CEST | 1049 | 80 | 192.168.0.10 | 173.194.69.120 |
Jul 2, 2012 20:07:12.154547930 CEST | 80 | 1049 | 173.194.69.120 | 192.168.0.10 |
Jul 2, 2012 20:07:12.158808947 CEST | 80 | 1049 | 173.194.69.120 | 192.168.0.10 |
Jul 2, 2012 20:07:12.158823967 CEST | 80 | 1045 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:12.159255981 CEST | 1049 | 80 | 192.168.0.10 | 173.194.69.120 |
Jul 2, 2012 20:07:12.159367085 CEST | 80 | 1049 | 173.194.69.120 | 192.168.0.10 |
Jul 2, 2012 20:07:12.313704014 CEST | 1045 | 80 | 192.168.0.10 | 173.194.69.94 |
Jul 2, 2012 20:07:12.313788891 CEST | 80 | 1045 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:12.313810110 CEST | 1049 | 80 | 192.168.0.10 | 173.194.69.120 |
Jul 2, 2012 20:07:12.321307898 CEST | 80 | 1045 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:12.321748018 CEST | 1045 | 80 | 192.168.0.10 | 173.194.69.94 |
Jul 2, 2012 20:07:12.321825027 CEST | 80 | 1045 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:12.322211027 CEST | 1045 | 80 | 192.168.0.10 | 173.194.69.94 |
Jul 2, 2012 20:07:12.343194962 CEST | 80 | 1045 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:12.363317013 CEST | 80 | 1045 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:12.363745928 CEST | 1045 | 80 | 192.168.0.10 | 173.194.69.94 |
Jul 2, 2012 20:07:12.363827944 CEST | 80 | 1045 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:12.364198923 CEST | 1045 | 80 | 192.168.0.10 | 173.194.69.94 |
Jul 2, 2012 20:07:12.365464926 CEST | 80 | 1045 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:12.365473986 CEST | 80 | 1045 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:12.365483046 CEST | 80 | 1043 | 173.194.69.106 | 192.168.0.10 |
Jul 2, 2012 20:07:12.365907907 CEST | 1045 | 80 | 192.168.0.10 | 173.194.69.94 |
Jul 2, 2012 20:07:12.377383947 CEST | 80 | 1044 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:12.388281107 CEST | 80 | 1044 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:12.388685942 CEST | 1044 | 80 | 192.168.0.10 | 173.194.69.94 |
Jul 2, 2012 20:07:12.388756037 CEST | 80 | 1044 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:12.410770893 CEST | 80 | 1044 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:12.410785913 CEST | 80 | 1048 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:12.411207914 CEST | 1044 | 80 | 192.168.0.10 | 173.194.69.94 |
Jul 2, 2012 20:07:12.411273003 CEST | 80 | 1044 | 173.194.69.94 | 192.168.0.10 |
Jul 2, 2012 20:07:12.544430971 CEST | 1043 | 80 | 192.168.0.10 | 173.194.69.106 |
Jul 2, 2012 20:07:12.544452906 CEST | 80 | 1043 | 173.194.69.106 | 192.168.0.10 |
Jul 2, 2012 20:07:12.544473886 CEST | 1048 | 80 | 192.168.0.10 | 173.194.69.94 |
Jul 2, 2012 20:07:12.544497013 CEST | 1044 | 80 | 192.168.0.10 | 173.194.69.94 |
Jul 2, 2012 20:07:12.751091003 CEST | 1043 | 80 | 192.168.0.10 | 173.194.69.106 |
Jul 2, 2012 20:07:27.733908892 CEST | 80 | 1045 | 199.7.71.190 | 192.168.0.10 |
Jul 2, 2012 20:07:27.734275103 CEST | 1045 | 80 | 192.168.0.10 | 199.7.71.190 |
All UDP | ||||
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
Jul 2, 2012 20:06:19.292897940 CEST | 51208 | 53 | 192.168.0.10 | 195.186.1.121 |
Jul 2, 2012 20:06:20.365220070 CEST | 51208 | 53 | 192.168.0.10 | 195.186.4.121 |
Jul 2, 2012 20:06:20.769155025 CEST | 53 | 51208 | 195.186.1.121 | 192.168.0.10 |
Jul 2, 2012 20:06:21.305716991 CEST | 53 | 51208 | 195.186.4.121 | 192.168.0.10 |
Jul 2, 2012 20:06:39.563674927 CEST | 51094 | 53 | 192.168.0.10 | 195.186.1.121 |
Jul 2, 2012 20:06:39.563788891 CEST | 53 | 51094 | 195.186.1.121 | 192.168.0.10 |
Jul 2, 2012 20:06:45.446321011 CEST | 58466 | 53 | 192.168.0.10 | 195.186.1.121 |
Jul 2, 2012 20:06:45.446424007 CEST | 53 | 58466 | 195.186.1.121 | 192.168.0.10 |
Jul 2, 2012 20:06:46.078927040 CEST | 63631 | 53 | 192.168.0.10 | 195.186.1.121 |
Jul 2, 2012 20:06:46.078990936 CEST | 53 | 63631 | 195.186.1.121 | 192.168.0.10 |
Jul 2, 2012 20:06:56.552406073 CEST | 51272 | 53 | 192.168.0.10 | 195.186.1.121 |
Jul 2, 2012 20:06:57.595263004 CEST | 51272 | 53 | 192.168.0.10 | 195.186.4.121 |
Jul 2, 2012 20:06:57.952739000 CEST | 53 | 51272 | 195.186.1.121 | 192.168.0.10 |
Jul 2, 2012 20:06:58.516155958 CEST | 53 | 51272 | 195.186.4.121 | 192.168.0.10 |
Jul 2, 2012 20:06:58.804406881 CEST | 63632 | 53 | 192.168.0.10 | 195.186.1.121 |
Jul 2, 2012 20:06:59.797770023 CEST | 63632 | 53 | 192.168.0.10 | 195.186.4.121 |
Jul 2, 2012 20:07:00.452718019 CEST | 53 | 63632 | 195.186.1.121 | 192.168.0.10 |
Jul 2, 2012 20:07:00.774555922 CEST | 53 | 63632 | 195.186.4.121 | 192.168.0.10 |
Jul 2, 2012 20:07:05.355597973 CEST | 52775 | 53 | 192.168.0.10 | 195.186.1.121 |
Jul 2, 2012 20:07:05.355767012 CEST | 53 | 52775 | 195.186.1.121 | 192.168.0.10 |
All ICMP | |||||
Timestamp | Source IP | Dest IP | Checksum | Code | Type |
Jul 2, 2012 20:06:21.306183100 CEST | 192.168.0.10 | 195.186.4.121 | 862a | (Port unreachable) | Destination Unreachable |
Jul 2, 2012 20:06:58.516316891 CEST | 192.168.0.10 | 195.186.4.121 | 862e | (Port unreachable) | Destination Unreachable |
Jul 2, 2012 20:07:00.775059938 CEST | 192.168.0.10 | 195.186.4.121 | 863a | (Port unreachable) | Destination Unreachable |
DNS Query | |||||||
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
Jul 2, 2012 20:06:19.292897940 CEST | 192.168.0.10 | 195.186.1.121 | 0x27e7 | Standard query (0) | koilorio.com | A (IP address) | IN (0x0001) |
Jul 2, 2012 20:06:20.365220070 CEST | 192.168.0.10 | 195.186.4.121 | 0x27e7 | Standard query (0) | koilorio.com | A (IP address) | IN (0x0001) |
Jul 2, 2012 20:06:45.446321011 CEST | 192.168.0.10 | 195.186.1.121 | 0x6094 | Standard query (0) | www.google.com | A (IP address) | IN (0x0001) |
Jul 2, 2012 20:06:46.078927040 CEST | 192.168.0.10 | 195.186.1.121 | 0x3e12 | Standard query (0) | www.google.fr | A (IP address) | IN (0x0001) |
Jul 2, 2012 20:06:56.552406073 CEST | 192.168.0.10 | 195.186.1.121 | 0xfa71 | Standard query (0) | crl.verisign.com | A (IP address) | IN (0x0001) |
Jul 2, 2012 20:06:57.595263004 CEST | 192.168.0.10 | 195.186.4.121 | 0xfa71 | Standard query (0) | crl.verisign.com | A (IP address) | IN (0x0001) |
Jul 2, 2012 20:06:58.804406881 CEST | 192.168.0.10 | 195.186.1.121 | 0x92cd | Standard query (0) | csc3-2009-2-crl.verisign.com | A (IP address) | IN (0x0001) |
Jul 2, 2012 20:06:59.797770023 CEST | 192.168.0.10 | 195.186.4.121 | 0x92cd | Standard query (0) | csc3-2009-2-crl.verisign.com | A (IP address) | IN (0x0001) |
Jul 2, 2012 20:07:05.355597973 CEST | 192.168.0.10 | 195.186.1.121 | 0x3aa2 | Standard query (0) | ssl.gstatic.com | A (IP address) | IN (0x0001) |
DNS Answer | |||||||||
Timestamp | Source IP | Dest IP | Trans ID | Replay Code | Name | CName | Address | Type | Class |
Jul 2, 2012 20:06:20.769155025 CEST | 195.186.1.121 | 192.168.0.10 | 0x27e7 | No error (0) | koilorio.com | 23.23.227.68 | A (IP address) | IN (0x0001) | |
Jul 2, 2012 20:06:21.305716991 CEST | 195.186.4.121 | 192.168.0.10 | 0x27e7 | No error (0) | koilorio.com | 23.23.227.68 | A (IP address) | IN (0x0001) | |
Jul 2, 2012 20:06:45.446424007 CEST | 195.186.1.121 | 192.168.0.10 | 0x6094 | No error (0) | www.google.com | 173.194.69.106 | A (IP address) | IN (0x0001) | |
Jul 2, 2012 20:06:46.078990936 CEST | 195.186.1.121 | 192.168.0.10 | 0x3e12 | No error (0) | www.google.fr | 173.194.69.94 | A (IP address) | IN (0x0001) | |
Jul 2, 2012 20:06:57.952739000 CEST | 195.186.1.121 | 192.168.0.10 | 0xfa71 | No error (0) | crl.verisign.com | 199.7.71.190 | A (IP address) | IN (0x0001) | |
Jul 2, 2012 20:06:58.516155958 CEST | 195.186.4.121 | 192.168.0.10 | 0xfa71 | No error (0) | crl.verisign.com | 199.7.71.190 | A (IP address) | IN (0x0001) | |
Jul 2, 2012 20:07:00.452718019 CEST | 195.186.1.121 | 192.168.0.10 | 0x92cd | No error (0) | csc3-2009-2-crl.verisign.com | 199.7.52.190 | A (IP address) | IN (0x0001) | |
Jul 2, 2012 20:07:00.774555922 CEST | 195.186.4.121 | 192.168.0.10 | 0x92cd | No error (0) | csc3-2009-2-crl.verisign.com | 199.7.52.190 | A (IP address) | IN (0x0001) | |
Jul 2, 2012 20:07:05.355767012 CEST | 195.186.1.121 | 192.168.0.10 | 0x3aa2 | No error (0) | ssl.gstatic.com | 173.194.69.120 | A (IP address) | IN (0x0001) |
HTTP Dependency Graph |
|
HTTP | ||||||
Timestamp | Source Port | Dest Port | Source IP | Dest IP | Header | Total Bytes Transfered (KB) |
Jul 2, 2012 20:06:22.630816936 CEST | 1040 | 80 | 192.168.0.10 | 23.23.227.68 | 1 | |
Jul 2, 2012 20:06:23.338170052 CEST | 80 | 1040 | 23.23.227.68 | 192.168.0.10 | 2 | |
Jul 2, 2012 20:06:45.452275038 CEST | 1043 | 80 | 192.168.0.10 | 173.194.69.106 | 3 | |
Jul 2, 2012 20:06:45.937494040 CEST | 80 | 1043 | 173.194.69.106 | 192.168.0.10 | 3 | |
Jul 2, 2012 20:06:49.147241116 CEST | 1044 | 80 | 192.168.0.10 | 173.194.69.94 | 6 | |
Jul 2, 2012 20:06:49.581904888 CEST | 80 | 1044 | 173.194.69.94 | 192.168.0.10 | 7 | |
Jul 2, 2012 20:06:51.612915993 CEST | 1044 | 80 | 192.168.0.10 | 173.194.69.94 | 37 | |
Jul 2, 2012 20:06:51.665994883 CEST | 1045 | 80 | 192.168.0.10 | 173.194.69.94 | 38 | |
Jul 2, 2012 20:06:51.936590910 CEST | 80 | 1044 | 173.194.69.94 | 192.168.0.10 | 38 | |
Jul 2, 2012 20:06:52.330037117 CEST | 80 | 1045 | 173.194.69.94 | 192.168.0.10 | 41 | |
Jul 2, 2012 20:06:52.392671108 CEST | 1044 | 80 | 192.168.0.10 | 173.194.69.94 | 41 | |
Jul 2, 2012 20:06:52.681835890 CEST | 80 | 1044 | 173.194.69.94 | 192.168.0.10 | 42 | |
Jul 2, 2012 20:06:58.000196934 CEST | 1046 | 80 | 192.168.0.10 | 199.7.71.190 | 50 | |
Jul 2, 2012 20:06:58.523797989 CEST | 80 | 1046 | 199.7.71.190 | 192.168.0.10 | 51 | |
Jul 2, 2012 20:07:00.461488962 CEST | 1047 | 80 | 192.168.0.10 | 199.7.52.190 | 53 | |
Jul 2, 2012 20:07:01.242489100 CEST | 80 | 1047 | 199.7.52.190 | 192.168.0.10 | 53 | |
Jul 2, 2012 20:07:04.971585989 CEST | 1045 | 80 | 192.168.0.10 | 173.194.69.94 | 92 | |
Jul 2, 2012 20:07:04.993516922 CEST | 1044 | 80 | 192.168.0.10 | 173.194.69.94 | 93 | |
Jul 2, 2012 20:07:05.822736025 CEST | 80 | 1045 | 173.194.69.94 | 192.168.0.10 | 94 | |
Jul 2, 2012 20:07:06.741183043 CEST | 80 | 1044 | 173.194.69.94 | 192.168.0.10 | 123 | |
Jul 2, 2012 20:07:08.160505056 CEST | 1048 | 80 | 192.168.0.10 | 173.194.69.94 | 127 | |
Jul 2, 2012 20:07:08.269750118 CEST | 1049 | 80 | 192.168.0.10 | 173.194.69.120 | 127 | |
Jul 2, 2012 20:07:08.792800903 CEST | 80 | 1048 | 173.194.69.94 | 192.168.0.10 | 128 | |
Jul 2, 2012 20:07:09.130589008 CEST | 80 | 1049 | 173.194.69.120 | 192.168.0.10 | 149 | |
Jul 2, 2012 20:07:11.673084974 CEST | 1045 | 80 | 192.168.0.10 | 173.194.69.94 | 302 | |
Jul 2, 2012 20:07:11.705770969 CEST | 1043 | 80 | 192.168.0.10 | 173.194.69.106 | 303 | |
Jul 2, 2012 20:07:11.751661062 CEST | 1049 | 80 | 192.168.0.10 | 173.194.69.120 | 303 | |
Jul 2, 2012 20:07:11.793359041 CEST | 1044 | 80 | 192.168.0.10 | 173.194.69.94 | 304 | |
Jul 2, 2012 20:07:11.972590923 CEST | 80 | 1049 | 173.194.69.120 | 192.168.0.10 | 305 | |
Jul 2, 2012 20:07:11.993705988 CEST | 1048 | 80 | 192.168.0.10 | 173.194.69.94 | 306 | |
Jul 2, 2012 20:07:12.158823967 CEST | 80 | 1045 | 173.194.69.94 | 192.168.0.10 | 321 | |
Jul 2, 2012 20:07:12.365483046 CEST | 80 | 1043 | 173.194.69.106 | 192.168.0.10 | 333 | |
Jul 2, 2012 20:07:12.377383947 CEST | 80 | 1044 | 173.194.69.94 | 192.168.0.10 | 334 | |
Jul 2, 2012 20:07:12.410785913 CEST | 80 | 1048 | 173.194.69.94 | 192.168.0.10 | 338 |
Hooks
User Modules | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
Sections | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
File Activities:
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Section Activities:
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Registry Activities:
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Mutant Activities:
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Process Activities:
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Memory Activities:
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
System Activities:
|
Chronological sections | |||
Operation | Data | Completion | Time |
Section loaded | Path: \KnownDlls\kernel32.dll Access: write and read and execute Type: unknown Baseaddress: 7C800000 Size: 1007616 Protection: read write Mapped to pid: own pid | success or wait | 528723743 |
Process information queried | PID: 1780 Info Class: Cookie | success or wait | 528729670 |
Section loaded | Path: unknown Access: query and write and read and execute and extend size Type: reserve Baseaddress: 7C800000 Size: 1007616 Protection: read write Mapped to pid: own pid | success or wait | 528732083 |
Section loaded | Path: \NLS\NlsSectionUnicode Access: read Type: unknown Baseaddress: 260000 Size: 90112 Protection: readonly Mapped to pid: own pid | success or wait | 528742777 |
Section loaded | Path: \NLS\NlsSectionLocale Access: read Type: unknown Baseaddress: 280000 Size: 266240 Protection: readonly Mapped to pid: own pid | success or wait | 528746825 |
Section loaded | Path: \NLS\NlsSectionSortkey Access: query and read Type: unknown Baseaddress: 2D0000 Size: 266240 Protection: readonly Mapped to pid: own pid | success or wait | 528751058 |
Section loaded | Path: \NLS\NlsSectionSortTbls Access: read Type: unknown Baseaddress: 320000 Size: 24576 Protection: readonly Mapped to pid: own pid | success or wait | 528752455 |
Section loaded | Path: \NLS\NlsSectionSortkey00000409 Access: read Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 528754547 |
Section loaded | Path: \NLS\NlsSectionSortkey00000409 Access: read Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 528754913 |
Process information queried | PID: 1780 Info Class: ImageInformation | success or wait | 528760429 |
Memory attributes changed | PID: 1780 Path: C:\7db482f5469dfeb0a6b2b4f66c062314.exe Base: 400000 Length: 1000 New Protection: page read and write New Protection: page readonly | success or wait | 528917111 |
Memory attributes changed | PID: 1780 Path: C:\7db482f5469dfeb0a6b2b4f66c062314.exe Base: 400000 Length: 1000 New Protection: page readonly New Protection: page read and write | success or wait | 528918834 |
Memory attributes changed | PID: 1780 Path: C:\7db482f5469dfeb0a6b2b4f66c062314.exe Base: 45115C Length: 1000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 528919999 |
Memory attributes changed | PID: 1780 Path: C:\7db482f5469dfeb0a6b2b4f66c062314.exe Base: 464384 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 528920508 |
Memory allocated | PID: 1780 Path: C:\7db482f5469dfeb0a6b2b4f66c062314.exe Base: 330000 Length: 12FFAC Allocation Type: unknown Protection: page execute and read and write | success or wait | 528921398 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\ComputerName\ActiveComputerName Name: ComputerName | success or wait | 528925865 |
File created | Path: C:\skhfushjflw\ Access: read data or list directory and synchronize Options: directory file and synchronous io non alert and open for backup ident Attributes: normal Content Overwritten: null | success or wait | 528936257 |
Mutant created | Name: \BaseNamedObjects\ofjwkwufhdjfgki | success or wait | 528942087 |
Memory attributes changed | PID: 1780 Path: C:\7db482f5469dfeb0a6b2b4f66c062314.exe Base: 463784 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 528943120 |
System info queried | Type: ProcessInformation | success or wait | 528944137 |
Section loaded | Path: unknown Access: query and write and read Type: commit Baseaddress: 330000 Size: 16384 Protection: read write Mapped to pid: own pid | success or wait | 528951124 |
Memory allocated | PID: 1552 Path: C:\WINDOWS\explorer.exe Base: BA0000 Length: 12FFAC Allocation Type: unknown Protection: page execute and read and write | success or wait | 528969318 |
Memory written | PID: 1552 Path: C:\WINDOWS\explorer.exe Base: BA0000 Length: 4096 Value: 55 8B EC 81 EC C8 06 00 00 83 65 E0 00 53 56 57 33 C0 8D 7D E4 AB AB AB 8D 85 54 FF FF FF C7 45 B8 5C 3F 3F 5C C6 45 BC 00 89 85 50 FF FF FF E8 00 00 00 00 58 89 45 F8 8B 45 F8 8B D0 81 E2 FF 0F 00 00 33 C9 2B C2 41 05 20 0B 00 00 81 38 21 45 59 45 8B F8 89 7D C4 74 0B 41 05 00 10 00 00 83 F9 0A 76 E8 83 F9 0A 75 01 CC 64 A1 30 00 00 00 8B 40 0C 8B 40 1C 8B 40 08 68 E8 93 43 77 6A 01 8B F0 E8 36 04 00 00 59 59 85 C0 74 15 89 65 C0 68 04 01 00 00 8D 8D 44 FC FF FF 51 56 FF D0 8B 65 C0 68 AE B1 A6 C2 33 F6 56 E8 0E 04 00 00 59 59 3B C6 74 11 89 65 9C 8D 4D FF 51 56 6A 01 6A 14 FF D0 8B 65 9C 64 A1 18 00 00 00 68 77 35 07 0A 6A 01 89 70 34 E8 E2 03 00 00 59 59 3B C6 74 14 89 65 A4 56 8D 8F 08 01 00 00 51 FF D0 8B 65 A4 3B C6 75 13 64 A1 18 00 00 00 81 78 34 | success or wait | 534146800 |
Mutant created | Name: \BaseNamedObjects\ofjwkwufhdjfgki | object name exists | 548745769 |
Process terminated | PID: 1780 Path: C:\7db482f5469dfeb0a6b2b4f66c062314.exe | success or wait | 548757927 |
Sections | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
File Activities:
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Section Activities:
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Registry Activities:
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Mutant Activities:
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Process Activities:
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Thread Activities:
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Memory Activities:
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
System Activities:
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
User Activities:
|
Chronological sections | |||
Operation | Data | Completion | Time |
Process information queried | PID: 1552 Info Class: Cookie | success or wait | 534155780 |
Process information queried | PID: 1552 Info Class: Cookie | success or wait | 534155883 |
Process information queried | PID: 1552 Info Class: Cookie | success or wait | 534156023 |
Process information queried | PID: 1552 Info Class: Cookie | success or wait | 534156125 |
File created | Path: C:\skhfushjflw\ Access: read data or list directory and synchronize Options: directory file and synchronous io non alert and open for backup ident Attributes: normal Content Overwritten: null | object name collision | 534156621 |
File other op | Path: C:\skhfushjflwNew path: Disposition: BasicInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@3dad65 | success or wait | 534157258 |
File opened | Path: C:\WINDOWS\system32\ntdll.dll Access: read data or list directory and read ea and read attributes and synchronize Options: synchronous io non alert and non directory file Attributes: normal Content Overwritten: null | success or wait | 534157784 |
File opened | Path: C:\skhfushjflw\ Access: read attributes and synchronize and generic write Options: synchronous io non alert and non directory file Attributes: normal Content Overwritten: null | file is a directory | 534158183 |
File opened | Path: C:\skhfushjflw\ Access: read attributes and synchronize and generic write Options: synchronous io non alert and open for backup ident Attributes: none Content Overwritten: null | success or wait | 534158690 |
File opened | Path: C:\7db482f5469dfeb0a6b2b4f66c062314.exe Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: normal Content Overwritten: null | success or wait | 534159751 |
File read | Path: C:\7db482f5469dfeb0a6b2b4f66c062314.exe Offset: unknown Length: 178688 Value: 4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF 00 00 B8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | success or wait | 534160419 |
File created | Path: C:\skhfushjflw\skhfushjflw.exe Access: read attributes and synchronize and generic write Options: synchronous io non alert and non directory file Attributes: normal Content Overwritten: null | success or wait | 534246968 |
File write | Path: C:\skhfushjflw\skhfushjflw.exe Offset: unknown Length: 178688 Value: 4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF 00 00 B8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | success or wait | 534337923 |
File opened | Path: C:\WINDOWS\system32\ntdll.dll Access: read data or list directory and read ea and read attributes and synchronize Options: synchronous io non alert and non directory file Attributes: normal Content Overwritten: null | success or wait | 534344223 |
File opened | Path: C:\skhfushjflw\skhfushjflw.exe Access: read attributes and synchronize and generic write Options: synchronous io non alert and non directory file Attributes: normal Content Overwritten: null | success or wait | 534344799 |
Section loaded | Path: C:\skhfushjflw\skhfushjflw.exe Access: query and write and read and execute and extend size Type: image Baseaddress: 330000 Size: 16384 Protection: read write Mapped to pid: own pid | success or wait | 534347159 |
File opened | Path: C:\WINDOWS\AppPatch\sysmain.sdb Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: normal Content Overwritten: null | success or wait | 534360235 |
Section loaded | Path: C:\WINDOWS\AppPatch\sysmain.sdb Access: read Type: commit Baseaddress: 2E70000 Size: 1208320 Protection: readonly Mapped to pid: own pid | success or wait | 534360662 |
File opened | Path: C:\WINDOWS\AppPatch\systest.sdb Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: normal Content Overwritten: null | object name not found | 534361027 |
File opened | Path: \Device\NamedPipe\ShimViewer Access: write data or add file and append data or add subdirectory or create pipe instance and write ea and write attributes and read control and synchronize Options: no options Attributes: normal Content Overwritten: null | object name not found | 534361719 |
Process information queried | PID: 1552 Info Class: DefaultHardErrorMode | success or wait | 534363259 |
Process information queried | PID: 1552 Info Class: DefaultHardErrorMode | success or wait | 534363442 |
Process information queried | PID: 1552 Info Class: DeviceMap | success or wait | 534363551 |
Process information queried | PID: 1552 Info Class: DefaultHardErrorMode | success or wait | 534365753 |
Process information queried | PID: 1552 Info Class: DefaultHardErrorMode | success or wait | 534365933 |
Process information queried | PID: 1552 Info Class: DefaultHardErrorMode | success or wait | 534367218 |
Process information queried | PID: 1552 Info Class: DefaultHardErrorMode | success or wait | 534367398 |
Section loaded | Path: C:\skhfushjflw\skhfushjflw.exe Access: query and read Type: commit Baseaddress: BB0000 Size: 180224 Protection: readonly Mapped to pid: own pid | success or wait | 534367564 |
Process created | PID: 784 Path: C:\skhfushjflw\skhfushjflw.exe Cmdline: C:\skhfushjflw\skhfushjflw.exe Createflags: none | success or wait | 534369741 |
Process information queried | PID: 784 Info Class: BasicInformation | success or wait | 534370313 |
Process information queried | PID: 784 Info Class: BasicInformation | success or wait | 534382521 |
File deleted | Path: C:\7db482f5469dfeb0a6b2b4f66c062314.exeNew path: Disposition: Data : abstraction.selector.functions.gen.NtFunc$FunctionData@142ef25 | cannot delete | 534680701 |
Thread delayed | Time: -1 TID: 348 | success or wait | 534682444 |
Process information queried | PID: 1552 Info Class: Cookie | success or wait | 535021976 |
Process information queried | PID: 1552 Info Class: Cookie | success or wait | 535022085 |
Process information queried | PID: 1552 Info Class: Cookie | success or wait | 535022238 |
Process information queried | PID: 1552 Info Class: Cookie | success or wait | 535022337 |
Process information queried | PID: 1552 Info Class: DefaultHardErrorMode | success or wait | 535022830 |
System info queried | Type: HandleInformation | info length mismatch | 535023543 |
System info queried | Type: HandleInformation | success or wait | 535030507 |
Mutant created | Name: \BaseNamedObjects\ofjwkwufhdjfgki | success or wait | 535079363 |
Thread created | PID: 1552 TID: 984 EIP: 7C8106F9 Imagepath: C:\WINDOWS\explorer.exe | success or wait | 535079891 |
Process information queried | PID: 1552 Info Class: Cookie | success or wait | 535080379 |
Process information queried | PID: 1552 Info Class: Cookie | success or wait | 535080478 |
Process information queried | PID: 1552 Info Class: Cookie | success or wait | 535080592 |
Process information queried | PID: 1552 Info Class: Cookie | success or wait | 535080689 |
Thread delayed | Time: 0 TID: 984 | success or wait | 535080822 |
Thread created | PID: 1552 TID: 2016 EIP: 7C8106F9 Imagepath: C:\WINDOWS\explorer.exe | success or wait | 535081398 |
Process information queried | PID: 1552 Info Class: Cookie | success or wait | 535082176 |
Process information queried | PID: 1552 Info Class: Cookie | success or wait | 535082274 |
Process information queried | PID: 1552 Info Class: Cookie | success or wait | 535082388 |
Process information queried | PID: 1552 Info Class: Cookie | success or wait | 535082485 |
Thread delayed | Time: 0 TID: 984 | success or wait | 535082628 |
System info queried | Type: ProcessInformation | success or wait | 535084796 |
Section loaded | Path: unknown Access: query and write and read Type: commit Baseaddress: BF0000 Size: 20480 Protection: read write Mapped to pid: own pid | success or wait | 535087629 |
Memory allocated | PID: 576 Path: C:\WINDOWS\system32\winlogon.exe Base: BAD0000 Length: 2F6FBEC Allocation Type: unknown Protection: page execute and read and write | success or wait | 535089125 |
Memory attributes changed | PID: 576 Path: C:\WINDOWS\system32\winlogon.exe Base: BAD0000 Length: 4D000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 535089232 |
Memory attributes changed | PID: 576 Path: C:\WINDOWS\system32\winlogon.exe Base: BAD0000 Length: 4D000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 535089356 |
Memory attributes changed | PID: 576 Path: C:\WINDOWS\system32\winlogon.exe Base: BAD0000 Length: 4D000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 535089461 |
Memory written | PID: 576 Path: C:\WINDOWS\system32\winlogon.exe Base: BAD0000 Length: 315392 Value: 4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF 00 00 B8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4C 01 02 00 9B 20 34 4D 00 00 00 00 00 00 00 00 E0 00 02 01 0B 01 0A 00 00 8C 04 00 00 22 00 00 00 00 00 00 72 44 02 00 00 10 00 | success or wait | 539091104 |
Thread delayed | Time: 0 TID: 984 | success or wait | 539096798 |
Thread delayed | Time: 0 TID: 984 | success or wait | 539097131 |
File deleted | Path: C:\7db482f5469dfeb0a6b2b4f66c062314.exeNew path: Disposition: Data : abstraction.selector.functions.gen.NtFunc$FunctionData@142ef25 | cannot delete | 539102308 |
Thread delayed | Time: -1 TID: 348 | success or wait | 539103202 |
Memory allocated | PID: 676 Path: C:\WINDOWS\system32\lsass.exe Base: BAD0000 Length: 2F6FBEC Allocation Type: unknown Protection: page execute and read and write | success or wait | 539543480 |
Memory attributes changed | PID: 676 Path: C:\WINDOWS\system32\lsass.exe Base: BAD0000 Length: 4D000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 539546054 |
Memory attributes changed | PID: 676 Path: C:\WINDOWS\system32\lsass.exe Base: BAD0000 Length: 4D000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 539608788 |
Memory attributes changed | PID: 676 Path: C:\WINDOWS\system32\lsass.exe Base: BAD0000 Length: 4D000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 539671170 |
Memory written | PID: 676 Path: C:\WINDOWS\system32\lsass.exe Base: BAD0000 Length: 315392 Value: 4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF 00 00 B8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4C 01 02 00 9B 20 34 4D 00 00 00 00 00 00 00 00 E0 00 02 01 0B 01 0A 00 00 8C 04 00 00 22 00 00 00 00 00 00 72 44 02 00 00 10 00 | success or wait | 540588224 |
Thread delayed | Time: 0 TID: 984 | success or wait | 540588618 |
Thread delayed | Time: 0 TID: 984 | success or wait | 540588701 |
Memory allocated | PID: 836 Path: C:\WINDOWS\system32\svchost.exe Base: BAD0000 Length: 2F6FBEC Allocation Type: unknown Protection: page execute and read and write | success or wait | 540622198 |
Memory attributes changed | PID: 836 Path: C:\WINDOWS\system32\svchost.exe Base: BAD0000 Length: 4D000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 540622313 |
Memory attributes changed | PID: 836 Path: C:\WINDOWS\system32\svchost.exe Base: BAD0000 Length: 4D000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 540665973 |
Memory attributes changed | PID: 836 Path: C:\WINDOWS\system32\svchost.exe Base: BAD0000 Length: 4D000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 540666094 |
Memory written | PID: 836 Path: C:\WINDOWS\system32\svchost.exe Base: BAD0000 Length: 315392 Value: 4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF 00 00 B8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4C 01 02 00 9B 20 34 4D 00 00 00 00 00 00 00 00 E0 00 02 01 0B 01 0A 00 00 8C 04 00 00 22 00 00 00 00 00 00 72 44 02 00 00 10 00 | success or wait | 542086332 |
Thread delayed | Time: 0 TID: 984 | success or wait | 542090632 |
Thread delayed | Time: 0 TID: 984 | success or wait | 542090811 |
Memory allocated | PID: 912 Path: C:\WINDOWS\system32\svchost.exe Base: BAD0000 Length: 2F6FBEC Allocation Type: unknown Protection: page execute and read and write | success or wait | 542201884 |
Memory attributes changed | PID: 912 Path: C:\WINDOWS\system32\svchost.exe Base: BAD0000 Length: 4D000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 542204297 |
Memory attributes changed | PID: 912 Path: C:\WINDOWS\system32\svchost.exe Base: BAD0000 Length: 4D000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 542205636 |
Memory attributes changed | PID: 912 Path: C:\WINDOWS\system32\svchost.exe Base: BAD0000 Length: 4D000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 542214935 |
Memory written | PID: 912 Path: C:\WINDOWS\system32\svchost.exe Base: BAD0000 Length: 315392 Value: 4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF 00 00 B8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4C 01 02 00 9B 20 34 4D 00 00 00 00 00 00 00 00 E0 00 02 01 0B 01 0A 00 00 8C 04 00 00 22 00 00 00 00 00 00 72 44 02 00 00 10 00 | success or wait | 543538553 |
Thread delayed | Time: 0 TID: 984 | success or wait | 543548938 |
Thread delayed | Time: 0 TID: 984 | success or wait | 543549067 |
File deleted | Path: C:\7db482f5469dfeb0a6b2b4f66c062314.exeNew path: Disposition: Data : abstraction.selector.functions.gen.NtFunc$FunctionData@142ef25 | cannot delete | 543551662 |
Thread delayed | Time: -1 TID: 348 | success or wait | 543558569 |
Memory allocated | PID: 996 Path: C:\WINDOWS\system32\svchost.exe Base: BAD0000 Length: 2F6FBEC Allocation Type: unknown Protection: page execute and read and write | success or wait | 543595938 |
Memory attributes changed | PID: 996 Path: C:\WINDOWS\system32\svchost.exe Base: BAD0000 Length: 4D000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 543598181 |
Memory attributes changed | PID: 996 Path: C:\WINDOWS\system32\svchost.exe Base: BAD0000 Length: 4D000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 543646809 |
Memory attributes changed | PID: 996 Path: C:\WINDOWS\system32\svchost.exe Base: BAD0000 Length: 4D000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 543649626 |
Memory written | PID: 996 Path: C:\WINDOWS\system32\svchost.exe Base: BAD0000 Length: 315392 Value: 4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF 00 00 B8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4C 01 02 00 9B 20 34 4D 00 00 00 00 00 00 00 00 E0 00 02 01 0B 01 0A 00 00 8C 04 00 00 22 00 00 00 00 00 00 72 44 02 00 00 10 00 | success or wait | 548281078 |
Thread delayed | Time: 0 TID: 984 | success or wait | 548285186 |
Thread delayed | Time: 0 TID: 984 | success or wait | 548285241 |
File deleted | Path: C:\7db482f5469dfeb0a6b2b4f66c062314.exeNew path: Disposition: Data : abstraction.selector.functions.gen.NtFunc$FunctionData@142ef25 | cannot delete | 548286839 |
Thread delayed | Time: -1 TID: 348 | success or wait | 548292218 |
Memory allocated | PID: 1052 Path: C:\WINDOWS\system32\svchost.exe Base: BAD0000 Length: 2F6FBEC Allocation Type: unknown Protection: page execute and read and write | success or wait | 548305468 |
Memory attributes changed | PID: 1052 Path: C:\WINDOWS\system32\svchost.exe Base: BAD0000 Length: 4D000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 548306108 |
Memory attributes changed | PID: 1052 Path: C:\WINDOWS\system32\svchost.exe Base: BAD0000 Length: 4D000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 548307044 |
Memory attributes changed | PID: 1052 Path: C:\WINDOWS\system32\svchost.exe Base: BAD0000 Length: 4D000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 548307982 |
Memory written | PID: 1052 Path: C:\WINDOWS\system32\svchost.exe Base: BAD0000 Length: 315392 Value: 4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF 00 00 B8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4C 01 02 00 9B 20 34 4D 00 00 00 00 00 00 00 00 E0 00 02 01 0B 01 0A 00 00 8C 04 00 00 22 00 00 00 00 00 00 72 44 02 00 00 10 00 | success or wait | 548744971 |
Memory allocated | PID: 1092 Path: C:\WINDOWS\system32\svchost.exe Base: BAD0000 Length: 2F6FBEC Allocation Type: unknown Protection: page execute and read and write | success or wait | 548763829 |
Memory attributes changed | PID: 1092 Path: C:\WINDOWS\system32\svchost.exe Base: BAD0000 Length: 4D000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 548764616 |
Memory attributes changed | PID: 1092 Path: C:\WINDOWS\system32\svchost.exe Base: BAD0000 Length: 4D000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 548765400 |
Memory attributes changed | PID: 1092 Path: C:\WINDOWS\system32\svchost.exe Base: BAD0000 Length: 4D000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 548768124 |
Memory written | PID: 1092 Path: C:\WINDOWS\system32\svchost.exe Base: BAD0000 Length: 315392 Value: 4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF 00 00 B8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4C 01 02 00 9B 20 34 4D 00 00 00 00 00 00 00 00 E0 00 02 01 0B 01 0A 00 00 8C 04 00 00 22 00 00 00 00 00 00 72 44 02 00 00 10 00 | success or wait | 549294969 |
Memory allocated | PID: 1412 Path: C:\WINDOWS\system32\spoolsv.exe Base: BAD0000 Length: 2F6FBEC Allocation Type: unknown Protection: page execute and read and write | success or wait | 549321705 |
Memory attributes changed | PID: 1412 Path: C:\WINDOWS\system32\spoolsv.exe Base: BAD0000 Length: 4D000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 549323204 |
Memory attributes changed | PID: 1412 Path: C:\WINDOWS\system32\spoolsv.exe Base: BAD0000 Length: 4D000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 549324370 |
Memory attributes changed | PID: 1412 Path: C:\WINDOWS\system32\spoolsv.exe Base: BAD0000 Length: 4D000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 549325393 |
Memory written | PID: 1412 Path: C:\WINDOWS\system32\spoolsv.exe Base: BAD0000 Length: 315392 Value: 4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF 00 00 B8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4C 01 02 00 9B 20 34 4D 00 00 00 00 00 00 00 00 E0 00 02 01 0B 01 0A 00 00 8C 04 00 00 22 00 00 00 00 00 00 72 44 02 00 00 10 00 | success or wait | 550467541 |
Thread delayed | Time: 0 TID: 984 | success or wait | 550476807 |
Thread delayed | Time: 0 TID: 984 | success or wait | 550476949 |
Memory allocated | PID: 1552 Path: C:\WINDOWS\explorer.exe Base: BAD0000 Length: 2F6FBEC Allocation Type: unknown Protection: page execute and read and write | conflicting addresses | 550529857 |
Memory allocated | PID: 1552 Path: C:\WINDOWS\explorer.exe Base: BB1D000 Length: 2F6FBEC Allocation Type: unknown Protection: page execute and read and write | conflicting addresses | 550555355 |
Memory allocated | PID: 1552 Path: C:\WINDOWS\explorer.exe Base: BB60000 Length: 2F6FBEC Allocation Type: unknown Protection: page execute and read and write | success or wait | 550558605 |
Memory attributes changed | PID: 1552 Path: C:\WINDOWS\explorer.exe Base: BB60000 Length: 4D000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 550562259 |
Memory attributes changed | PID: 1552 Path: C:\WINDOWS\explorer.exe Base: BB60000 Length: 4D000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 550565031 |
Memory attributes changed | PID: 1552 Path: C:\WINDOWS\explorer.exe Base: BB60000 Length: 4D000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 550567781 |
Memory written | PID: 1552 Path: C:\WINDOWS\explorer.exe Base: BB60000 Length: 315392 Value: 4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF 00 00 B8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4C 01 02 00 9B 20 34 4D 00 00 00 00 00 00 00 00 E0 00 02 01 0B 01 0A 00 00 8C 04 00 00 22 00 00 00 00 00 00 72 44 02 00 00 10 00 | success or wait | 550576336 |
Process information queried | PID: 1552 Info Class: Cookie | success or wait | 550602220 |
Process information queried | PID: 1552 Info Class: Cookie | success or wait | 550608764 |
Process information queried | PID: 1552 Info Class: Cookie | success or wait | 550613150 |
Memory allocated | PID: 1728 Path: C:\WINDOWS\system32\ctfmon.exe Base: BAD0000 Length: 2F6FBEC Allocation Type: unknown Protection: page execute and read and write | success or wait | 550615213 |
Process information queried | PID: 1552 Info Class: Cookie | success or wait | 550617084 |
Memory attributes changed | PID: 1728 Path: C:\WINDOWS\system32\ctfmon.exe Base: BAD0000 Length: 4D000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 550618488 |
Memory attributes changed | PID: 1552 Path: C:\WINDOWS\explorer.exe Base: 7C90D76E Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 550622246 |
Memory attributes changed | PID: 1728 Path: C:\WINDOWS\system32\ctfmon.exe Base: BAD0000 Length: 4D000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 550625244 |
Memory attributes changed | PID: 1728 Path: C:\WINDOWS\system32\ctfmon.exe Base: BAD0000 Length: 4D000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 550629457 |
Memory written | PID: 1728 Path: C:\WINDOWS\system32\ctfmon.exe Base: BAD0000 Length: 315392 Value: 4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF 00 00 B8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4C 01 02 00 9B 20 34 4D 00 00 00 00 00 00 00 00 E0 00 02 01 0B 01 0A 00 00 8C 04 00 00 22 00 00 00 00 00 00 72 44 02 00 00 10 00 | success or wait | 551711317 |
Thread delayed | Time: 0 TID: 984 | success or wait | 551736729 |
Thread delayed | Time: 0 TID: 984 | success or wait | 551736871 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1628381 | success or wait | 551737932 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 4 Value: D0 00 00 00 | success or wait | 551744911 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@a7b7ff | success or wait | 551748590 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 20 Value: 4C 01 04 00 7D F2 00 4D 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 551785378 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 D0 07 00 00 3C 03 00 00 00 00 00 F8 20 01 00 00 10 00 00 00 90 07 00 00 00 90 7C 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 0A 00 00 00 00 00 00 20 0B 00 00 04 00 00 30 FD 0A 00 03 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 34 00 00 | success or wait | 551790167 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@120f0be | success or wait | 551797856 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 DA CE 07 00 00 10 00 00 00 D0 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 20 4A 00 00 00 E0 07 00 00 32 00 00 00 D4 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 78 BE 02 00 00 30 08 00 00 C0 02 00 | success or wait | 551801813 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@19d4a86 | success or wait | 551809595 |
Memory allocated | PID: 340 Path: C:\WINDOWS\system32\svchost.exe Base: BAD0000 Length: 2F6FBEC Allocation Type: unknown Protection: page execute and read and write | success or wait | 551811227 |
Section loaded | Path: C:\WINDOWS\system32\ntdll.dll Access: query and read Type: commit Baseaddress: BF0000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 551814728 |
Memory attributes changed | PID: 340 Path: C:\WINDOWS\system32\svchost.exe Base: BAD0000 Length: 4D000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 551815639 |
Memory attributes changed | PID: 340 Path: C:\WINDOWS\system32\svchost.exe Base: BAD0000 Length: 4D000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 551833458 |
Memory attributes changed | PID: 340 Path: C:\WINDOWS\system32\svchost.exe Base: BAD0000 Length: 4D000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 551837646 |
Memory written | PID: 340 Path: C:\WINDOWS\system32\svchost.exe Base: BAD0000 Length: 315392 Value: 4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF 00 00 B8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4C 01 02 00 9B 20 34 4D 00 00 00 00 00 00 00 00 E0 00 02 01 0B 01 0A 00 00 8C 04 00 00 22 00 00 00 00 00 00 72 44 02 00 00 10 00 | success or wait | 553155791 |
Thread delayed | Time: 0 TID: 984 | success or wait | 553159011 |
Thread delayed | Time: 0 TID: 984 | success or wait | 553159072 |
File deleted | Path: C:\7db482f5469dfeb0a6b2b4f66c062314.exeNew path: Disposition: Data : abstraction.selector.functions.gen.NtFunc$FunctionData@187b08d | success or wait | 553159200 |
Thread delayed | Time: -1 TID: 348 | success or wait | 553163973 |
Memory attributes changed | PID: 1552 Path: C:\WINDOWS\explorer.exe Base: 7C90D76E Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 553165173 |
Memory attributes changed | PID: 1552 Path: C:\WINDOWS\explorer.exe Base: BB8CD70 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 553173547 |
Memory attributes changed | PID: 1552 Path: C:\WINDOWS\explorer.exe Base: 7C90DF1E Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 553175548 |
Memory allocated | PID: 400 Path: C:\Program Files\Java\jre6\bin\jqs.exe Base: BAD0000 Length: 2F6FBEC Allocation Type: unknown Protection: page execute and read and write | success or wait | 553181192 |
Memory attributes changed | PID: 400 Path: C:\Program Files\Java\jre6\bin\jqs.exe Base: BAD0000 Length: 4D000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 553183106 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1628381 | success or wait | 553183172 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 4 Value: D0 00 00 00 | success or wait | 553184536 |
Memory attributes changed | PID: 400 Path: C:\Program Files\Java\jre6\bin\jqs.exe Base: BAD0000 Length: 4D000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 553184648 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@a7b7ff | success or wait | 553186300 |
Memory attributes changed | PID: 400 Path: C:\Program Files\Java\jre6\bin\jqs.exe Base: BAD0000 Length: 4D000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 553186781 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 20 Value: 4C 01 04 00 7D F2 00 4D 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 553189364 |
Memory written | PID: 400 Path: C:\Program Files\Java\jre6\bin\jqs.exe Base: BAD0000 Length: 315392 Value: 4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF 00 00 B8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4C 01 02 00 9B 20 34 4D 00 00 00 00 00 00 00 00 E0 00 02 01 0B 01 0A 00 00 8C 04 00 00 22 00 00 00 00 00 00 72 44 02 00 00 10 00 | success or wait | 554149028 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 D0 07 00 00 3C 03 00 00 00 00 00 F8 20 01 00 00 10 00 00 00 90 07 00 00 00 90 7C 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 0A 00 00 00 00 00 00 20 0B 00 00 04 00 00 30 FD 0A 00 03 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 34 00 00 | success or wait | 554151461 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@120f0be | success or wait | 554153510 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 DA CE 07 00 00 10 00 00 00 D0 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 20 4A 00 00 00 E0 07 00 00 32 00 00 00 D4 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 78 BE 02 00 00 30 08 00 00 C0 02 00 | success or wait | 554168451 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@19d4a86 | success or wait | 554171018 |
Section loaded | Path: C:\WINDOWS\system32\ntdll.dll Access: query and read Type: commit Baseaddress: BF0000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 554179749 |
Memory allocated | PID: 420 Path: C:\Program Files\Common Files\Microsoft Shared\VS7Debug\MDM.EXE Base: BAD0000 Length: 2F6FBEC Allocation Type: unknown Protection: page execute and read and write | success or wait | 554185618 |
Memory attributes changed | PID: 420 Path: C:\Program Files\Common Files\Microsoft Shared\VS7Debug\MDM.EXE Base: BAD0000 Length: 4D000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 554187070 |
Memory attributes changed | PID: 420 Path: C:\Program Files\Common Files\Microsoft Shared\VS7Debug\MDM.EXE Base: BAD0000 Length: 4D000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 554188987 |
Memory attributes changed | PID: 420 Path: C:\Program Files\Common Files\Microsoft Shared\VS7Debug\MDM.EXE Base: BAD0000 Length: 4D000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 554190889 |
Memory attributes changed | PID: 1552 Path: C:\WINDOWS\explorer.exe Base: 7C90DF1E Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 554191711 |
Memory written | PID: 420 Path: C:\Program Files\Common Files\Microsoft Shared\VS7Debug\MDM.EXE Base: BAD0000 Length: 315392 Value: 4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF 00 00 B8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4C 01 02 00 9B 20 34 4D 00 00 00 00 00 00 00 00 E0 00 02 01 0B 01 0A 00 00 8C 04 00 00 22 00 00 00 00 00 00 72 44 02 00 00 10 00 | success or wait | 554554364 |
Memory attributes changed | PID: 1552 Path: C:\WINDOWS\explorer.exe Base: BBA7110 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 554555998 |
Thread delayed | Time: 0 TID: 984 | success or wait | 554557173 |
Thread delayed | Time: 0 TID: 984 | success or wait | 554557224 |
Memory attributes changed | PID: 1552 Path: C:\WINDOWS\explorer.exe Base: 7C90D2EE Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 554558121 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1628381 | success or wait | 554573924 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 4 Value: D0 00 00 00 | success or wait | 554575863 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@a7b7ff | success or wait | 554578438 |
Memory allocated | PID: 1840 Path: C:\WINDOWS\system32\alg.exe Base: BAD0000 Length: 2F6FBEC Allocation Type: unknown Protection: page execute and read and write | success or wait | 554580959 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 20 Value: 4C 01 04 00 7D F2 00 4D 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 554584345 |
Memory attributes changed | PID: 1840 Path: C:\WINDOWS\system32\alg.exe Base: BAD0000 Length: 4D000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 554586460 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 D0 07 00 00 3C 03 00 00 00 00 00 F8 20 01 00 00 10 00 00 00 90 07 00 00 00 90 7C 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 0A 00 00 00 00 00 00 20 0B 00 00 04 00 00 30 FD 0A 00 03 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 34 00 00 | success or wait | 554587287 |
Memory attributes changed | PID: 1840 Path: C:\WINDOWS\system32\alg.exe Base: BAD0000 Length: 4D000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 554588428 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@120f0be | success or wait | 554589524 |
Memory attributes changed | PID: 1840 Path: C:\WINDOWS\system32\alg.exe Base: BAD0000 Length: 4D000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 554591795 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 DA CE 07 00 00 10 00 00 00 D0 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 20 4A 00 00 00 E0 07 00 00 32 00 00 00 D4 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 78 BE 02 00 00 30 08 00 00 C0 02 00 | success or wait | 554592366 |
Memory written | PID: 1840 Path: C:\WINDOWS\system32\alg.exe Base: BAD0000 Length: 315392 Value: 4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF 00 00 B8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4C 01 02 00 9B 20 34 4D 00 00 00 00 00 00 00 00 E0 00 02 01 0B 01 0A 00 00 8C 04 00 00 22 00 00 00 00 00 00 72 44 02 00 00 10 00 | success or wait | 555051082 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@19d4a86 | success or wait | 555052119 |
Section loaded | Path: C:\WINDOWS\system32\ntdll.dll Access: query and read Type: commit Baseaddress: BF0000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 555055684 |
Memory allocated | PID: 1924 Path: C:\WINDOWS\system32\wscntfy.exe Base: BAD0000 Length: 2F6FBEC Allocation Type: unknown Protection: page execute and read and write | success or wait | 555089540 |
Memory attributes changed | PID: 1552 Path: C:\WINDOWS\explorer.exe Base: 7C90D2EE Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 555089981 |
Memory attributes changed | PID: 1924 Path: C:\WINDOWS\system32\wscntfy.exe Base: BAD0000 Length: 4D000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 555091405 |
Memory attributes changed | PID: 1552 Path: C:\WINDOWS\explorer.exe Base: BB92A80 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 555091816 |
Memory attributes changed | PID: 1924 Path: C:\WINDOWS\system32\wscntfy.exe Base: BAD0000 Length: 4D000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 555093158 |
Memory attributes changed | PID: 1552 Path: C:\WINDOWS\explorer.exe Base: 7C90DB3E Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 555093741 |
Memory attributes changed | PID: 1924 Path: C:\WINDOWS\system32\wscntfy.exe Base: BAD0000 Length: 4D000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 555094650 |
Memory written | PID: 1924 Path: C:\WINDOWS\system32\wscntfy.exe Base: BAD0000 Length: 315392 Value: 4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF 00 00 B8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4C 01 02 00 9B 20 34 4D 00 00 00 00 00 00 00 00 E0 00 02 01 0B 01 0A 00 00 8C 04 00 00 22 00 00 00 00 00 00 72 44 02 00 00 10 00 | success or wait | 555378834 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1628381 | success or wait | 555398517 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 4 Value: D0 00 00 00 | success or wait | 555437263 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@a7b7ff | success or wait | 555439862 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 20 Value: 4C 01 04 00 7D F2 00 4D 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 555451411 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 D0 07 00 00 3C 03 00 00 00 00 00 F8 20 01 00 00 10 00 00 00 90 07 00 00 00 90 7C 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 0A 00 00 00 00 00 00 20 0B 00 00 04 00 00 30 FD 0A 00 03 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 34 00 00 | success or wait | 555456607 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@120f0be | success or wait | 555460937 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 DA CE 07 00 00 10 00 00 00 D0 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 20 4A 00 00 00 E0 07 00 00 32 00 00 00 D4 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 78 BE 02 00 00 30 08 00 00 C0 02 00 | success or wait | 555464621 |
Memory allocated | PID: 288 Path: C:\WINDOWS\system32\svchost.exe Base: BAD0000 Length: 2F6FBEC Allocation Type: unknown Protection: page execute and read and write | success or wait | 555465384 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@19d4a86 | success or wait | 555468327 |
Memory attributes changed | PID: 288 Path: C:\WINDOWS\system32\svchost.exe Base: BAD0000 Length: 4D000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 555469802 |
Section loaded | Path: C:\WINDOWS\system32\ntdll.dll Access: query and read Type: commit Baseaddress: BF0000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 555471108 |
Memory attributes changed | PID: 288 Path: C:\WINDOWS\system32\svchost.exe Base: BAD0000 Length: 4D000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 555472498 |
Memory attributes changed | PID: 288 Path: C:\WINDOWS\system32\svchost.exe Base: BAD0000 Length: 4D000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 555485615 |
Memory written | PID: 288 Path: C:\WINDOWS\system32\svchost.exe Base: BAD0000 Length: 315392 Value: 4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF 00 00 B8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4C 01 02 00 9B 20 34 4D 00 00 00 00 00 00 00 00 E0 00 02 01 0B 01 0A 00 00 8C 04 00 00 22 00 00 00 00 00 00 72 44 02 00 00 10 00 | success or wait | 556128769 |
Thread delayed | Time: 0 TID: 984 | success or wait | 556143710 |
Thread delayed | Time: 0 TID: 984 | success or wait | 556143760 |
Memory attributes changed | PID: 1552 Path: C:\WINDOWS\explorer.exe Base: 7C90DB3E Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 556159279 |
Memory attributes changed | PID: 1552 Path: C:\WINDOWS\explorer.exe Base: BBA69A8 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 556162013 |
Memory attributes changed | PID: 1552 Path: C:\WINDOWS\explorer.exe Base: 7C91632D Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 556164529 |
Memory allocated | PID: 172 Path: C:\WINDOWS\system32\wbem\wmiprvse.exe Base: BAD0000 Length: 2F6FBEC Allocation Type: unknown Protection: page execute and read and write | success or wait | 556175896 |
Memory attributes changed | PID: 172 Path: C:\WINDOWS\system32\wbem\wmiprvse.exe Base: BAD0000 Length: 4D000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 556178456 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1628381 | success or wait | 556178970 |
Memory attributes changed | PID: 172 Path: C:\WINDOWS\system32\wbem\wmiprvse.exe Base: BAD0000 Length: 4D000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 556191065 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 4 Value: D0 00 00 00 | success or wait | 556191641 |
Memory attributes changed | PID: 172 Path: C:\WINDOWS\system32\wbem\wmiprvse.exe Base: BAD0000 Length: 4D000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 556193555 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@a7b7ff | success or wait | 556196430 |
Memory written | PID: 172 Path: C:\WINDOWS\system32\wbem\wmiprvse.exe Base: BAD0000 Length: 315392 Value: 4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF 00 00 B8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4C 01 02 00 9B 20 34 4D 00 00 00 00 00 00 00 00 E0 00 02 01 0B 01 0A 00 00 8C 04 00 00 22 00 00 00 00 00 00 72 44 02 00 00 10 00 | success or wait | 556743587 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 20 Value: 4C 01 04 00 7D F2 00 4D 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 556746835 |
Process information queried | PID: 1552 Info Class: Cookie | success or wait | 556747455 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 D0 07 00 00 3C 03 00 00 00 00 00 F8 20 01 00 00 10 00 00 00 90 07 00 00 00 90 7C 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 0A 00 00 00 00 00 00 20 0B 00 00 04 00 00 30 FD 0A 00 03 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 34 00 00 | success or wait | 556749285 |
Process information queried | PID: 1552 Info Class: Cookie | success or wait | 556749787 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@120f0be | success or wait | 556752081 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 DA CE 07 00 00 10 00 00 00 D0 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 20 4A 00 00 00 E0 07 00 00 32 00 00 00 D4 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 78 BE 02 00 00 30 08 00 00 C0 02 00 | success or wait | 556754644 |
Thread terminated | TID: 348 PID: 1552 Path: C:\WINDOWS\explorer.exe | unknown | 556754948 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@19d4a86 | success or wait | 556764254 |
Process information queried | PID: 172 Info Class: ImageFileName | success or wait | 556764933 |
Section loaded | Path: C:\WINDOWS\system32\ntdll.dll Access: query and read Type: commit Baseaddress: BF0000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 556769102 |
Process information queried | PID: 1552 Info Class: DeviceMap | success or wait | 556781783 |
Process information queried | PID: 1552 Info Class: DeviceMap | success or wait | 556784858 |
Memory read | PID: 172 Path: C:\WINDOWS\system32\wbem\wmiprvse.exe Base: 7FFDB000 Length: 2860 Value: FF FF FF FF 00 00 C4 00 00 20 C3 00 00 00 00 00 00 1E 00 00 00 00 00 00 00 B0 FD 7F 00 00 00 00 AC 00 00 00 E4 05 00 00 00 00 00 00 00 00 00 00 00 F0 FD 7F 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 09 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | success or wait | 556803054 |
Memory read | PID: 172 Path: C:\WINDOWS\system32\wbem\wmiprvse.exe Base: 7FFDF000 Length: 488 Value: 00 00 00 00 FF FF FF FF 00 00 00 01 90 1E 19 00 00 00 02 00 00 00 00 00 00 00 09 00 20 06 98 7C 00 10 90 7C E0 10 90 7C 01 00 00 00 70 29 41 7E 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 E0 05 98 7C FF FF 07 00 00 00 00 00 00 00 6F 7F 00 00 6F 7F 88 06 6F 7F 00 00 FB 7F 00 10 FC 7F 00 20 FD 7F 01 00 00 00 00 00 00 00 00 00 00 00 00 80 9B 07 6D E8 FF FF 00 00 10 00 00 20 00 00 00 00 01 00 00 10 00 00 0A 00 00 00 10 00 00 00 E0 FF 97 7C 00 00 42 00 00 00 00 00 14 00 00 00 74 E1 97 7C 05 00 00 00 01 00 00 00 28 0A 00 03 02 00 00 00 02 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | success or wait | 556807614 |
Memory read | PID: 172 Path: C:\WINDOWS\system32\wbem\wmiprvse.exe Base: 100003C Length: 4 Value: D8 00 00 00 | success or wait | 556810013 |
Memory attributes changed | PID: 1552 Path: C:\WINDOWS\explorer.exe Base: 7C91632D Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 556812372 |
Memory read | PID: 172 Path: C:\WINDOWS\system32\wbem\wmiprvse.exe Base: 10000F0 Length: 24 Value: 0B 01 07 0A 00 58 03 00 00 20 00 00 00 00 00 00 D8 49 02 00 00 10 00 00 | success or wait | 556812442 |
Memory attributes changed | PID: 1552 Path: C:\WINDOWS\explorer.exe Base: BB931F0 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 556814378 |
Memory allocated | PID: 172 Path: C:\WINDOWS\system32\wbem\wmiprvse.exe Base: BB60000 Length: 2F6F628 Allocation Type: unknown Protection: page execute and read and write | success or wait | 556814525 |
Memory attributes changed | PID: 1552 Path: C:\WINDOWS\explorer.exe Base: 7E418BF6 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 556817069 |
Memory attributes changed | PID: 172 Path: C:\WINDOWS\system32\wbem\wmiprvse.exe Base: BB60000 Length: 4D000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 556817876 |
Memory attributes changed | PID: 172 Path: C:\WINDOWS\system32\wbem\wmiprvse.exe Base: BB60000 Length: 4D000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 556820432 |
Memory attributes changed | PID: 172 Path: C:\WINDOWS\system32\wbem\wmiprvse.exe Base: BB60000 Length: 4D000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 556823748 |
Memory written | PID: 172 Path: C:\WINDOWS\system32\wbem\wmiprvse.exe Base: BB60000 Length: 315392 Value: 4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF 00 00 B8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4C 01 02 00 9B 20 34 4D 00 00 00 00 00 00 00 00 E0 00 02 01 0B 01 0A 00 00 8C 04 00 00 22 00 00 00 00 00 00 72 44 02 00 00 10 00 | success or wait | 556870892 |
File opened | Path: C:\WINDOWS\system32\USER32.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: null | success or wait | 556871777 |
File other op | Path: C:\WINDOWS\system32\user32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1580c3a | success or wait | 556876877 |
Memory read | PID: 172 Path: C:\WINDOWS\system32\wbem\wmiprvse.exe Base: 10249D8 Length: 5 Value: 6A 70 68 E8 5F | success or wait | 556876932 |
File read | Path: C:\WINDOWS\system32\user32.dll Offset: unknown Length: 4 Value: D8 00 00 00 | success or wait | 556879518 |
Memory attributes changed | PID: 172 Path: C:\WINDOWS\system32\wbem\wmiprvse.exe Base: BB8C520 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 556879612 |
File other op | Path: C:\WINDOWS\system32\user32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@18aecf1 | success or wait | 556881796 |
Memory written | PID: 172 Path: C:\WINDOWS\system32\wbem\wmiprvse.exe Base: BB8C520 Length: 417 Value: D8 49 02 01 AF 4A B8 0B 6A 70 68 E8 5F 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05 00 00 00 00 00 00 01 00 00 00 00 E9 D2 00 B6 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 43 3A 5C 57 49 4E 44 4F 57 53 5C 73 79 73 74 65 6D 33 32 5C 77 62 65 6D 5C 77 6D 69 70 72 76 73 65 2E 65 78 65 00 33 32 5C 77 62 65 6D 5C 77 6D 69 70 72 76 73 65 2E 65 78 65 00 02 03 00 09 00 00 00 C7 02 CB 00 00 02 08 F7 F6 02 D9 8C 91 7C CB 22 00 00 A8 B9 CC 10 78 01 09 00 02 20 00 00 01 40 00 00 10 00 01 00 03 F0 | success or wait | 556889674 |
File read | Path: C:\WINDOWS\system32\user32.dll Offset: unknown Length: 20 Value: 4C 01 04 00 1B A1 02 48 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 556892222 |
Memory attributes changed | PID: 172 Path: C:\WINDOWS\system32\wbem\wmiprvse.exe Base: 10249D8 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 556892986 |
File read | Path: C:\WINDOWS\system32\user32.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 F4 05 00 00 E2 02 00 00 00 00 00 17 B2 00 00 00 10 00 00 00 B0 05 00 00 00 41 7E 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 00 00 00 00 00 00 00 10 09 00 00 04 00 00 76 FC 08 00 02 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 39 00 00 | success or wait | 556894904 |
Memory written | PID: 172 Path: C:\WINDOWS\system32\wbem\wmiprvse.exe Base: 10249D8 Length: 5 Value: E9 D2 00 B6 0A | success or wait | 556913787 |
File other op | Path: C:\WINDOWS\system32\user32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1ca029b | success or wait | 556914990 |
File read | Path: C:\WINDOWS\system32\user32.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 83 F2 05 00 00 10 00 00 00 F4 05 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 80 11 00 00 00 10 06 00 00 0C 00 00 00 F8 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 88 A0 02 00 00 30 06 00 00 A2 02 00 | success or wait | 556919935 |
Thread resumed | TID: 1508 PID: 172 Path: C:\WINDOWS\system32\wbem\wmiprvse.exe | success or wait | 556921700 |
File other op | Path: C:\WINDOWS\system32\user32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1712492 | success or wait | 556923127 |
Section loaded | Path: C:\WINDOWS\system32\user32.dll Access: query and read Type: commit Baseaddress: BF0000 Size: 57344 Protection: readonly Mapped to pid: own pid | success or wait | 556928659 |
Memory allocated | PID: 1164 Path: C:\WINDOWS\system32\dllhost.exe Base: BAD0000 Length: 2F6FBEC Allocation Type: unknown Protection: page execute and read and write | success or wait | 556934205 |
Memory attributes changed | PID: 1164 Path: C:\WINDOWS\system32\dllhost.exe Base: BAD0000 Length: 4D000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 556937023 |
Memory attributes changed | PID: 1164 Path: C:\WINDOWS\system32\dllhost.exe Base: BAD0000 Length: 4D000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 556950854 |
Memory attributes changed | PID: 1164 Path: C:\WINDOWS\system32\dllhost.exe Base: BAD0000 Length: 4D000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 556952953 |
Memory written | PID: 1164 Path: C:\WINDOWS\system32\dllhost.exe Base: BAD0000 Length: 315392 Value: 4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF 00 00 B8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4C 01 02 00 9B 20 34 4D 00 00 00 00 00 00 00 00 E0 00 02 01 0B 01 0A 00 00 8C 04 00 00 22 00 00 00 00 00 00 72 44 02 00 00 10 00 | success or wait | 558048971 |
Thread delayed | Time: 0 TID: 984 | success or wait | 558056972 |
Thread delayed | Time: 0 TID: 984 | success or wait | 558057024 |
Memory attributes changed | PID: 1552 Path: C:\WINDOWS\explorer.exe Base: 7E418BF6 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 558069935 |
Memory attributes changed | PID: 1552 Path: C:\WINDOWS\explorer.exe Base: BB92140 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 558073243 |
File opened | Path: C:\skhfushjflw\config.bin Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: normal Content Overwritten: null | success or wait | 558076724 |
File read | Path: C:\skhfushjflw\config.bin Offset: unknown Length: 74019 Value: 50 5F A6 6E 46 82 4F 8B 57 93 A9 9E 12 94 50 94 50 94 50 94 50 94 65 A2 66 A2 68 AC 79 BD E4 97 C1 E3 88 2B 9D C5 E2 92 23 B3 04 C0 03 7C B1 2A B3 BE CE AD 37 FD 39 FD 3B 6B 1F 81 21 06 02 04 95 44 7B 58 4F 33 E4 CF A8 3F D4 7E 21 05 7D B3 67 3E 96 B1 22 34 C2 F2 16 A5 36 26 B2 39 84 48 E5 22 EE 43 | success or wait | 558089423 |
Process information queried | PID: 1164 Info Class: ImageFileName | success or wait | 558126655 |
Process information queried | PID: 1552 Info Class: DeviceMap | success or wait | 558131842 |
Memory attributes changed | PID: 1552 Path: C:\WINDOWS\explorer.exe Base: 3D949088 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 558132427 |
Process information queried | PID: 1552 Info Class: DeviceMap | success or wait | 558134077 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: null | success or wait | 558150843 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1181c24 | success or wait | 558153456 |
Memory read | PID: 1164 Path: C:\WINDOWS\system32\dllhost.exe Base: 7FFDC000 Length: 2860 Value: FF FF FF FF 00 00 9C 00 00 20 9B 00 00 00 00 00 00 1E 00 00 00 00 00 00 00 C0 FD 7F 00 00 00 00 8C 04 00 00 0C 06 00 00 00 00 00 00 00 00 00 00 00 50 FD 7F 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 09 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | success or wait | 558153739 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 558156646 |
Memory read | PID: 1164 Path: C:\WINDOWS\system32\dllhost.exe Base: 7FFD5000 Length: 488 Value: 00 00 00 00 FF FF FF FF 00 00 00 01 90 1E 19 00 00 00 02 00 00 00 00 00 00 00 09 00 20 06 98 7C 00 10 90 7C E0 10 90 7C 01 00 00 00 70 29 41 7E 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 E0 05 98 7C FF FF 7F 00 00 00 00 00 00 00 6F 7F 00 00 6F 7F 88 06 6F 7F 00 00 FB 7F 00 10 FC 7F 00 20 FD 7F 01 00 00 00 00 00 00 00 00 00 00 00 00 80 9B 07 6D E8 FF FF 00 00 10 00 00 20 00 00 00 00 01 00 00 10 00 00 0B 00 00 00 10 00 00 00 E0 FF 97 7C 00 00 42 00 00 00 00 00 14 00 00 00 74 E1 97 7C 05 00 00 00 01 00 00 00 28 0A 00 03 02 00 00 00 02 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | success or wait | 558157005 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1dfb148 | success or wait | 558159934 |
Memory read | PID: 1164 Path: C:\WINDOWS\system32\dllhost.exe Base: 100003C Length: 4 Value: E0 00 00 00 | success or wait | 558160404 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 558162925 |
Memory read | PID: 1164 Path: C:\WINDOWS\system32\dllhost.exe Base: 10000F8 Length: 24 Value: 0B 01 07 0A 00 0A 00 00 00 06 00 00 00 00 00 00 3C 14 00 00 00 10 00 00 | success or wait | 558163359 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 558168147 |
Memory allocated | PID: 1164 Path: C:\WINDOWS\system32\dllhost.exe Base: BB60000 Length: 2F6F628 Allocation Type: unknown Protection: page execute and read and write | success or wait | 558169150 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@f02a6d | success or wait | 558173489 |
Memory attributes changed | PID: 1164 Path: C:\WINDOWS\system32\dllhost.exe Base: BB60000 Length: 4D000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 558174616 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 558190544 |
Memory attributes changed | PID: 1164 Path: C:\WINDOWS\system32\dllhost.exe Base: BB60000 Length: 4D000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 558191287 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1717334 | success or wait | 558193571 |
Memory attributes changed | PID: 1164 Path: C:\WINDOWS\system32\dllhost.exe Base: BB60000 Length: 4D000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 558193817 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: BF0000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 558196685 |
Memory written | PID: 1164 Path: C:\WINDOWS\system32\dllhost.exe Base: BB60000 Length: 315392 Value: 4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF 00 00 B8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4C 01 02 00 9B 20 34 4D 00 00 00 00 00 00 00 00 E0 00 02 01 0B 01 0A 00 00 8C 04 00 00 22 00 00 00 00 00 00 72 44 02 00 00 10 00 | success or wait | 558206006 |
Memory read | PID: 1164 Path: C:\WINDOWS\system32\dllhost.exe Base: 100143C Length: 5 Value: 6A 70 68 B8 10 | success or wait | 558211630 |
Memory attributes changed | PID: 1164 Path: C:\WINDOWS\system32\dllhost.exe Base: BB8C520 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 558214639 |
Memory written | PID: 1164 Path: C:\WINDOWS\system32\dllhost.exe Base: BB8C520 Length: 417 Value: 3C 14 00 01 AF 4A B8 0B 6A 70 68 B8 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05 00 00 00 00 00 00 01 00 00 00 00 E9 6E 36 B8 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 43 3A 5C 57 49 4E 44 4F 57 53 5C 73 79 73 74 65 6D 33 32 5C 64 6C 6C 68 6F 73 74 2E 65 78 65 00 73 79 73 74 65 6D 33 32 5C 64 6C 6C 68 6F 73 74 2E 65 78 65 00 65 2E 65 78 65 00 02 03 00 09 00 00 00 C7 02 CB 00 00 02 08 F7 F6 02 D9 8C 91 7C CB 22 00 00 A8 B9 CC 10 78 01 09 00 02 20 00 00 01 40 00 00 10 00 01 00 03 F0 | success or wait | 558224399 |
Memory attributes changed | PID: 1164 Path: C:\WINDOWS\system32\dllhost.exe Base: 100143C Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 558227235 |
Memory written | PID: 1164 Path: C:\WINDOWS\system32\dllhost.exe Base: 100143C Length: 5 Value: E9 6E 36 B8 0A | success or wait | 558236281 |
Memory attributes changed | PID: 1552 Path: C:\WINDOWS\explorer.exe Base: 3D949088 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 558241426 |
Thread resumed | TID: 1548 PID: 1164 Path: C:\WINDOWS\system32\dllhost.exe | success or wait | 558242067 |
Memory attributes changed | PID: 1552 Path: C:\WINDOWS\explorer.exe Base: BBA7598 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 558243813 |
Memory attributes changed | PID: 1552 Path: C:\WINDOWS\explorer.exe Base: 3D95EE89 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 558246156 |
Memory allocated | PID: 376 Path: C:\WINDOWS\system32\msdtc.exe Base: BAD0000 Length: 2F6FBEC Allocation Type: unknown Protection: page execute and read and write | success or wait | 558250094 |
Memory attributes changed | PID: 376 Path: C:\WINDOWS\system32\msdtc.exe Base: BAD0000 Length: 4D000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 558253101 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: null | success or wait | 558255106 |
Memory attributes changed | PID: 376 Path: C:\WINDOWS\system32\msdtc.exe Base: BAD0000 Length: 4D000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 558255496 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1181c24 | success or wait | 558257428 |
Memory attributes changed | PID: 376 Path: C:\WINDOWS\system32\msdtc.exe Base: BAD0000 Length: 4D000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 558257777 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 558259437 |
Memory written | PID: 376 Path: C:\WINDOWS\system32\msdtc.exe Base: BAD0000 Length: 315392 Value: 4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF 00 00 B8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4C 01 02 00 9B 20 34 4D 00 00 00 00 00 00 00 00 E0 00 02 01 0B 01 0A 00 00 8C 04 00 00 22 00 00 00 00 00 00 72 44 02 00 00 10 00 | success or wait | 559397779 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1dfb148 | success or wait | 559408507 |
Thread delayed | Time: 0 TID: 984 | success or wait | 559428481 |
Thread delayed | Time: 0 TID: 984 | success or wait | 559428610 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 559433572 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 559440267 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@f02a6d | success or wait | 559538463 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 559570038 |
Process information queried | PID: 376 Info Class: ImageFileName | success or wait | 559575758 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1717334 | success or wait | 559582070 |
Process information queried | PID: 1552 Info Class: DeviceMap | success or wait | 559599277 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: BF0000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 559605247 |
Process information queried | PID: 1552 Info Class: DeviceMap | success or wait | 559606267 |
Memory read | PID: 376 Path: C:\WINDOWS\system32\msdtc.exe Base: 7FFDC000 Length: 2860 Value: FF FF FF FF 00 00 82 00 00 20 81 00 00 00 00 00 00 1E 00 00 00 00 00 00 00 C0 FD 7F 00 00 00 00 78 01 00 00 30 0A 00 00 00 00 00 00 00 00 00 00 00 B0 FD 7F 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 09 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | success or wait | 559656677 |
Memory read | PID: 376 Path: C:\WINDOWS\system32\msdtc.exe Base: 7FFDB000 Length: 488 Value: 00 00 00 00 FF FF FF FF 00 00 40 00 90 1E 19 00 00 00 02 00 00 00 00 00 00 00 09 00 20 06 98 7C 00 10 90 7C E0 10 90 7C 01 00 00 00 70 29 41 7E 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 E0 05 98 7C FF FF 03 00 00 00 00 00 00 00 6F 7F 00 00 6F 7F 88 06 6F 7F 00 00 FB 7F 00 10 FC 7F 00 20 FD 7F 01 00 00 00 00 00 00 00 00 00 00 00 00 80 9B 07 6D E8 FF FF 00 00 10 00 00 20 00 00 00 00 01 00 00 10 00 00 09 00 00 00 10 00 00 00 E0 FF 97 7C 00 00 45 00 00 00 00 00 14 00 00 00 74 E1 97 7C 05 00 00 00 01 00 00 00 28 0A 00 03 02 00 00 00 02 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | success or wait | 559666486 |
Memory read | PID: 376 Path: C:\WINDOWS\system32\msdtc.exe Base: 40003C Length: 4 Value: E0 00 00 00 | success or wait | 559673755 |
Memory read | PID: 376 Path: C:\WINDOWS\system32\msdtc.exe Base: 4000F8 Length: 24 Value: 0B 01 07 0A 00 08 00 00 00 0C 00 00 00 00 00 00 7C 12 00 00 00 10 00 00 | success or wait | 559680016 |
Memory attributes changed | PID: 1552 Path: C:\WINDOWS\explorer.exe Base: 3D95EE89 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 559683017 |
Memory allocated | PID: 376 Path: C:\WINDOWS\system32\msdtc.exe Base: BB60000 Length: 2F6F628 Allocation Type: unknown Protection: page execute and read and write | success or wait | 559692301 |
Memory attributes changed | PID: 1552 Path: C:\WINDOWS\explorer.exe Base: BBA6B68 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 559695591 |
Memory attributes changed | PID: 376 Path: C:\WINDOWS\system32\msdtc.exe Base: BB60000 Length: 4D000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 559699782 |
Memory attributes changed | PID: 1552 Path: C:\WINDOWS\explorer.exe Base: 3D94FABE Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 559703305 |
Memory attributes changed | PID: 376 Path: C:\WINDOWS\system32\msdtc.exe Base: BB60000 Length: 4D000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 559710749 |
Memory attributes changed | PID: 376 Path: C:\WINDOWS\system32\msdtc.exe Base: BB60000 Length: 4D000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 559718382 |
Memory written | PID: 376 Path: C:\WINDOWS\system32\msdtc.exe Base: BB60000 Length: 315392 Value: 4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF 00 00 B8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4C 01 02 00 9B 20 34 4D 00 00 00 00 00 00 00 00 E0 00 02 01 0B 01 0A 00 00 8C 04 00 00 22 00 00 00 00 00 00 72 44 02 00 00 10 00 | success or wait | 559741309 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: null | success or wait | 559748294 |
Memory read | PID: 376 Path: C:\WINDOWS\system32\msdtc.exe Base: 40127C Length: 5 Value: 6A 70 68 A8 10 | success or wait | 559752194 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1181c24 | success or wait | 559754923 |
Memory attributes changed | PID: 376 Path: C:\WINDOWS\system32\msdtc.exe Base: BB8C520 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 559758876 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 559761619 |
Memory written | PID: 376 Path: C:\WINDOWS\system32\msdtc.exe Base: BB8C520 Length: 417 Value: 7C 12 40 00 AF 4A B8 0B 6A 70 68 A8 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05 00 00 00 00 00 40 00 00 00 00 00 E9 2E 38 78 0B 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 43 3A 5C 57 49 4E 44 4F 57 53 5C 73 79 73 74 65 6D 33 32 5C 6D 73 64 74 63 2E 65 78 65 00 53 5C 73 79 73 74 65 6D 33 32 5C 6D 73 64 74 63 2E 65 78 65 00 65 00 65 2E 65 78 65 00 02 03 00 09 00 00 00 C7 02 CB 00 00 02 08 F7 F6 02 D9 8C 91 7C CB 22 00 00 A8 B9 CC 10 78 01 09 00 02 20 00 00 01 40 00 00 10 00 01 00 03 F0 | success or wait | 559776769 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1dfb148 | success or wait | 559779710 |
Memory attributes changed | PID: 376 Path: C:\WINDOWS\system32\msdtc.exe Base: 40127C Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 559785915 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 559793197 |
Memory written | PID: 376 Path: C:\WINDOWS\system32\msdtc.exe Base: 40127C Length: 5 Value: E9 2E 38 78 0B | success or wait | 559815314 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 559840822 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@f02a6d | success or wait | 559854231 |
Thread resumed | TID: 2608 PID: 376 Path: C:\WINDOWS\system32\msdtc.exe | success or wait | 559859877 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 559861977 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1717334 | success or wait | 559893315 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: BF0000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 559900133 |
Memory allocated | PID: 1452 Path: C:\WINDOWS\system32\msiexec.exe Base: BAD0000 Length: 2F6FBEC Allocation Type: unknown Protection: page execute and read and write | success or wait | 559907083 |
Memory attributes changed | PID: 1452 Path: C:\WINDOWS\system32\msiexec.exe Base: BAD0000 Length: 4D000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 559915352 |
Memory attributes changed | PID: 1452 Path: C:\WINDOWS\system32\msiexec.exe Base: BAD0000 Length: 4D000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 559921258 |
Memory attributes changed | PID: 1452 Path: C:\WINDOWS\system32\msiexec.exe Base: BAD0000 Length: 4D000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 559926879 |
Memory written | PID: 1452 Path: C:\WINDOWS\system32\msiexec.exe Base: BAD0000 Length: 315392 Value: 4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF 00 00 B8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4C 01 02 00 9B 20 34 4D 00 00 00 00 00 00 00 00 E0 00 02 01 0B 01 0A 00 00 8C 04 00 00 22 00 00 00 00 00 00 72 44 02 00 00 10 00 | success or wait | 563791070 |
Thread delayed | Time: 0 TID: 984 | success or wait | 563797689 |
Thread delayed | Time: 0 TID: 984 | success or wait | 563797741 |
Memory attributes changed | PID: 1552 Path: C:\WINDOWS\explorer.exe Base: 3D94FABE Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 563804208 |
Memory attributes changed | PID: 1552 Path: C:\WINDOWS\explorer.exe Base: BB8C6D0 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 563834493 |
Memory attributes changed | PID: 1552 Path: C:\WINDOWS\explorer.exe Base: 3D9A608E Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 563844645 |
Process information queried | PID: 1452 Info Class: ImageFileName | success or wait | 563848398 |
Process information queried | PID: 1552 Info Class: DeviceMap | success or wait | 563851500 |
Process information queried | PID: 1552 Info Class: DeviceMap | success or wait | 563853573 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: null | success or wait | 563853920 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1181c24 | success or wait | 563856843 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 563860165 |
Memory read | PID: 1452 Path: C:\WINDOWS\system32\msiexec.exe Base: 7FFD8000 Length: 2860 Value: FF FF FF FF 00 00 B9 00 00 20 B8 00 00 00 00 00 00 1E 00 00 00 00 00 00 00 80 FD 7F 00 00 00 00 AC 05 00 00 10 0B 00 00 00 00 00 00 00 00 00 00 00 D0 FD 7F 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 09 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | success or wait | 563862249 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1dfb148 | success or wait | 563876005 |
Memory read | PID: 1452 Path: C:\WINDOWS\system32\msiexec.exe Base: 7FFDD000 Length: 488 Value: 00 00 00 00 FF FF FF FF 00 00 00 01 90 1E 1A 00 00 00 02 00 00 00 00 00 00 00 0A 00 20 06 98 7C 00 10 90 7C E0 10 90 7C 01 00 00 00 70 29 41 7E 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 E0 05 98 7C FF FF 1F 00 00 00 00 00 00 00 6F 7F 00 00 6F 7F 88 06 6F 7F 00 00 FB 7F 00 10 FC 7F 00 20 FD 7F 01 00 00 00 00 00 00 00 00 00 00 00 00 80 9B 07 6D E8 FF FF 00 00 10 00 00 20 00 00 00 00 01 00 00 10 00 00 08 00 00 00 10 00 00 00 E0 FF 97 7C 00 00 43 00 00 00 00 00 14 00 00 00 74 E1 97 7C 05 00 00 00 01 00 00 00 28 0A 00 03 02 00 00 00 02 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | success or wait | 563881795 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 563882488 |
Memory read | PID: 1452 Path: C:\WINDOWS\system32\msiexec.exe Base: 100003C Length: 4 Value: E8 00 00 00 | success or wait | 563895796 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 563896394 |
Memory read | PID: 1452 Path: C:\WINDOWS\system32\msiexec.exe Base: 1000100 Length: 24 Value: 0B 01 07 0A 00 F6 00 00 00 4A 00 00 00 00 00 00 EE F2 00 00 00 10 00 00 | success or wait | 563911599 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@f02a6d | success or wait | 563921957 |
Memory allocated | PID: 1452 Path: C:\WINDOWS\system32\msiexec.exe Base: BB60000 Length: 2F6F628 Allocation Type: unknown Protection: page execute and read and write | success or wait | 563974921 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 563975445 |
Memory attributes changed | PID: 1452 Path: C:\WINDOWS\system32\msiexec.exe Base: BB60000 Length: 4D000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 563982079 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1717334 | success or wait | 563982373 |
Memory attributes changed | PID: 1452 Path: C:\WINDOWS\system32\msiexec.exe Base: BB60000 Length: 4D000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 563984526 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: BF0000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 563984835 |
Memory attributes changed | PID: 1452 Path: C:\WINDOWS\system32\msiexec.exe Base: BB60000 Length: 4D000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 564022856 |
Memory written | PID: 1452 Path: C:\WINDOWS\system32\msiexec.exe Base: BB60000 Length: 315392 Value: 4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF 00 00 B8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4C 01 02 00 9B 20 34 4D 00 00 00 00 00 00 00 00 E0 00 02 01 0B 01 0A 00 00 8C 04 00 00 22 00 00 00 00 00 00 72 44 02 00 00 10 00 | success or wait | 564040011 |
Memory read | PID: 1452 Path: C:\WINDOWS\system32\msiexec.exe Base: 100F2EE Length: 5 Value: 6A 70 68 48 41 | success or wait | 564045242 |
Memory attributes changed | PID: 1452 Path: C:\WINDOWS\system32\msiexec.exe Base: BB8C520 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 564058226 |
Memory written | PID: 1452 Path: C:\WINDOWS\system32\msiexec.exe Base: BB8C520 Length: 417 Value: EE F2 00 01 AF 4A B8 0B 6A 70 68 48 41 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05 00 00 00 00 00 00 01 00 00 00 00 E9 BC 57 B7 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 43 3A 5C 57 49 4E 44 4F 57 53 5C 73 79 73 74 65 6D 33 32 5C 6D 73 69 65 78 65 63 2E 65 78 65 00 73 79 73 74 65 6D 33 32 5C 6D 73 69 65 78 65 63 2E 65 78 65 00 65 2E 65 78 65 00 02 03 00 09 00 00 00 C7 02 CB 00 00 02 08 F7 F6 02 D9 8C 91 7C CB 22 00 00 A8 B9 CC 10 78 01 09 00 02 20 00 00 01 40 00 00 10 00 01 00 03 F0 | success or wait | 564068451 |
Memory attributes changed | PID: 1452 Path: C:\WINDOWS\system32\msiexec.exe Base: 100F2EE Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 564072100 |
Memory attributes changed | PID: 1552 Path: C:\WINDOWS\explorer.exe Base: 3D9A608E Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 564085665 |
Memory written | PID: 1452 Path: C:\WINDOWS\system32\msiexec.exe Base: 100F2EE Length: 5 Value: E9 BC 57 B7 0A | success or wait | 564093126 |
Memory attributes changed | PID: 1552 Path: C:\WINDOWS\explorer.exe Base: BB95EA0 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 564106921 |
Memory attributes changed | PID: 1552 Path: C:\WINDOWS\explorer.exe Base: 71AB4C27 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 564110162 |
Thread resumed | TID: 2832 PID: 1452 Path: C:\WINDOWS\system32\msiexec.exe | success or wait | 564110297 |
File opened | Path: C:\WINDOWS\system32\WS2_32.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: null | success or wait | 564167523 |
File other op | Path: C:\WINDOWS\system32\ws2_32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1428ffa | success or wait | 564181407 |
File read | Path: C:\WINDOWS\system32\ws2_32.dll Offset: unknown Length: 4 Value: F0 00 00 00 | success or wait | 564184895 |
File other op | Path: C:\WINDOWS\system32\ws2_32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@fa8ba9 | success or wait | 564200896 |
File read | Path: C:\WINDOWS\system32\ws2_32.dll Offset: unknown Length: 20 Value: 4C 01 04 00 63 A1 02 48 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 564204956 |
File read | Path: C:\WINDOWS\system32\ws2_32.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 22 01 00 00 1C 00 00 00 00 00 00 73 12 00 00 00 10 00 00 00 20 01 00 00 00 AB 71 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 0A 00 00 00 00 00 00 70 01 00 00 04 00 00 20 F0 01 00 03 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 04 14 00 00 | success or wait | 564208458 |
File other op | Path: C:\WINDOWS\system32\ws2_32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@e71d5e | success or wait | 564212935 |
File opened | Path: C:\skhfushjflw\config.bin Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: normal Content Overwritten: null | success or wait | 564213246 |
File read | Path: C:\skhfushjflw\config.bin Offset: unknown Length: 74019 Value: 50 5F A6 6E 46 82 4F 8B 57 93 A9 9E 12 94 50 94 50 94 50 94 50 94 65 A2 66 A2 68 AC 79 BD E4 97 C1 E3 88 2B 9D C5 E2 92 23 B3 04 C0 03 7C B1 2A B3 BE CE AD 37 FD 39 FD 3B 6B 1F 81 21 06 02 04 95 44 7B 58 4F 33 E4 CF A8 3F D4 7E 21 05 7D B3 67 3E 96 B1 22 34 C2 F2 16 A5 36 26 B2 39 84 48 E5 22 EE 43 | success or wait | 564228150 |
File read | Path: C:\WINDOWS\system32\ws2_32.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 53 21 01 00 00 10 00 00 00 22 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 14 09 00 00 00 40 01 00 00 0A 00 00 00 26 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 F8 03 00 00 00 50 01 00 00 04 00 00 | success or wait | 564228680 |
File other op | Path: C:\WINDOWS\system32\ws2_32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1390efd | success or wait | 564266998 |
Section loaded | Path: C:\WINDOWS\system32\ws2_32.dll Access: query and read Type: commit Baseaddress: C00000 Size: 20480 Protection: readonly Mapped to pid: own pid | success or wait | 564273999 |
Memory allocated | PID: 1552 Path: C:\WINDOWS\explorer.exe Base: BF0000 Length: 2F6FA68 Allocation Type: unknown Protection: page execute and read and write | success or wait | 564286737 |
Memory attributes changed | PID: 1552 Path: C:\WINDOWS\explorer.exe Base: 77DEE360 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 564289772 |
File opened | Path: C:\WINDOWS\system32\ADVAPI32.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: null | success or wait | 564299390 |
File other op | Path: C:\WINDOWS\system32\advapi32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1071f57 | success or wait | 564304070 |
File read | Path: C:\WINDOWS\system32\advapi32.dll Offset: unknown Length: 4 Value: F0 00 00 00 | success or wait | 564307312 |
Memory attributes changed | PID: 1552 Path: C:\WINDOWS\explorer.exe Base: 71AB4C27 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 564321388 |
File other op | Path: C:\WINDOWS\system32\advapi32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@9aa3f3 | success or wait | 564321879 |
Memory attributes changed | PID: 1552 Path: C:\WINDOWS\explorer.exe Base: BBA7900 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 564336795 |
File read | Path: C:\WINDOWS\system32\advapi32.dll Offset: unknown Length: 20 Value: 4C 01 04 00 48 1D 90 49 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 564336999 |
Memory attributes changed | PID: 1552 Path: C:\WINDOWS\explorer.exe Base: 77AEFF8F Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 564350235 |
File read | Path: C:\WINDOWS\system32\advapi32.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 46 07 00 00 3E 02 00 00 00 00 00 0B 71 00 00 00 10 00 00 00 20 07 00 00 00 DD 77 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 00 00 00 00 00 00 00 B0 09 00 00 04 00 00 B8 5B 0A 00 03 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 A4 16 00 00 | success or wait | 564350554 |
File other op | Path: C:\WINDOWS\system32\advapi32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@81db25 | success or wait | 564355500 |
File read | Path: C:\WINDOWS\system32\advapi32.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 C9 45 07 00 00 10 00 00 00 46 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 28 46 00 00 00 60 07 00 00 2C 00 00 00 4A 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 80 A9 01 00 00 B0 07 00 00 AA 01 00 | success or wait | 564411844 |
File opened | Path: C:\WINDOWS\system32\CRYPT32.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: null | success or wait | 564472018 |
File other op | Path: C:\WINDOWS\system32\advapi32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@15a740a | success or wait | 564473422 |
File other op | Path: C:\WINDOWS\system32\crypt32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1787395 | success or wait | 564535314 |
Section loaded | Path: C:\WINDOWS\system32\advapi32.dll Access: query and read Type: commit Baseaddress: C00000 Size: 28672 Protection: readonly Mapped to pid: own pid | success or wait | 564535785 |
File read | Path: C:\WINDOWS\system32\crypt32.dll Offset: unknown Length: 4 Value: F0 00 00 00 | success or wait | 564552899 |
File other op | Path: C:\WINDOWS\system32\crypt32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@ec7c94 | success or wait | 564573268 |
File read | Path: C:\WINDOWS\system32\crypt32.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D7 A0 02 48 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 564592313 |
File read | Path: C:\WINDOWS\system32\crypt32.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 44 08 00 00 DC 00 00 00 00 00 00 32 16 00 00 00 10 00 00 00 20 08 00 00 00 A8 77 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 00 00 00 00 00 00 00 50 09 00 00 04 00 00 30 C5 09 00 02 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 9C 1A 00 00 | success or wait | 564675569 |
File other op | Path: C:\WINDOWS\system32\crypt32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1e6f7cb | success or wait | 564687643 |
File read | Path: C:\WINDOWS\system32\crypt32.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 C4 43 08 00 00 10 00 00 00 44 08 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 E8 23 00 00 00 60 08 00 00 24 00 00 00 48 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 50 67 00 00 00 90 08 00 00 68 00 00 | success or wait | 564696749 |
Memory attributes changed | PID: 1552 Path: C:\WINDOWS\explorer.exe Base: 77DEE360 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 564705514 |
File other op | Path: C:\WINDOWS\system32\crypt32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@965654 | success or wait | 564716777 |
Memory attributes changed | PID: 1552 Path: C:\WINDOWS\explorer.exe Base: BB96060 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 564719532 |
Section loaded | Path: C:\WINDOWS\system32\crypt32.dll Access: query and read Type: commit Baseaddress: C00000 Size: 77824 Protection: readonly Mapped to pid: own pid | success or wait | 564740622 |
Thread created | PID: 1552 TID: 3080 EIP: 7C8106F9 Imagepath: C:\WINDOWS\explorer.exe | success or wait | 564771394 |
Thread resumed | TID: 3080 PID: 1552 Path: C:\WINDOWS\explorer.exe | success or wait | 564785201 |
Process information queried | PID: 1552 Info Class: Cookie | success or wait | 564788793 |
Process information queried | PID: 1552 Info Class: Cookie | success or wait | 564797557 |
Memory allocated | PID: 1552 Path: C:\WINDOWS\explorer.exe Base: 1400000 Length: 2F6FA68 Allocation Type: unknown Protection: page execute and read and write | success or wait | 564800985 |
Process information queried | PID: 1552 Info Class: Cookie | success or wait | 564806003 |
Memory attributes changed | PID: 1552 Path: C:\WINDOWS\explorer.exe Base: 77AEFF8F Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 564806397 |
Process information queried | PID: 1552 Info Class: Cookie | success or wait | 564812688 |
Memory attributes changed | PID: 1552 Path: C:\WINDOWS\explorer.exe Base: BB93768 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 564813258 |
Process information queried | PID: 1552 Info Class: Cookie | success or wait | 564841378 |
Mutant created | Name: \BaseNamedObjects\WTFGQ7AIWawyMYWWRAk3SWXkgj39MdG | access denied | 564842138 |
Memory allocated | PID: 1552 Path: C:\WINDOWS\explorer.exe Base: C00000 Length: 2F6F9B4 Allocation Type: unknown Protection: page read and write | success or wait | 564868445 |
Process information queried | PID: 1552 Info Class: Cookie | success or wait | 564869636 |
Memory allocated | PID: 1552 Path: C:\WINDOWS\explorer.exe Base: C00000 Length: 2F6F9B8 Allocation Type: unknown Protection: page read and write | success or wait | 564878638 |
Thread delayed | Time: 0 TID: 984 | success or wait | 564878983 |
Thread delayed | Time: 0 TID: 984 | success or wait | 564879126 |
Memory allocated | PID: 1552 Path: C:\WINDOWS\explorer.exe Base: C01000 Length: 2F6F694 Allocation Type: unknown Protection: page read and write | success or wait | 564886806 |
Process information queried | PID: 1552 Info Class: Cookie | success or wait | 565729027 |
Thread created | PID: 1552 TID: 3100 EIP: 7C8106F9 Imagepath: C:\WINDOWS\explorer.exe | success or wait | 565729600 |
Process information queried | PID: 1552 Info Class: Cookie | success or wait | 565744981 |
Thread created | PID: 1552 TID: 3108 EIP: 7C8106F9 Imagepath: C:\WINDOWS\explorer.exe | success or wait | 565745624 |
Thread resumed | TID: 3100 PID: 1552 Path: C:\WINDOWS\explorer.exe | success or wait | 565748346 |
Process information queried | PID: 1552 Info Class: Cookie | success or wait | 565759109 |
Thread resumed | TID: 3108 PID: 1552 Path: C:\WINDOWS\explorer.exe | success or wait | 565759248 |
Process information queried | PID: 1552 Info Class: Cookie | success or wait | 565759612 |
Process information queried | PID: 1552 Info Class: Cookie | success or wait | 565767332 |
Process information queried | PID: 1552 Info Class: Cookie | success or wait | 565774786 |
Process information queried | PID: 1552 Info Class: Cookie | success or wait | 565782585 |
Process information queried | PID: 1552 Info Class: Cookie | success or wait | 565789688 |
Thread created | PID: 1552 TID: 3116 EIP: 7C8106F9 Imagepath: C:\WINDOWS\explorer.exe | success or wait | 565795433 |
Process information queried | PID: 1552 Info Class: Cookie | success or wait | 565801029 |
Thread resumed | TID: 3116 PID: 1552 Path: C:\WINDOWS\explorer.exe | success or wait | 565805359 |
Process information queried | PID: 1552 Info Class: Cookie | success or wait | 565809736 |
Process information queried | PID: 1552 Info Class: Cookie | success or wait | 565919903 |
Process information queried | PID: 1552 Info Class: Cookie | success or wait | 565928442 |
Process information queried | PID: 1552 Info Class: Cookie | success or wait | 565956423 |
Process information queried | PID: 1552 Info Class: Cookie | success or wait | 565977156 |
File opened | Path: C:\skhfushjflw\config.bin Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: normal Content Overwritten: null | success or wait | 565980201 |
Process information queried | PID: 1552 Info Class: Cookie | success or wait | 566006794 |
File other op | Path: C:\skhfushjflw\config.binNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1fdd342 | success or wait | 566010523 |
Thread delayed | Time: 0 TID: 984 | success or wait | 566010656 |
Thread delayed | Time: 0 TID: 984 | success or wait | 566010801 |
Process information queried | PID: 1552 Info Class: Cookie | success or wait | 566014490 |
File read | Path: C:\skhfushjflw\config.bin Offset: unknown Length: 4 Value: B4 51 74 54 | success or wait | 566017681 |
Process information queried | PID: 1552 Info Class: Cookie | success or wait | 566021842 |
Process information queried | PID: 1552 Info Class: Cookie | success or wait | 566051495 |
Process information queried | PID: 1552 Info Class: Cookie | success or wait | 566059204 |
File opened | Path: C:\skhfushjflw\skhfushjflw.exe Access: read attributes and synchronize and generic write Options: synchronous io non alert and non directory file Attributes: normal Content Overwritten: null | success or wait | 566062723 |
Process information queried | PID: 1552 Info Class: Cookie | success or wait | 566261106 |
Process information queried | PID: 1552 Info Class: Cookie | success or wait | 566261264 |
File read | Path: C:\skhfushjflw\skhfushjflw.exe Offset: unknown Length: 178688 Value: 4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF 00 00 B8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | success or wait | 566262237 |
Process information queried | PID: 1552 Info Class: Cookie | success or wait | 566525282 |
Thread delayed | Time: 0 TID: 984 | success or wait | 566661672 |
Process information queried | PID: 1552 Info Class: Wow64Information | success or wait | 566674401 |
File opened | Path: C:\WINDOWS\system32\wininet.dll Access: synchronize and generic read Options: synchronous io non alert and non directory file and random access Overwritten: false | success or wait | 566715339 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and write and read and execute and extend size Type: image Baseaddress: 2AF0000 Size: 942080 Protection: readonly Mapped to pid: own pid | image not at base | 566744944 |
Memory attributes changed | PID: 1552 Path: C:\WINDOWS\explorer.exe Base: 2B1D690 Length: 1000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 566761518 |
Thread delayed | Time: 0 TID: 984 | success or wait | 567736175 |
Thread delayed | Time: 0 TID: 984 | success or wait | 567736318 |
Process information queried | PID: 1552 Info Class: Wow64Information | success or wait | 567777878 |
Thread delayed | Time: 0 TID: 984 | success or wait | 567786976 |
File opened | Path: C:\WINDOWS\system32\wininet.dll Access: synchronize and generic read Options: synchronous io non alert and non directory file and random access Overwritten: false | success or wait | 567787200 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and write and read and execute and extend size Type: image Baseaddress: 2AF0000 Size: 942080 Protection: readonly Mapped to pid: own pid | image not at base | 567833185 |
Memory attributes changed | PID: 1552 Path: C:\WINDOWS\explorer.exe Base: 2B0DEAE Length: 1000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 567860568 |
Process information queried | PID: 1552 Info Class: Wow64Information | success or wait | 568371058 |
File opened | Path: C:\WINDOWS\system32\wininet.dll Access: synchronize and generic read Options: synchronous io non alert and non directory file and random access Overwritten: false | success or wait | 568615561 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and write and read and execute and extend size Type: image Baseaddress: 2AF0000 Size: 942080 Protection: readonly Mapped to pid: own pid | image not at base | 568624845 |
Memory attributes changed | PID: 1552 Path: C:\WINDOWS\explorer.exe Base: 2B0D508 Length: 1000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 568641420 |
Process information queried | PID: 1552 Info Class: Wow64Information | success or wait | 568672117 |
File opened | Path: C:\WINDOWS\system32\wininet.dll Access: synchronize and generic read Options: synchronous io non alert and non directory file and random access Overwritten: false | success or wait | 568686296 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and write and read and execute and extend size Type: image Baseaddress: 2AF0000 Size: 942080 Protection: readonly Mapped to pid: own pid | image not at base | 568699110 |
Memory attributes changed | PID: 1552 Path: C:\WINDOWS\explorer.exe Base: 2B1EE89 Length: 1000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 568716306 |
Thread delayed | Time: 0 TID: 984 | success or wait | 568859981 |
Thread delayed | Time: 0 TID: 984 | success or wait | 568860123 |
Thread delayed | Time: 0 TID: 984 | success or wait | 568944450 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9 Name: Serial_Access_Num | success or wait | 569342188 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5 Name: Serial_Access_Num | success or wait | 569409243 |
Section loaded | Path: C:\WINDOWS\system32\winrnr.dll Access: write and read and execute Type: commit Baseaddress: C10000 Size: 20480 Protection: execute Mapped to pid: own pid | success or wait | 569624654 |
Thread delayed | Time: 0 TID: 984 | success or wait | 570241498 |
Thread delayed | Time: 0 TID: 984 | success or wait | 570241639 |
Thread delayed | Time: 0 TID: 984 | success or wait | 570241936 |
Section loaded | Path: C:\WINDOWS\system32\winrnr.dll Access: query and write and read and execute Type: image Baseaddress: 76FB0000 Size: 32768 Protection: read write Mapped to pid: own pid | success or wait | 570250668 |
Thread delayed | Time: 0 TID: 984 | success or wait | 571888679 |
Thread delayed | Time: 0 TID: 984 | success or wait | 571888730 |
Thread delayed | Time: 0 TID: 984 | success or wait | 571888839 |
Thread delayed | Time: 0 TID: 984 | success or wait | 573049388 |
Thread delayed | Time: 0 TID: 984 | success or wait | 573049441 |
Thread delayed | Time: 0 TID: 984 | success or wait | 573049549 |
Thread delayed | Time: 0 TID: 984 | success or wait | 574480925 |
Thread delayed | Time: 0 TID: 984 | success or wait | 574481067 |
Thread created | PID: 1552 TID: 3940 EIP: 7C8106F9 Imagepath: C:\WINDOWS\explorer.exe | success or wait | 575133942 |
Thread resumed | TID: 3940 PID: 1552 Path: C:\WINDOWS\explorer.exe | success or wait | 575139293 |
Thread created | PID: 1552 TID: 3944 EIP: 7C8106F9 Imagepath: C:\WINDOWS\explorer.exe | success or wait | 575165974 |
Thread resumed | TID: 3944 PID: 1552 Path: C:\WINDOWS\explorer.exe | success or wait | 575170145 |
Thread created | PID: 1552 TID: 3948 EIP: 7C8106F9 Imagepath: C:\WINDOWS\explorer.exe | success or wait | 575185526 |
Thread resumed | TID: 3948 PID: 1552 Path: C:\WINDOWS\explorer.exe | success or wait | 575190907 |
Thread created | PID: 1552 TID: 3968 EIP: 7C8106F9 Imagepath: C:\WINDOWS\explorer.exe | success or wait | 575244808 |
Thread delayed | Time: -547 TID: 3948 | unknown | 575247364 |
Thread resumed | TID: 3968 PID: 1552 Path: C:\WINDOWS\explorer.exe | success or wait | 575249101 |
Key created | Path: HKEY_USERS\Software\Microsoft\Internet Explorer\DBControl | success or wait | 575251506 |
Thread created | PID: 1552 TID: 3992 EIP: 7C8106F9 Imagepath: C:\WINDOWS\explorer.exe | success or wait | 575419633 |
Thread resumed | TID: 3992 PID: 1552 Path: C:\WINDOWS\explorer.exe | success or wait | 575424158 |
File write | Path: \globpluginspipe Offset: unknown Length: 4 Value: 41 0C 02 00 | success or wait | 575450800 |
File write | Path: \globpluginspipe Offset: unknown Length: 134209 Value: 67 6C 6F 62 70 6C 75 67 69 6E 73 00 04 00 00 00 72 73 74 5F 31 5F 31 00 00 0C 02 00 4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF 00 00 B8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 E8 00 00 00 0E 1F BA 0E 00 B4 09 CD | success or wait | 575642163 |
Thread created | PID: 1552 TID: 4036 EIP: 7C8106F9 Imagepath: C:\WINDOWS\explorer.exe | success or wait | 576768881 |
Thread resumed | TID: 4036 PID: 1552 Path: C:\WINDOWS\explorer.exe | success or wait | 576773743 |
File write | Path: \globpluginspipe Offset: unknown Length: 4 Value: 41 0C 02 00 | success or wait | 576801231 |
File write | Path: \globpluginspipe Offset: unknown Length: 134209 Value: 67 6C 6F 62 70 6C 75 67 69 6E 73 00 04 00 00 00 72 73 74 5F 31 5F 31 00 00 0C 02 00 4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF 00 00 B8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 E8 00 00 00 0E 1F BA 0E 00 B4 09 CD | success or wait | 576981140 |
Thread created | PID: 1552 TID: 4080 EIP: 7C8106F9 Imagepath: C:\WINDOWS\explorer.exe | success or wait | 577294644 |
Thread resumed | TID: 4080 PID: 1552 Path: C:\WINDOWS\explorer.exe | success or wait | 577301554 |
File write | Path: \globpluginspipe Offset: unknown Length: 4 Value: 41 0C 02 00 | success or wait | 577324068 |
File write | Path: \globpluginspipe Offset: unknown Length: 134209 Value: 67 6C 6F 62 70 6C 75 67 69 6E 73 00 04 00 00 00 72 73 74 5F 31 5F 31 00 00 0C 02 00 4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF 00 00 B8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 E8 00 00 00 0E 1F BA 0E 00 B4 09 CD | success or wait | 577501169 |
Thread created | PID: 1552 TID: 1152 EIP: 7C8106F9 Imagepath: C:\WINDOWS\explorer.exe | success or wait | 578456026 |
Thread resumed | TID: 1152 PID: 1552 Path: C:\WINDOWS\explorer.exe | success or wait | 578463920 |
File write | Path: \globpluginspipe Offset: unknown Length: 4 Value: 41 0C 02 00 | success or wait | 578489847 |
Section loaded | Path: \KnownDlls\MPRAPI.dll Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 578516651 |
File write | Path: \globpluginspipe Offset: unknown Length: 134209 Value: 67 6C 6F 62 70 6C 75 67 69 6E 73 00 04 00 00 00 72 73 74 5F 31 5F 31 00 00 0C 02 00 4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF 00 00 B8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 E8 00 00 00 0E 1F BA 0E 00 B4 09 CD | success or wait | 578711958 |
Section loaded | Path: C:\WINDOWS\system32\mprapi.dll Access: query and write and read and execute Type: image Baseaddress: 76D40000 Size: 98304 Protection: read write Mapped to pid: own pid | success or wait | 578919043 |
Section loaded | Path: \KnownDlls\ACTIVEDS.dll Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 578946664 |
Thread created | PID: 1552 TID: 480 EIP: 7C8106F9 Imagepath: C:\WINDOWS\explorer.exe | success or wait | 578949508 |
Thread resumed | TID: 480 PID: 1552 Path: C:\WINDOWS\explorer.exe | success or wait | 578954441 |
Section loaded | Path: C:\WINDOWS\system32\activeds.dll Access: query and write and read and execute Type: image Baseaddress: 77CC0000 Size: 204800 Protection: read write Mapped to pid: own pid | success or wait | 578956184 |
Section loaded | Path: \KnownDlls\adsldpc.dll Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 578976342 |
Section loaded | Path: C:\WINDOWS\system32\adsldpc.dll Access: query and write and read and execute Type: image Baseaddress: 76E10000 Size: 151552 Protection: read write Mapped to pid: own pid | success or wait | 578984183 |
Thread created | PID: 1552 TID: 1504 EIP: 7C8106F9 Imagepath: C:\WINDOWS\explorer.exe | success or wait | 579037803 |
Thread resumed | TID: 1504 PID: 1552 Path: C:\WINDOWS\explorer.exe | success or wait | 579043667 |
Thread created | PID: 1552 TID: 780 EIP: 7C8106F9 Imagepath: C:\WINDOWS\explorer.exe | success or wait | 579080539 |
Thread resumed | TID: 780 PID: 1552 Path: C:\WINDOWS\explorer.exe | success or wait | 579084413 |
File write | Path: \globpluginspipe Offset: unknown Length: 4 Value: 41 0C 02 00 | success or wait | 579168514 |
File write | Path: \globpluginspipe Offset: unknown Length: 134209 Value: 67 6C 6F 62 70 6C 75 67 69 6E 73 00 04 00 00 00 72 73 74 5F 31 5F 31 00 00 0C 02 00 4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF 00 00 B8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 E8 00 00 00 0E 1F BA 0E 00 B4 09 CD | success or wait | 580074297 |
File write | Path: \globpluginspipe Offset: unknown Length: 4 Value: 41 0C 02 00 | success or wait | 580296221 |
File write | Path: \globpluginspipe Offset: unknown Length: 134209 Value: 67 6C 6F 62 70 6C 75 67 69 6E 73 00 04 00 00 00 72 73 74 5F 31 5F 31 00 00 0C 02 00 4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF 00 00 B8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 E8 00 00 00 0E 1F BA 0E 00 B4 09 CD | success or wait | 580477157 |
File write | Path: \globpluginspipe Offset: unknown Length: 4 Value: 41 0C 02 00 | success or wait | 582424674 |
File write | Path: \globpluginspipe Offset: unknown Length: 134209 Value: 67 6C 6F 62 70 6C 75 67 69 6E 73 00 04 00 00 00 72 73 74 5F 31 5F 31 00 00 0C 02 00 4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF 00 00 B8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 E8 00 00 00 0E 1F BA 0E 00 B4 09 CD | success or wait | 582602082 |
Thread created | PID: 1552 TID: 1868 EIP: 7C8106F9 Imagepath: C:\WINDOWS\explorer.exe | success or wait | 582853771 |
Thread resumed | TID: 1868 PID: 1552 Path: C:\WINDOWS\explorer.exe | success or wait | 582858667 |
File write | Path: \globpluginspipe Offset: unknown Length: 4 Value: 41 0C 02 00 | success or wait | 582876828 |
File write | Path: \globpluginspipe Offset: unknown Length: 134209 Value: 67 6C 6F 62 70 6C 75 67 69 6E 73 00 04 00 00 00 72 73 74 5F 31 5F 31 00 00 0C 02 00 4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF 00 00 B8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 E8 00 00 00 0E 1F BA 0E 00 B4 09 CD | success or wait | 583782647 |
Thread created | PID: 1552 TID: 1740 EIP: 7C8106F9 Imagepath: C:\WINDOWS\explorer.exe | success or wait | 584081549 |
Thread resumed | TID: 1740 PID: 1552 Path: C:\WINDOWS\explorer.exe | success or wait | 584085221 |
File write | Path: \globpluginspipe Offset: unknown Length: 4 Value: 41 0C 02 00 | success or wait | 584098795 |
File write | Path: \globpluginspipe Offset: unknown Length: 134209 Value: 67 6C 6F 62 70 6C 75 67 69 6E 73 00 04 00 00 00 72 73 74 5F 31 5F 31 00 00 0C 02 00 4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF 00 00 B8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 E8 00 00 00 0E 1F BA 0E 00 B4 09 CD | success or wait | 584277303 |
Process information queried | PID: 1552 Info Class: Wow64Information | success or wait | 586643961 |
File opened | Path: C:\WINDOWS\system32\wininet.dll Access: synchronize and generic read Options: synchronous io non alert and non directory file and random access Overwritten: false | success or wait | 586644898 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and write and read and execute and extend size Type: image Baseaddress: 2AF0000 Size: 942080 Protection: readonly Mapped to pid: own pid | image not at base | 586646168 |
Memory attributes changed | PID: 1552 Path: C:\WINDOWS\explorer.exe Base: 2B0BF83 Length: 1000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 586648188 |
Process information queried | PID: 1552 Info Class: Wow64Information | success or wait | 586651550 |
File opened | Path: C:\WINDOWS\system32\wininet.dll Access: synchronize and generic read Options: synchronous io non alert and non directory file and random access Overwritten: false | success or wait | 586652526 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and write and read and execute and extend size Type: image Baseaddress: 2AF0000 Size: 942080 Protection: readonly Mapped to pid: own pid | image not at base | 586653680 |
Memory attributes changed | PID: 1552 Path: C:\WINDOWS\explorer.exe Base: 2B0654B Length: 1000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 586655648 |
Process information queried | PID: 1552 Info Class: Wow64Information | success or wait | 586660380 |
File opened | Path: C:\WINDOWS\system32\wininet.dll Access: synchronize and generic read Options: synchronous io non alert and non directory file and random access Overwritten: false | success or wait | 586661352 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and write and read and execute and extend size Type: image Baseaddress: 2AF0000 Size: 942080 Protection: readonly Mapped to pid: own pid | image not at base | 586662596 |
Memory attributes changed | PID: 1552 Path: C:\WINDOWS\explorer.exe Base: 2B0654B Length: 1000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 586664673 |
Process information queried | PID: 1552 Info Class: Wow64Information | success or wait | 586668101 |
File opened | Path: C:\WINDOWS\system32\wininet.dll Access: synchronize and generic read Options: synchronous io non alert and non directory file and random access Overwritten: false | success or wait | 586669027 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and write and read and execute and extend size Type: image Baseaddress: 2AF0000 Size: 942080 Protection: readonly Mapped to pid: own pid | image not at base | 586670138 |
Memory attributes changed | PID: 1552 Path: C:\WINDOWS\explorer.exe Base: 2B09088 Length: 1000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 586672320 |
Process information queried | PID: 1552 Info Class: Wow64Information | success or wait | 586677488 |
File opened | Path: C:\WINDOWS\system32\wininet.dll Access: synchronize and generic read Options: synchronous io non alert and non directory file and random access Overwritten: false | success or wait | 586678505 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and write and read and execute and extend size Type: image Baseaddress: 2AF0000 Size: 942080 Protection: readonly Mapped to pid: own pid | image not at base | 586679696 |
Memory attributes changed | PID: 1552 Path: C:\WINDOWS\explorer.exe Base: 2B09088 Length: 1000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 586681726 |
Thread delayed | Time: -300 TID: 3108 | unknown | 586688124 |
Thread created | PID: 1552 TID: 1344 EIP: 7C8106F9 Imagepath: C:\WINDOWS\explorer.exe | success or wait | 587160628 |
Thread resumed | TID: 1344 PID: 1552 Path: C:\WINDOWS\explorer.exe | success or wait | 587160881 |
File write | Path: \globpluginspipe Offset: unknown Length: 4 Value: 41 0C 02 00 | success or wait | 587161981 |
File write | Path: \globpluginspipe Offset: unknown Length: 134209 Value: 67 6C 6F 62 70 6C 75 67 69 6E 73 00 04 00 00 00 72 73 74 5F 31 5F 31 00 00 0C 02 00 4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF 00 00 B8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 E8 00 00 00 0E 1F BA 0E 00 B4 09 CD | success or wait | 587450868 |
Thread created | PID: 1552 TID: 2556 EIP: 7C8106F9 Imagepath: C:\WINDOWS\explorer.exe | success or wait | 642391230 |
Thread resumed | TID: 2556 PID: 1552 Path: C:\WINDOWS\explorer.exe | success or wait | 642391936 |
File write | Path: \globpluginspipe Offset: unknown Length: 4 Value: 41 0C 02 00 | success or wait | 642397588 |
File write | Path: \globpluginspipe Offset: unknown Length: 134209 Value: 67 6C 6F 62 70 6C 75 67 69 6E 73 00 04 00 00 00 72 73 74 5F 31 5F 31 00 00 0C 02 00 4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF 00 00 B8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 E8 00 00 00 0E 1F BA 0E 00 B4 09 CD | success or wait | 642565655 |
Section loaded | Path: \BaseNamedObjects\CTF.AsmListCache.FMPDefaultS-1-5-21-507921405-1960408961-839522115-500 Access: query and write and read and execute and extend size Type: unknown Baseaddress: C10000 Size: 4096 Protection: read write Mapped to pid: own pid | success or wait | 649240226 |
Process information queried | PID: 1728 Info Class: BasicInformation | success or wait | 649244064 |
Section loaded | Path: \BaseNamedObjects\CTF.AsmListCache.FMPDefaultS-1-5-21-507921405-1960408961-839522115-500 Access: query and write and read and execute and extend size Type: unknown Baseaddress: C10000 Size: 4096 Protection: read write Mapped to pid: own pid | success or wait | 649253441 |
Process information queried | PID: 1728 Info Class: BasicInformation | success or wait | 649256653 |
Thread created | PID: 1552 TID: 3128 EIP: 7C8106F9 Imagepath: C:\WINDOWS\explorer.exe | success or wait | 653551749 |
Thread resumed | TID: 3128 PID: 1552 Path: C:\WINDOWS\explorer.exe | success or wait | 653552083 |
File write | Path: \globpluginspipe Offset: unknown Length: 4 Value: 41 0C 02 00 | success or wait | 653553889 |
File write | Path: \globpluginspipe Offset: unknown Length: 134209 Value: 67 6C 6F 62 70 6C 75 67 69 6E 73 00 04 00 00 00 72 73 74 5F 31 5F 31 00 00 0C 02 00 4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF 00 00 B8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 E8 00 00 00 0E 1F BA 0E 00 B4 09 CD | success or wait | 653620261 |
Thread delayed | Time: -1 TID: 348 | success or wait | 656821403 |
Process information queried | PID: 1552 Info Class: DefaultHardErrorMode | success or wait | 660595341 |
Process information queried | PID: 1552 Info Class: DefaultHardErrorMode | success or wait | 660595578 |
Thread delayed | Time: -1 TID: 348 | success or wait | 660599079 |
Section loaded | Path: C:\WINDOWS\system32\ieframe.dll Access: query and read Type: commit Baseaddress: C90000 Size: 69632 Protection: readonly Mapped to pid: own pid | success or wait | 661309175 |
Section loaded | Path: C:\WINDOWS\system32\stdole2.tlb Access: query and read Type: commit Baseaddress: C10000 Size: 16384 Protection: readonly Mapped to pid: own pid | success or wait | 661328183 |
Windows enumerated | Desktop: 0 Parent: 0 Enum Children: false TID: 0 HWNDs: 201D8, 2003E, 20044, 900A4, 900A8, 90098, 90086, 10076, 10074, 10082, 10070, 3004E, 1008E, 201CA, 201D2 | success or wait | 661555071 |
Process information queried | PID: 1552 Info Class: DeviceMap | success or wait | 661785097 |
Process information queried | PID: 1552 Info Class: DeviceMap | success or wait | 661787443 |
Windows enumerated | Desktop: 0 Parent: 0 Enum Children: false TID: 0 HWNDs: 201D8, 2003E, 20044, 900A4, 900A8, 90098, 90086, 10076, 10074, 10082, 10070, 3004E, 1008E, 201CA, 201D2 | success or wait | 661797921 |
Message sent | HWND: 10084 Message: 41A WParam: 1584 LParam: 70536 | error | 662723970 |
Process information queried | PID: 2472 Info Class: BasicInformation | success or wait | 662729709 |
Memory read | PID: 2472 Path: C:\Program Files\Internet Explorer\iexplore.exe Base: 7FFDD008 Length: 4 Value: 00 00 40 00 | success or wait | 662730073 |
Memory read | PID: 2472 Path: C:\Program Files\Internet Explorer\iexplore.exe Base: 7FFDD00C Length: 4 Value: 90 1E 25 00 | success or wait | 662730424 |
Memory read | PID: 2472 Path: C:\Program Files\Internet Explorer\iexplore.exe Base: 251EA4 Length: 4 Value: C8 1E 25 00 | success or wait | 662730771 |
Memory read | PID: 2472 Path: C:\Program Files\Internet Explorer\iexplore.exe Base: 251EC0 Length: 80 Value: 18 1F 25 00 9C 1E 25 00 20 1F 25 00 A4 1E 25 00 00 00 00 00 00 00 00 00 00 00 40 00 25 1A 40 00 00 C0 09 00 5E 00 60 00 B4 05 02 00 18 00 1A 00 FA 05 02 00 00 50 00 00 FF FF 00 00 4C 26 25 00 C0 E2 97 7C 2E AD B3 49 00 00 00 00 00 00 00 00 | success or wait | 662731115 |
Memory read | PID: 2472 Path: C:\Program Files\Internet Explorer\iexplore.exe Base: 205B4 Length: 96 Value: 43 00 3A 00 5C 00 50 00 72 00 6F 00 67 00 72 00 61 00 6D 00 20 00 46 00 69 00 6C 00 65 00 73 00 5C 00 49 00 6E 00 74 00 65 00 72 00 6E 00 65 00 74 00 20 00 45 00 78 00 70 00 6C 00 6F 00 72 00 65 00 72 00 5C 00 49 00 45 00 58 00 50 00 4C 00 4F 00 52 00 45 00 2E 00 45 00 58 00 45 00 00 00 | success or wait | 662731553 |
Process information queried | PID: 1552 Info Class: DefaultHardErrorMode | success or wait | 664270903 |
Process information queried | PID: 1552 Info Class: DefaultHardErrorMode | success or wait | 664271110 |
Process information queried | PID: 1552 Info Class: DefaultHardErrorMode | success or wait | 664581270 |
Process information queried | PID: 1552 Info Class: DefaultHardErrorMode | success or wait | 664585453 |
Process information queried | PID: 1552 Info Class: DefaultHardErrorMode | success or wait | 664589317 |
Section loaded | Path: C:\Program Files\Internet Explorer\iexplore.exe Access: write and read and execute Type: commit Baseaddress: 2AF0000 Size: 638976 Protection: execute Mapped to pid: own pid | success or wait | 664599093 |
Section loaded | Path: C:\Program Files\Internet Explorer\iexplore.exe Access: query and read Type: commit Baseaddress: 2AF0000 Size: 638976 Protection: readonly Mapped to pid: own pid | success or wait | 664689648 |
Process information queried | PID: 1552 Info Class: DefaultHardErrorMode | success or wait | 664718960 |
Process information queried | PID: 1552 Info Class: DefaultHardErrorMode | success or wait | 664727636 |
Section loaded | Path: C:\Program Files\Internet Explorer\iexplore.exe Access: write and read and execute Type: commit Baseaddress: 2AF0000 Size: 638976 Protection: execute Mapped to pid: own pid | success or wait | 665032857 |
Section loaded | Path: C:\Program Files\Internet Explorer\iexplore.exe Access: query and read Type: commit Baseaddress: 2AF0000 Size: 638976 Protection: readonly Mapped to pid: own pid | success or wait | 665075436 |
Process information queried | PID: 1552 Info Class: DefaultHardErrorMode | success or wait | 665109798 |
Message sent | HWND: 120118 Message: GETICON WParam: 2 LParam: 0 | success | 665166094 |
Message sent | HWND: 120118 Message: GETICON WParam: 0 LParam: 0 | success | 665171730 |
Message sent | HWND: 120118 Message: GETICON WParam: 1 LParam: 0 | success | 665173066 |
Windows enumerated | Desktop: 0 Parent: 0 Enum Children: false TID: 0 HWNDs: 201D8, 2003E, 20044, 900A4, 900A8, 90098, 90086, 10076, 10074, 10082, 10070, 3004E, 1008E, 201CA, 201D2 | buffer too small | 665531227 |
Windows enumerated | Desktop: 0 Parent: 0 Enum Children: false TID: 0 HWNDs: 2003E, 20044, 201D8, 900A4, 900A8, 90098, 90086, 10076, 10074, 10082, 10070, 3004E, 1008E, 201C6, 201C8, 201C4 | success or wait | 665531706 |
Key value replaced with new | Path: HKEY_USERS\SessionInformation Name: ProgramCount Type: dword Data: 1 Old data: 0 | success or wait | 665535027 |
Message sent | HWND: 10084 Message: 41A WParam: 0 LParam: 0 | error | 665537433 |
Windows enumerated | Desktop: 0 Parent: 0 Enum Children: false TID: 0 HWNDs: 2003E, 20044, 201D8, 900A4, 900A8, 90098, 90086, 10076, 10074, 10082, 10070, 3004E, 1008E, 201C6, 201C8 | buffer too small | 665540130 |
Windows enumerated | Desktop: 0 Parent: 0 Enum Children: false TID: 0 HWNDs: 2003E, 20044, 201D8, 900A4, 900A8, 90098, 90086, 10076, 10074, 10082, 10070, 3004E, 1008E, 201C6, 201C8, 201C4 | success or wait | 665540299 |
Message sent | HWND: 120118 Message: GETICON WParam: 2 LParam: 0 | success | 668407055 |
Windows enumerated | Desktop: 0 Parent: 0 Enum Children: false TID: 0 HWNDs: 2003E, 20044, 201D8, 900A4, 900A8, 90098, 90086, 10076, 10074, 10082, 10070, 3004E, 1008E, 201C6, 201C8 | buffer too small | 669124825 |
Windows enumerated | Desktop: 0 Parent: 0 Enum Children: false TID: 0 HWNDs: 2003E, 20044, 201D8, 900A4, 900A8, 90098, 90086, 10076, 10074, 10082, 10070, 3004E, 1008E, 201C6, 201C8, 201C4 | success or wait | 669125323 |
Thread created | PID: 1552 TID: 4020 EIP: 7C8106F9 Imagepath: C:\WINDOWS\explorer.exe | success or wait | 671774831 |
Thread resumed | TID: 4020 PID: 1552 Path: C:\WINDOWS\explorer.exe | success or wait | 671776018 |
File write | Path: \globpluginspipe Offset: unknown Length: 4 Value: 41 0C 02 00 | success or wait | 671778712 |
File write | Path: \globpluginspipe Offset: unknown Length: 134209 Value: 67 6C 6F 62 70 6C 75 67 69 6E 73 00 04 00 00 00 72 73 74 5F 31 5F 31 00 00 0C 02 00 4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF 00 00 B8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 E8 00 00 00 0E 1F BA 0E 00 B4 09 CD | success or wait | 672557914 |
Windows enumerated | Desktop: 0 Parent: 0 Enum Children: false TID: 0 HWNDs: 2003E, 20044, 201D8, 900A4, 900A8, 90098, 90086, 10076, 10074, 10082, 10070, 3004E, 1008E, 201C6, 201C8 | buffer too small | 672739912 |
Windows enumerated | Desktop: 0 Parent: 0 Enum Children: false TID: 0 HWNDs: 2003E, 20044, 201D8, 900A4, 900A8, 90098, 90086, 10076, 10074, 10082, 10070, 3004E, 1008E, 201C6, 201C8, 201C4 | success or wait | 672754459 |
Windows enumerated | Desktop: 0 Parent: 0 Enum Children: false TID: 0 HWNDs: 2003E, 20044, 201D8, 900A4, 900A8, 90098, 90086, 10076, 10074, 10082, 10070, 3004E, 1008E, 201C6, 201C8 | buffer too small | 676508234 |
Windows enumerated | Desktop: 0 Parent: 0 Enum Children: false TID: 0 HWNDs: 2003E, 20044, 201D8, 900A4, 900A8, 90098, 90086, 10076, 10074, 10082, 10070, 3004E, 1008E, 201C6, 201C8, 201C4 | success or wait | 676510260 |
Windows enumerated | Desktop: 0 Parent: 0 Enum Children: false TID: 0 HWNDs: 2003E, 20044, 201D8, 900A4, 900A8, 90098, 90086, 10076, 10074, 10082, 10070, 3004E, 1008E, 201C6, 201C8 | buffer too small | 680562735 |
Windows enumerated | Desktop: 0 Parent: 0 Enum Children: false TID: 0 HWNDs: 2003E, 20044, 201D8, 900A4, 900A8, 90098, 90086, 10076, 10074, 10082, 10070, 3004E, 1008E, 201C6, 201C8, 201C4 | success or wait | 680568948 |
Windows enumerated | Desktop: 0 Parent: 0 Enum Children: false TID: 0 HWNDs: 2003E, 20044, 201D8, 900A4, 900A8, 90098, 90086, 10076, 10074, 10082, 10070, 3004E, 1008E, 201C6, 201C8 | buffer too small | 684114357 |
Windows enumerated | Desktop: 0 Parent: 0 Enum Children: false TID: 0 HWNDs: 2003E, 20044, 201D8, 900A4, 900A8, 90098, 90086, 10076, 10074, 10082, 10070, 3004E, 1008E, 201C6, 201C8, 301B0 | success or wait | 684114546 |
Message sent | HWND: 120118 Message: GETICON WParam: 2 LParam: 0 | success | 684394518 |
Section loaded | Path: C:\WINDOWS\system32\ieframe.dll Access: query and read Type: commit Baseaddress: C90000 Size: 69632 Protection: readonly Mapped to pid: own pid | success or wait | 685005888 |
Message sent | HWND: 120118 Message: GETICON WParam: 2 LParam: 0 | success | 686280217 |
Message sent | HWND: 120118 Message: GETICON WParam: 2 LParam: 0 | success | 688871279 |
Thread created | PID: 1552 TID: 2376 EIP: 7C8106F9 Imagepath: C:\WINDOWS\explorer.exe | success or wait | 692346128 |
Thread resumed | TID: 2376 PID: 1552 Path: C:\WINDOWS\explorer.exe | success or wait | 692350837 |
File write | Path: \globpluginspipe Offset: unknown Length: 4 Value: 41 0C 02 00 | success or wait | 692398647 |
File write | Path: \globpluginspipe Offset: unknown Length: 134209 Value: 67 6C 6F 62 70 6C 75 67 69 6E 73 00 04 00 00 00 72 73 74 5F 31 5F 31 00 00 0C 02 00 4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF 00 00 B8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 E8 00 00 00 0E 1F BA 0E 00 B4 09 CD | success or wait | 693738787 |
Thread created | PID: 1552 TID: 2444 EIP: 7C8106F9 Imagepath: C:\WINDOWS\explorer.exe | success or wait | 694449635 |
Thread resumed | TID: 2444 PID: 1552 Path: C:\WINDOWS\explorer.exe | success or wait | 694459185 |
File write | Path: \globpluginspipe Offset: unknown Length: 4 Value: 41 0C 02 00 | success or wait | 694495199 |
File write | Path: \globpluginspipe Offset: unknown Length: 134209 Value: 67 6C 6F 62 70 6C 75 67 69 6E 73 00 04 00 00 00 72 73 74 5F 31 5F 31 00 00 0C 02 00 4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF 00 00 B8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 E8 00 00 00 0E 1F BA 0E 00 B4 09 CD | success or wait | 694637069 |
Thread created | PID: 1552 TID: 2504 EIP: 7C8106F9 Imagepath: C:\WINDOWS\explorer.exe | success or wait | 695571259 |
Thread resumed | TID: 2504 PID: 1552 Path: C:\WINDOWS\explorer.exe | success or wait | 695576486 |
Thread created | PID: 1552 TID: 2524 EIP: 7C8106F9 Imagepath: C:\WINDOWS\explorer.exe | success or wait | 696138119 |
Thread resumed | TID: 2524 PID: 1552 Path: C:\WINDOWS\explorer.exe | success or wait | 696140069 |
File write | Path: \globpluginspipe Offset: unknown Length: 4 Value: 41 0C 02 00 | success or wait | 696143202 |
File write | Path: \globpluginspipe Offset: unknown Length: 134209 Value: 67 6C 6F 62 70 6C 75 67 69 6E 73 00 04 00 00 00 72 73 74 5F 31 5F 31 00 00 0C 02 00 4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF 00 00 B8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 E8 00 00 00 0E 1F BA 0E 00 B4 09 CD | success or wait | 696283345 |
File write | Path: \globpluginspipe Offset: unknown Length: 4 Value: 41 0C 02 00 | success or wait | 696599655 |
File write | Path: \globpluginspipe Offset: unknown Length: 134209 Value: 67 6C 6F 62 70 6C 75 67 69 6E 73 00 04 00 00 00 72 73 74 5F 31 5F 31 00 00 0C 02 00 4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF 00 00 B8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 E8 00 00 00 0E 1F BA 0E 00 B4 09 CD | success or wait | 697669129 |
Thread created | PID: 1552 TID: 2640 EIP: 7C8106F9 Imagepath: C:\WINDOWS\explorer.exe | success or wait | 697880904 |
Thread resumed | TID: 2640 PID: 1552 Path: C:\WINDOWS\explorer.exe | success or wait | 697883596 |
Thread created | PID: 1552 TID: 2772 EIP: 7C8106F9 Imagepath: C:\WINDOWS\explorer.exe | success or wait | 698005192 |
Thread resumed | TID: 2772 PID: 1552 Path: C:\WINDOWS\explorer.exe | success or wait | 698009441 |
File write | Path: \globpluginspipe Offset: unknown Length: 4 Value: 41 0C 02 00 | success or wait | 698010156 |
File write | Path: \globpluginspipe Offset: unknown Length: 134209 Value: 67 6C 6F 62 70 6C 75 67 69 6E 73 00 04 00 00 00 72 73 74 5F 31 5F 31 00 00 0C 02 00 4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF 00 00 B8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 E8 00 00 00 0E 1F BA 0E 00 B4 09 CD | success or wait | 698288610 |
File write | Path: \globpluginspipe Offset: unknown Length: 4 Value: 41 0C 02 00 | success or wait | 698368418 |
File write | Path: \globpluginspipe Offset: unknown Length: 134209 Value: 67 6C 6F 62 70 6C 75 67 69 6E 73 00 04 00 00 00 72 73 74 5F 31 5F 31 00 00 0C 02 00 4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF 00 00 B8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 E8 00 00 00 0E 1F BA 0E 00 B4 09 CD | success or wait | 698458533 |
Thread created | PID: 1552 TID: 2852 EIP: 7C8106F9 Imagepath: C:\WINDOWS\explorer.exe | success or wait | 698741666 |
Thread resumed | TID: 2852 PID: 1552 Path: C:\WINDOWS\explorer.exe | success or wait | 698853408 |
File write | Path: \globpluginspipe Offset: unknown Length: 4 Value: 41 0C 02 00 | success or wait | 698896919 |
File write | Path: \globpluginspipe Offset: unknown Length: 134209 Value: 67 6C 6F 62 70 6C 75 67 69 6E 73 00 04 00 00 00 72 73 74 5F 31 5F 31 00 00 0C 02 00 4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF 00 00 B8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 E8 00 00 00 0E 1F BA 0E 00 B4 09 CD | success or wait | 698980886 |
Thread created | PID: 1552 TID: 3000 EIP: 7C8106F9 Imagepath: C:\WINDOWS\explorer.exe | success or wait | 699065506 |
Thread resumed | TID: 3000 PID: 1552 Path: C:\WINDOWS\explorer.exe | success or wait | 699069531 |
Thread created | PID: 1552 TID: 3072 EIP: 7C8106F9 Imagepath: C:\WINDOWS\explorer.exe | success or wait | 699166297 |
Thread resumed | TID: 3072 PID: 1552 Path: C:\WINDOWS\explorer.exe | success or wait | 699169347 |
File write | Path: \globpluginspipe Offset: unknown Length: 4 Value: 41 0C 02 00 | success or wait | 699170703 |
File write | Path: \globpluginspipe Offset: unknown Length: 134209 Value: 67 6C 6F 62 70 6C 75 67 69 6E 73 00 04 00 00 00 72 73 74 5F 31 5F 31 00 00 0C 02 00 4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF 00 00 B8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 E8 00 00 00 0E 1F BA 0E 00 B4 09 CD | success or wait | 699465485 |
File write | Path: \globpluginspipe Offset: unknown Length: 4 Value: 41 0C 02 00 | success or wait | 699650728 |
File write | Path: \globpluginspipe Offset: unknown Length: 134209 Value: 67 6C 6F 62 70 6C 75 67 69 6E 73 00 04 00 00 00 72 73 74 5F 31 5F 31 00 00 0C 02 00 4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF 00 00 B8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 E8 00 00 00 0E 1F BA 0E 00 B4 09 CD | success or wait | 699835701 |
Thread created | PID: 1552 TID: 3168 EIP: 7C8106F9 Imagepath: C:\WINDOWS\explorer.exe | success or wait | 701079995 |
Thread resumed | TID: 3168 PID: 1552 Path: C:\WINDOWS\explorer.exe | success or wait | 701084593 |
Thread created | PID: 1552 TID: 3292 EIP: 7C8106F9 Imagepath: C:\WINDOWS\explorer.exe | success or wait | 701403297 |
Thread resumed | TID: 3292 PID: 1552 Path: C:\WINDOWS\explorer.exe | success or wait | 701403777 |
File write | Path: \globpluginspipe Offset: unknown Length: 4 Value: 41 0C 02 00 | success or wait | 701403948 |
File write | Path: \globpluginspipe Offset: unknown Length: 134209 Value: 67 6C 6F 62 70 6C 75 67 69 6E 73 00 04 00 00 00 72 73 74 5F 31 5F 31 00 00 0C 02 00 4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF 00 00 B8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 E8 00 00 00 0E 1F BA 0E 00 B4 09 CD | success or wait | 701469464 |
File write | Path: \globpluginspipe Offset: unknown Length: 4 Value: 41 0C 02 00 | success or wait | 701545712 |
File write | Path: \globpluginspipe Offset: unknown Length: 134209 Value: 67 6C 6F 62 70 6C 75 67 69 6E 73 00 04 00 00 00 72 73 74 5F 31 5F 31 00 00 0C 02 00 4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF 00 00 B8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 E8 00 00 00 0E 1F BA 0E 00 B4 09 CD | success or wait | 701866745 |
Thread created | PID: 1552 TID: 3392 EIP: 7C8106F9 Imagepath: C:\WINDOWS\explorer.exe | success or wait | 702002709 |
Thread resumed | TID: 3392 PID: 1552 Path: C:\WINDOWS\explorer.exe | success or wait | 702004185 |
Thread created | PID: 1552 TID: 3456 EIP: 7C8106F9 Imagepath: C:\WINDOWS\explorer.exe | success or wait | 702082109 |
Thread resumed | TID: 3456 PID: 1552 Path: C:\WINDOWS\explorer.exe | success or wait | 702084538 |
File write | Path: \globpluginspipe Offset: unknown Length: 4 Value: 41 0C 02 00 | success or wait | 702087290 |
File write | Path: \globpluginspipe Offset: unknown Length: 134209 Value: 67 6C 6F 62 70 6C 75 67 69 6E 73 00 04 00 00 00 72 73 74 5F 31 5F 31 00 00 0C 02 00 4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF 00 00 B8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 E8 00 00 00 0E 1F BA 0E 00 B4 09 CD | success or wait | 702413692 |
File write | Path: \globpluginspipe Offset: unknown Length: 4 Value: 41 0C 02 00 | success or wait | 702529106 |
File write | Path: \globpluginspipe Offset: unknown Length: 134209 Value: 67 6C 6F 62 70 6C 75 67 69 6E 73 00 04 00 00 00 72 73 74 5F 31 5F 31 00 00 0C 02 00 4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF 00 00 B8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 E8 00 00 00 0E 1F BA 0E 00 B4 09 CD | success or wait | 702593276 |
Thread created | PID: 1552 TID: 3468 EIP: 7C8106F9 Imagepath: C:\WINDOWS\explorer.exe | success or wait | 702814157 |
Thread resumed | TID: 3468 PID: 1552 Path: C:\WINDOWS\explorer.exe | success or wait | 702816479 |
Thread created | PID: 1552 TID: 3476 EIP: 7C8106F9 Imagepath: C:\WINDOWS\explorer.exe | success or wait | 702826418 |
Thread resumed | TID: 3476 PID: 1552 Path: C:\WINDOWS\explorer.exe | success or wait | 702827474 |
Process information queried | PID: 1552 Info Class: DeviceMap | success or wait | 702832380 |
File write | Path: \globpluginspipe Offset: unknown Length: 4 Value: 41 0C 02 00 | success or wait | 702833361 |
File write | Path: \globpluginspipe Offset: unknown Length: 134209 Value: 67 6C 6F 62 70 6C 75 67 69 6E 73 00 04 00 00 00 72 73 74 5F 31 5F 31 00 00 0C 02 00 4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF 00 00 B8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 E8 00 00 00 0E 1F BA 0E 00 B4 09 CD | success or wait | 702899758 |
File write | Path: \globpluginspipe Offset: unknown Length: 4 Value: 41 0C 02 00 | success or wait | 702967976 |
File write | Path: \globpluginspipe Offset: unknown Length: 134209 Value: 67 6C 6F 62 70 6C 75 67 69 6E 73 00 04 00 00 00 72 73 74 5F 31 5F 31 00 00 0C 02 00 4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF 00 00 B8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 E8 00 00 00 0E 1F BA 0E 00 B4 09 CD | success or wait | 703582353 |
Thread created | PID: 1552 TID: 3484 EIP: 7C8106F9 Imagepath: C:\WINDOWS\explorer.exe | success or wait | 703795090 |
Windows enumerated | Desktop: 0 Parent: 0 Enum Children: false TID: 0 HWNDs: 2003E, 20044, 201D8, 900A4, 900A8, 90098, 90086, 10076, 10074, 10082, 10070, 3004E, 1008E, 201C6, 201C8 | buffer too small | 703797067 |
Thread resumed | TID: 3484 PID: 1552 Path: C:\WINDOWS\explorer.exe | success or wait | 703798220 |
Windows enumerated | Desktop: 0 Parent: 0 Enum Children: false TID: 0 HWNDs: 2003E, 20044, 201D8, 900A4, 900A8, 90098, 90086, 10076, 10074, 10082, 10070, 3004E, 1008E, 201C6, 201C8, 301B0 | success or wait | 703799524 |
File write | Path: \globpluginspipe Offset: unknown Length: 4 Value: 41 0C 02 00 | success or wait | 703826472 |
File write | Path: \globpluginspipe Offset: unknown Length: 134209 Value: 67 6C 6F 62 70 6C 75 67 69 6E 73 00 04 00 00 00 72 73 74 5F 31 5F 31 00 00 0C 02 00 4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF 00 00 B8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 E8 00 00 00 0E 1F BA 0E 00 B4 09 CD | success or wait | 703996251 |
Thread created | PID: 1552 TID: 3556 EIP: 7C8106F9 Imagepath: C:\WINDOWS\explorer.exe | success or wait | 705059418 |
Thread resumed | TID: 3556 PID: 1552 Path: C:\WINDOWS\explorer.exe | success or wait | 705060976 |
File write | Path: \globpluginspipe Offset: unknown Length: 4 Value: 41 0C 02 00 | success or wait | 705067214 |
File write | Path: \globpluginspipe Offset: unknown Length: 134209 Value: 67 6C 6F 62 70 6C 75 67 69 6E 73 00 04 00 00 00 72 73 74 5F 31 5F 31 00 00 0C 02 00 4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF 00 00 B8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 E8 00 00 00 0E 1F BA 0E 00 B4 09 CD | success or wait | 705240970 |
Thread created | PID: 1552 TID: 3612 EIP: 7C8106F9 Imagepath: C:\WINDOWS\explorer.exe | success or wait | 708880527 |
Thread resumed | TID: 3612 PID: 1552 Path: C:\WINDOWS\explorer.exe | success or wait | 708880929 |
File write | Path: \globpluginspipe Offset: unknown Length: 4 Value: 41 0C 02 00 | success or wait | 708881943 |
File write | Path: \globpluginspipe Offset: unknown Length: 134209 Value: 67 6C 6F 62 70 6C 75 67 69 6E 73 00 04 00 00 00 72 73 74 5F 31 5F 31 00 00 0C 02 00 4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF 00 00 B8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 E8 00 00 00 0E 1F BA 0E 00 B4 09 CD | success or wait | 708940660 |
Windows enumerated | Desktop: 0 Parent: 0 Enum Children: false TID: 0 HWNDs: 2003E, 20044, 201D8, 900A4, 900A8, 90098, 90086, 10076, 10074, 10082, 10070, 3004E, 1008E, 201C6, 201C8 | buffer too small | 762822416 |
Windows enumerated | Desktop: 0 Parent: 0 Enum Children: false TID: 0 HWNDs: 2003E, 20044, 201D8, 900A4, 900A8, 90098, 90086, 10076, 10074, 10082, 10070, 3004E, 1008E, 201C6, 201C8, 4018A, A017A, 8022E | success or wait | 762822605 |
Windows enumerated | Desktop: 0 Parent: 0 Enum Children: false TID: 0 HWNDs: 2003E, 20044, 201D8, 900A4, 900A8, 90098, 90086, 10076, 10074, 10082, 10070, 3004E, 1008E, 201C6, 201C8 | buffer too small | 763478366 |
Windows enumerated | Desktop: 0 Parent: 0 Enum Children: false TID: 0 HWNDs: 2003E, 20044, 201D8, 900A4, 900A8, 90098, 90086, 10076, 10074, 10082, 10070, 3004E, 1008E, 201C6, 201C8, 4018A, A017A, 50192 | success or wait | 763478900 |
Thread created | PID: 1552 TID: 2652 EIP: 7C8106F9 Imagepath: C:\WINDOWS\explorer.exe | success or wait | 766675043 |
Thread resumed | TID: 2652 PID: 1552 Path: C:\WINDOWS\explorer.exe | success or wait | 766676521 |
File write | Path: \globpluginspipe Offset: unknown Length: 4 Value: 41 0C 02 00 | success or wait | 766679678 |
File write | Path: \globpluginspipe Offset: unknown Length: 134209 Value: 67 6C 6F 62 70 6C 75 67 69 6E 73 00 04 00 00 00 72 73 74 5F 31 5F 31 00 00 0C 02 00 4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF 00 00 B8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 E8 00 00 00 0E 1F BA 0E 00 B4 09 CD | success or wait | 766851800 |
Thread created | PID: 1552 TID: 2780 EIP: 7C8106F9 Imagepath: C:\WINDOWS\explorer.exe | success or wait | 775625572 |
Thread resumed | TID: 2780 PID: 1552 Path: C:\WINDOWS\explorer.exe | success or wait | 775626681 |
File write | Path: \globpluginspipe Offset: unknown Length: 4 Value: 41 0C 02 00 | success or wait | 775629245 |
File write | Path: \globpluginspipe Offset: unknown Length: 134209 Value: 67 6C 6F 62 70 6C 75 67 69 6E 73 00 04 00 00 00 72 73 74 5F 31 5F 31 00 00 0C 02 00 4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF 00 00 B8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 E8 00 00 00 0E 1F BA 0E 00 B4 09 CD | success or wait | 776444442 |
Thread created | PID: 1552 TID: 3020 EIP: 7C8106F9 Imagepath: C:\WINDOWS\explorer.exe | success or wait | 794639829 |
Thread resumed | TID: 3020 PID: 1552 Path: C:\WINDOWS\explorer.exe | success or wait | 794641388 |
File write | Path: \globpluginspipe Offset: unknown Length: 4 Value: 41 0C 02 00 | success or wait | 794645108 |
File write | Path: \globpluginspipe Offset: unknown Length: 134209 Value: 67 6C 6F 62 70 6C 75 67 69 6E 73 00 04 00 00 00 72 73 74 5F 31 5F 31 00 00 0C 02 00 4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF 00 00 B8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 E8 00 00 00 0E 1F BA 0E 00 B4 09 CD | success or wait | 794819606 |
Thread created | PID: 1552 TID: 3304 EIP: 7C8106F9 Imagepath: C:\WINDOWS\explorer.exe | success or wait | 813598455 |
Thread resumed | TID: 3304 PID: 1552 Path: C:\WINDOWS\explorer.exe | success or wait | 813600971 |
File write | Path: \globpluginspipe Offset: unknown Length: 4 Value: 41 0C 02 00 | success or wait | 813604178 |
File write | Path: \globpluginspipe Offset: unknown Length: 134209 Value: 67 6C 6F 62 70 6C 75 67 69 6E 73 00 04 00 00 00 72 73 74 5F 31 5F 31 00 00 0C 02 00 4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF 00 00 B8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 E8 00 00 00 0E 1F BA 0E 00 B4 09 CD | success or wait | 813788694 |
Thread created | PID: 1552 TID: 3348 EIP: 7C8106F9 Imagepath: C:\WINDOWS\explorer.exe | success or wait | 814716785 |
Thread resumed | TID: 3348 PID: 1552 Path: C:\WINDOWS\explorer.exe | success or wait | 814718202 |
File write | Path: \globpluginspipe Offset: unknown Length: 4 Value: 41 0C 02 00 | success or wait | 814720672 |
File write | Path: \globpluginspipe Offset: unknown Length: 134209 Value: 67 6C 6F 62 70 6C 75 67 69 6E 73 00 04 00 00 00 72 73 74 5F 31 5F 31 00 00 0C 02 00 4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF 00 00 B8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 E8 00 00 00 0E 1F BA 0E 00 B4 09 CD | success or wait | 815557826 |
Thread created | PID: 1552 TID: 3356 EIP: 7C8106F9 Imagepath: C:\WINDOWS\explorer.exe | success or wait | 815755783 |
Thread resumed | TID: 3356 PID: 1552 Path: C:\WINDOWS\explorer.exe | success or wait | 815759521 |
File write | Path: \globpluginspipe Offset: unknown Length: 4 Value: 41 0C 02 00 | success or wait | 815763719 |
File write | Path: \globpluginspipe Offset: unknown Length: 134209 Value: 67 6C 6F 62 70 6C 75 67 69 6E 73 00 04 00 00 00 72 73 74 5F 31 5F 31 00 00 0C 02 00 4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF 00 00 B8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 E8 00 00 00 0E 1F BA 0E 00 B4 09 CD | success or wait | 815945010 |
Thread created | PID: 1552 TID: 3380 EIP: 7C8106F9 Imagepath: C:\WINDOWS\explorer.exe | success or wait | 816737551 |
Thread resumed | TID: 3380 PID: 1552 Path: C:\WINDOWS\explorer.exe | success or wait | 816738775 |
File write | Path: \globpluginspipe Offset: unknown Length: 4 Value: 41 0C 02 00 | success or wait | 816741906 |
File write | Path: \globpluginspipe Offset: unknown Length: 134209 Value: 67 6C 6F 62 70 6C 75 67 69 6E 73 00 04 00 00 00 72 73 74 5F 31 5F 31 00 00 0C 02 00 4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF 00 00 B8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 E8 00 00 00 0E 1F BA 0E 00 B4 09 CD | success or wait | 816927625 |
Thread created | PID: 1552 TID: 3396 EIP: 7C8106F9 Imagepath: C:\WINDOWS\explorer.exe | success or wait | 817801863 |
Thread resumed | TID: 3396 PID: 1552 Path: C:\WINDOWS\explorer.exe | success or wait | 817803008 |
File write | Path: \globpluginspipe Offset: unknown Length: 4 Value: 41 0C 02 00 | success or wait | 817810312 |
File write | Path: \globpluginspipe Offset: unknown Length: 134209 Value: 67 6C 6F 62 70 6C 75 67 69 6E 73 00 04 00 00 00 72 73 74 5F 31 5F 31 00 00 0C 02 00 4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF 00 00 B8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 E8 00 00 00 0E 1F BA 0E 00 B4 09 CD | success or wait | 818583702 |
Thread created | PID: 1552 TID: 3400 EIP: 7C8106F9 Imagepath: C:\WINDOWS\explorer.exe | success or wait | 818778268 |
Thread resumed | TID: 3400 PID: 1552 Path: C:\WINDOWS\explorer.exe | success or wait | 818779012 |
File write | Path: \globpluginspipe Offset: unknown Length: 4 Value: 41 0C 02 00 | success or wait | 819600233 |
File write | Path: \globpluginspipe Offset: unknown Length: 134209 Value: 67 6C 6F 62 70 6C 75 67 69 6E 73 00 04 00 00 00 72 73 74 5F 31 5F 31 00 00 0C 02 00 4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF 00 00 B8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 E8 00 00 00 0E 1F BA 0E 00 B4 09 CD | success or wait | 819792911 |
Thread created | PID: 1552 TID: 3448 EIP: 7C8106F9 Imagepath: C:\WINDOWS\explorer.exe | success or wait | 820555770 |
Thread resumed | TID: 3448 PID: 1552 Path: C:\WINDOWS\explorer.exe | success or wait | 820561219 |
Thread created | PID: 1552 TID: 3540 EIP: 7C8106F9 Imagepath: C:\WINDOWS\explorer.exe | success or wait | 820763548 |
Thread resumed | TID: 3540 PID: 1552 Path: C:\WINDOWS\explorer.exe | success or wait | 820764757 |
File write | Path: \globpluginspipe Offset: unknown Length: 4 Value: 41 0C 02 00 | success or wait | 820765846 |
File write | Path: \globpluginspipe Offset: unknown Length: 134209 Value: 67 6C 6F 62 70 6C 75 67 69 6E 73 00 04 00 00 00 72 73 74 5F 31 5F 31 00 00 0C 02 00 4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF 00 00 B8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 E8 00 00 00 0E 1F BA 0E 00 B4 09 CD | success or wait | 820939652 |
File write | Path: \globpluginspipe Offset: unknown Length: 4 Value: 41 0C 02 00 | success or wait | 821157546 |
File write | Path: \globpluginspipe Offset: unknown Length: 134209 Value: 67 6C 6F 62 70 6C 75 67 69 6E 73 00 04 00 00 00 72 73 74 5F 31 5F 31 00 00 0C 02 00 4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF 00 00 B8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 E8 00 00 00 0E 1F BA 0E 00 B4 09 CD | success or wait | 821935629 |
Thread created | PID: 1552 TID: 3520 EIP: 7C8106F9 Imagepath: C:\WINDOWS\explorer.exe | success or wait | 822133466 |
Thread resumed | TID: 3520 PID: 1552 Path: C:\WINDOWS\explorer.exe | success or wait | 822134207 |
Thread created | PID: 1552 TID: 3496 EIP: 7C8106F9 Imagepath: C:\WINDOWS\explorer.exe | success or wait | 822318809 |
Thread resumed | TID: 3496 PID: 1552 Path: C:\WINDOWS\explorer.exe | success or wait | 822321212 |
File write | Path: \globpluginspipe Offset: unknown Length: 4 Value: 41 0C 02 00 | success or wait | 822321693 |
File write | Path: \globpluginspipe Offset: unknown Length: 134209 Value: 67 6C 6F 62 70 6C 75 67 69 6E 73 00 04 00 00 00 72 73 74 5F 31 5F 31 00 00 0C 02 00 4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF 00 00 B8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 E8 00 00 00 0E 1F BA 0E 00 B4 09 CD | success or wait | 822514735 |
File write | Path: \globpluginspipe Offset: unknown Length: 4 Value: 41 0C 02 00 | success or wait | 823113655 |
File write | Path: \globpluginspipe Offset: unknown Length: 134209 Value: 67 6C 6F 62 70 6C 75 67 69 6E 73 00 04 00 00 00 72 73 74 5F 31 5F 31 00 00 0C 02 00 4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF 00 00 B8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 E8 00 00 00 0E 1F BA 0E 00 B4 09 CD | success or wait | 823288797 |
Thread created | PID: 1552 TID: 3568 EIP: 7C8106F9 Imagepath: C:\WINDOWS\explorer.exe | success or wait | 823501769 |
Thread resumed | TID: 3568 PID: 1552 Path: C:\WINDOWS\explorer.exe | success or wait | 823502488 |
Thread created | PID: 1552 TID: 3544 EIP: 7C8106F9 Imagepath: C:\WINDOWS\explorer.exe | success or wait | 823655031 |
Thread resumed | TID: 3544 PID: 1552 Path: C:\WINDOWS\explorer.exe | success or wait | 823655740 |
File write | Path: \globpluginspipe Offset: unknown Length: 4 Value: 41 0C 02 00 | success or wait | 823658425 |
File write | Path: \globpluginspipe Offset: unknown Length: 134209 Value: 67 6C 6F 62 70 6C 75 67 69 6E 73 00 04 00 00 00 72 73 74 5F 31 5F 31 00 00 0C 02 00 4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF 00 00 B8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 E8 00 00 00 0E 1F BA 0E 00 B4 09 CD | success or wait | 824373871 |
File write | Path: \globpluginspipe Offset: unknown Length: 4 Value: 41 0C 02 00 | success or wait | 824567212 |
File write | Path: \globpluginspipe Offset: unknown Length: 134209 Value: 67 6C 6F 62 70 6C 75 67 69 6E 73 00 04 00 00 00 72 73 74 5F 31 5F 31 00 00 0C 02 00 4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF 00 00 B8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 E8 00 00 00 0E 1F BA 0E 00 B4 09 CD | success or wait | 824741265 |
Thread created | PID: 1552 TID: 3608 EIP: 7C8106F9 Imagepath: C:\WINDOWS\explorer.exe | success or wait | 826795053 |
Thread resumed | TID: 3608 PID: 1552 Path: C:\WINDOWS\explorer.exe | success or wait | 826795451 |
File write | Path: \globpluginspipe Offset: unknown Length: 4 Value: 41 0C 02 00 | success or wait | 826796410 |
File write | Path: \globpluginspipe Offset: unknown Length: 134209 Value: 67 6C 6F 62 70 6C 75 67 69 6E 73 00 04 00 00 00 72 73 74 5F 31 5F 31 00 00 0C 02 00 4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF 00 00 B8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 E8 00 00 00 0E 1F BA 0E 00 B4 09 CD | success or wait | 826861554 |
Sections | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
File Activities:
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Section Activities:
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Registry Activities:
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Mutant Activities:
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Process Activities:
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Memory Activities:
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
System Activities:
|
Chronological sections | |||
Operation | Data | Completion | Time |
Section loaded | Path: \KnownDlls\kernel32.dll Access: write and read and execute Type: unknown Baseaddress: 7C800000 Size: 1007616 Protection: read write Mapped to pid: own pid | success or wait | 534686217 |
Process information queried | PID: 784 Info Class: Cookie | success or wait | 534687524 |
Section loaded | Path: unknown Access: query and write and read and execute and extend size Type: reserve Baseaddress: 7C800000 Size: 1007616 Protection: read write Mapped to pid: own pid | success or wait | 534687855 |
Section loaded | Path: \NLS\NlsSectionUnicode Access: read Type: unknown Baseaddress: 260000 Size: 90112 Protection: readonly Mapped to pid: own pid | success or wait | 534689388 |
Section loaded | Path: \NLS\NlsSectionLocale Access: read Type: unknown Baseaddress: 280000 Size: 266240 Protection: readonly Mapped to pid: own pid | success or wait | 534689978 |
Section loaded | Path: \NLS\NlsSectionSortkey Access: query and read Type: unknown Baseaddress: 2D0000 Size: 266240 Protection: readonly Mapped to pid: own pid | success or wait | 534690474 |
Section loaded | Path: \NLS\NlsSectionSortTbls Access: read Type: unknown Baseaddress: 320000 Size: 24576 Protection: readonly Mapped to pid: own pid | success or wait | 534690823 |
Section loaded | Path: \NLS\NlsSectionSortkey00000409 Access: read Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 534691441 |
Section loaded | Path: \NLS\NlsSectionSortkey00000409 Access: read Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 534691574 |
Process information queried | PID: 784 Info Class: ImageInformation | success or wait | 534692560 |
Memory attributes changed | PID: 784 Path: C:\skhfushjflw\skhfushjflw.exe Base: 400000 Length: 1000 New Protection: page read and write New Protection: page readonly | success or wait | 534746777 |
Memory attributes changed | PID: 784 Path: C:\skhfushjflw\skhfushjflw.exe Base: 400000 Length: 1000 New Protection: page readonly New Protection: page read and write | success or wait | 534747145 |
Memory attributes changed | PID: 784 Path: C:\skhfushjflw\skhfushjflw.exe Base: 45115C Length: 1000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 534747654 |
Memory attributes changed | PID: 784 Path: C:\skhfushjflw\skhfushjflw.exe Base: 464384 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 534747916 |
Memory allocated | PID: 784 Path: C:\skhfushjflw\skhfushjflw.exe Base: 330000 Length: 12FFAC Allocation Type: unknown Protection: page execute and read and write | success or wait | 534748141 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\ComputerName\ActiveComputerName Name: ComputerName | success or wait | 534748932 |
File created | Path: C:\skhfushjflw\ Access: read data or list directory and synchronize Options: directory file and synchronous io non alert and open for backup ident Attributes: normal Content Overwritten: null | object name collision | 534764265 |
Mutant created | Name: \BaseNamedObjects\ofjwkwufhdjfgki | success or wait | 534764796 |
Memory allocated | PID: 784 Path: C:\skhfushjflw\skhfushjflw.exe Base: 330000 Length: 12FC10 Allocation Type: unknown Protection: page execute and read and write | success or wait | 534764991 |
Section loaded | Path: \KnownDlls\CRYPT32.dll Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 534766701 |
Section loaded | Path: C:\WINDOWS\system32\crypt32.dll Access: query and write and read and execute Type: image Baseaddress: 77A80000 Size: 610304 Protection: read write Mapped to pid: own pid | success or wait | 534767573 |
Section loaded | Path: \KnownDlls\ADVAPI32.dll Access: write and read and execute Type: unknown Baseaddress: 77DD0000 Size: 634880 Protection: read write Mapped to pid: own pid | success or wait | 534769425 |
Section loaded | Path: \KnownDlls\RPCRT4.dll Access: write and read and execute Type: unknown Baseaddress: 77E70000 Size: 602112 Protection: read write Mapped to pid: own pid | success or wait | 534770795 |
Section loaded | Path: \KnownDlls\Secur32.dll Access: write and read and execute Type: unknown Baseaddress: 77FE0000 Size: 69632 Protection: read write Mapped to pid: own pid | success or wait | 534772508 |
Section loaded | Path: \KnownDlls\MSASN1.dll Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 534775418 |
Section loaded | Path: C:\WINDOWS\system32\msasn1.dll Access: query and write and read and execute Type: image Baseaddress: 77B20000 Size: 73728 Protection: read write Mapped to pid: own pid | success or wait | 534776023 |
Section loaded | Path: \KnownDlls\msvcrt.dll Access: write and read and execute Type: unknown Baseaddress: 77C10000 Size: 360448 Protection: read write Mapped to pid: own pid | success or wait | 534777606 |
Section loaded | Path: \KnownDlls\USER32.dll Access: write and read and execute Type: unknown Baseaddress: 7E410000 Size: 593920 Protection: read write Mapped to pid: own pid | success or wait | 534779358 |
Section loaded | Path: \KnownDlls\GDI32.dll Access: write and read and execute Type: unknown Baseaddress: 77F10000 Size: 299008 Protection: read write Mapped to pid: own pid | success or wait | 534779989 |
Section loaded | Path: \NLS\NlsSectionCType Access: read Type: unknown Baseaddress: 390000 Size: 12288 Protection: readonly Mapped to pid: own pid | success or wait | 534786510 |
Process information queried | PID: 784 Info Class: Cookie | success or wait | 534787661 |
Process information queried | PID: 784 Info Class: Cookie | success or wait | 534787772 |
Section loaded | Path: C:\WINDOWS\system32\imm32.dll Access: write and read and execute Type: commit Baseaddress: 3A0000 Size: 110592 Protection: execute Mapped to pid: own pid | success or wait | 534788715 |
Section loaded | Path: C:\WINDOWS\system32\imm32.dll Access: write and read and execute Type: commit Baseaddress: 3A0000 Size: 110592 Protection: execute Mapped to pid: own pid | success or wait | 534789909 |
Section loaded | Path: C:\WINDOWS\system32\imm32.dll Access: query and write and read and execute Type: image Baseaddress: 76390000 Size: 118784 Protection: read write Mapped to pid: own pid | success or wait | 534790930 |
Section loaded | Path: \KnownDlls\WS2_32.dll Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 534798288 |
Section loaded | Path: C:\WINDOWS\system32\ws2_32.dll Access: query and write and read and execute Type: image Baseaddress: 71AB0000 Size: 94208 Protection: read write Mapped to pid: own pid | success or wait | 534798877 |
Section loaded | Path: \KnownDlls\WS2HELP.dll Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 534800672 |
Section loaded | Path: C:\WINDOWS\system32\ws2help.dll Access: query and write and read and execute Type: image Baseaddress: 71AA0000 Size: 32768 Protection: read write Mapped to pid: own pid | success or wait | 534801291 |
Section loaded | Path: \KnownDlls\WININET.dll Access: write and read and execute Type: unknown Baseaddress: 3D930000 Size: 942080 Protection: read write Mapped to pid: own pid | success or wait | 534803607 |
Section loaded | Path: \KnownDlls\SHLWAPI.dll Access: write and read and execute Type: unknown Baseaddress: 77F60000 Size: 483328 Protection: read write Mapped to pid: own pid | success or wait | 534804795 |
Section loaded | Path: \KnownDlls\Normaliz.dll Access: write and read and execute Type: unknown Baseaddress: 3C0000 Size: 36864 Protection: read write Mapped to pid: own pid | conflicting addresses | 534808137 |
Section loaded | Path: \KnownDlls\urlmon.dll Access: write and read and execute Type: unknown Baseaddress: 78130000 Size: 1257472 Protection: read write Mapped to pid: own pid | success or wait | 534810767 |
Section loaded | Path: \KnownDlls\ole32.dll Access: write and read and execute Type: unknown Baseaddress: 774E0000 Size: 1302528 Protection: read write Mapped to pid: own pid | success or wait | 534812008 |
Section loaded | Path: \KnownDlls\OLEAUT32.dll Access: write and read and execute Type: unknown Baseaddress: 77120000 Size: 569344 Protection: read write Mapped to pid: own pid | success or wait | 534815216 |
Section loaded | Path: \KnownDlls\iertutil.dll Access: write and read and execute Type: unknown Baseaddress: 3DFD0000 Size: 2002944 Protection: read write Mapped to pid: own pid | success or wait | 534819592 |
Section loaded | Path: C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll Access: write and read and execute Type: commit Baseaddress: 950000 Size: 1056768 Protection: execute Mapped to pid: own pid | success or wait | 534843506 |
Section loaded | Path: C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll Access: query and write and read and execute Type: image Baseaddress: 773D0000 Size: 1060864 Protection: read write Mapped to pid: own pid | success or wait | 534844751 |
Section loaded | Path: C:\WINDOWS\WindowsShell.Manifest Access: write and read and execute Type: commit Baseaddress: 3E0000 Size: 4096 Protection: execute Mapped to pid: own pid | success or wait | 534848880 |
Section loaded | Path: C:\WINDOWS\WindowsShell.Manifest Access: query and read Type: commit Baseaddress: 3E0000 Size: 4096 Protection: readonly Mapped to pid: own pid | success or wait | 534850310 |
Section loaded | Path: C:\WINDOWS\WindowsShell.Manifest Access: read Type: commit Baseaddress: 3E0000 Size: 4096 Protection: readonly Mapped to pid: own pid | success or wait | 534851554 |
Section loaded | Path: \KnownDlls\SHELL32.dll Access: write and read and execute Type: unknown Baseaddress: 7C9C0000 Size: 8482816 Protection: read write Mapped to pid: own pid | success or wait | 534890258 |
Section loaded | Path: C:\WINDOWS\system32\shell32.dll Access: read Type: commit Baseaddress: B50000 Size: 8462336 Protection: readonly Mapped to pid: own pid | success or wait | 534894915 |
Section loaded | Path: \KnownDlls\comctl32.dll Access: write and read and execute Type: unknown Baseaddress: 5D090000 Size: 630784 Protection: read write Mapped to pid: own pid | success or wait | 534907338 |
Section loaded | Path: C:\WINDOWS\system32\comctl32.dll Access: read Type: commit Baseaddress: B60000 Size: 618496 Protection: readonly Mapped to pid: own pid | success or wait | 534912018 |
Process information queried | PID: 784 Info Class: SessionInformation | success or wait | 534915245 |
File opened | Path: C:\skhfushjflw\config.bin Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: normal Content Overwritten: null | object name not found | 534917215 |
File created | Path: C:\skhfushjflw\config.bin Access: read attributes and synchronize and generic write Options: synchronous io non alert and non directory file Attributes: normal Content Overwritten: null | success or wait | 534917678 |
File write | Path: C:\skhfushjflw\config.bin Offset: unknown Length: 74019 Value: 50 5F A6 6E 46 82 4F 8B 57 93 A9 9E 12 94 50 94 50 94 50 94 50 94 65 A2 66 A2 68 AC 79 BD E4 97 C1 E3 88 2B 9D C5 E2 92 23 B3 04 C0 03 7C B1 2A B3 BE CE AD 37 FD 39 FD 3B 6B 1F 81 21 06 02 04 95 44 7B 58 4F 33 E4 CF A8 3F D4 7E 21 05 7D B3 67 3E 96 B1 22 34 C2 F2 16 A5 36 26 B2 39 84 48 E5 22 EE 43 | success or wait | 534953011 |
File opened | Path: C:\skhfushjflw\config.bin Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: normal Content Overwritten: null | success or wait | 534954700 |
File read | Path: C:\skhfushjflw\config.bin Offset: unknown Length: 74019 Value: 50 5F A6 6E 46 82 4F 8B 57 93 A9 9E 12 94 50 94 50 94 50 94 50 94 65 A2 66 A2 68 AC 79 BD E4 97 C1 E3 88 2B 9D C5 E2 92 23 B3 04 C0 03 7C B1 2A B3 BE CE AD 37 FD 39 FD 3B 6B 1F 81 21 06 02 04 95 44 7B 58 4F 33 E4 CF A8 3F D4 7E 21 05 7D B3 67 3E 96 B1 22 34 C2 F2 16 A5 36 26 B2 39 84 48 E5 22 EE 43 | success or wait | 534955467 |
Section loaded | Path: \BaseNamedObjects\DBWIN_BUFFER Access: write Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 534993699 |
File opened | Path: \pipe\globpluginsuninstallpipe Access: read attributes and synchronize and generic write Options: synchronous io non alert and non directory file Attributes: none Content Overwritten: null | object name not found | 534993881 |
System info queried | Type: ProcessInformation | success or wait | 534994240 |
Section loaded | Path: unknown Access: query and write and read Type: commit Baseaddress: B60000 Size: 20480 Protection: read write Mapped to pid: own pid | success or wait | 534996698 |
Memory allocated | PID: 1552 Path: C:\WINDOWS\explorer.exe Base: BAD0000 Length: 12F620 Allocation Type: unknown Protection: page execute and read and write | success or wait | 534999641 |
Memory attributes changed | PID: 1552 Path: C:\WINDOWS\explorer.exe Base: BAD0000 Length: 4D000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 534999751 |
Memory attributes changed | PID: 1552 Path: C:\WINDOWS\explorer.exe Base: BAD0000 Length: 4D000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 534999877 |
Memory attributes changed | PID: 1552 Path: C:\WINDOWS\explorer.exe Base: BAD0000 Length: 4D000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 534999969 |
Memory written | PID: 1552 Path: C:\WINDOWS\explorer.exe Base: BAD0000 Length: 315392 Value: 4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF 00 00 B8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4C 01 02 00 9B 20 34 4D 00 00 00 00 00 00 00 00 E0 00 02 01 0B 01 0A 00 00 8C 04 00 00 22 00 00 00 00 00 00 72 44 02 00 00 10 00 | success or wait | 535011185 |
Process terminated | PID: 784 Path: C:\skhfushjflw\skhfushjflw.exe | success or wait | 535024643 |
Process information queried | PID: 784 Info Class: Cookie | success or wait | 535041728 |
Process information queried | PID: 784 Info Class: Cookie | success or wait | 535041826 |
Sections | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
File Activities:
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Section Activities:
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Registry Activities:
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Mutant Activities:
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Process Activities:
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Thread Activities:
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Memory Activities:
|
Chronological sections | |||
Operation | Data | Completion | Time |
Process information queried | PID: 576 Info Class: Cookie | success or wait | 539488505 |
Process information queried | PID: 576 Info Class: Cookie | success or wait | 539488614 |
Section loaded | Path: \KnownDlls\WININET.dll Access: write and read and execute Type: unknown Baseaddress: 3D930000 Size: 942080 Protection: read write Mapped to pid: own pid | success or wait | 539489065 |
Section loaded | Path: \KnownDlls\Normaliz.dll Access: write and read and execute Type: unknown Baseaddress: 1360000 Size: 36864 Protection: read write Mapped to pid: own pid | conflicting addresses | 539491321 |
Section loaded | Path: \KnownDlls\urlmon.dll Access: write and read and execute Type: unknown Baseaddress: 78130000 Size: 1257472 Protection: read write Mapped to pid: own pid | success or wait | 539494167 |
Section loaded | Path: \KnownDlls\iertutil.dll Access: write and read and execute Type: unknown Baseaddress: 3DFD0000 Size: 2002944 Protection: read write Mapped to pid: own pid | success or wait | 539497400 |
Process information queried | PID: 576 Info Class: Cookie | success or wait | 539535383 |
Process information queried | PID: 576 Info Class: Cookie | success or wait | 539535487 |
Process information queried | PID: 576 Info Class: Cookie | success or wait | 539537841 |
Process information queried | PID: 576 Info Class: Cookie | success or wait | 539537943 |
Process information queried | PID: 576 Info Class: Cookie | success or wait | 539540108 |
Section loaded | Path: C:\WINDOWS\system32\msctf.dll Access: write and read and execute Type: commit Baseaddress: 1520000 Size: 299008 Protection: execute Mapped to pid: own pid | success or wait | 539540697 |
Memory attributes changed | PID: 576 Path: C:\WINDOWS\system32\winlogon.exe Base: 7C90D76E Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 539542130 |
File opened | Path: C:\WINDOWS\system32\ntdll.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: null | success or wait | 539542507 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@d8f5e8 | success or wait | 539542812 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 4 Value: D0 00 00 00 | success or wait | 539542902 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1f86e79 | success or wait | 539543773 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 20 Value: 4C 01 04 00 7D F2 00 4D 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 539543863 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 D0 07 00 00 3C 03 00 00 00 00 00 F8 20 01 00 00 10 00 00 00 90 07 00 00 00 90 7C 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 0A 00 00 00 00 00 00 20 0B 00 00 04 00 00 30 FD 0A 00 03 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 34 00 00 | success or wait | 539543970 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@11cfa21 | success or wait | 539544179 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 DA CE 07 00 00 10 00 00 00 D0 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 20 4A 00 00 00 E0 07 00 00 32 00 00 00 D4 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 78 BE 02 00 00 30 08 00 00 C0 02 00 | success or wait | 539544266 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@169be56 | success or wait | 539544675 |
Section loaded | Path: C:\WINDOWS\system32\ntdll.dll Access: query and read Type: commit Baseaddress: 1390000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 539544793 |
Memory attributes changed | PID: 576 Path: C:\WINDOWS\system32\winlogon.exe Base: 7C90D76E Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 539546688 |
Memory attributes changed | PID: 576 Path: C:\WINDOWS\system32\winlogon.exe Base: BAFCD70 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 539546792 |
Memory attributes changed | PID: 576 Path: C:\WINDOWS\system32\winlogon.exe Base: 7C90DF1E Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 539546898 |
File opened | Path: C:\WINDOWS\system32\ntdll.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: null | success or wait | 539547239 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@d8f5e8 | success or wait | 539547542 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 4 Value: D0 00 00 00 | success or wait | 539547632 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1f86e79 | success or wait | 539547766 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 20 Value: 4C 01 04 00 7D F2 00 4D 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 539547854 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 D0 07 00 00 3C 03 00 00 00 00 00 F8 20 01 00 00 10 00 00 00 90 07 00 00 00 90 7C 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 0A 00 00 00 00 00 00 20 0B 00 00 04 00 00 30 FD 0A 00 03 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 34 00 00 | success or wait | 539547959 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@11cfa21 | success or wait | 539548166 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 DA CE 07 00 00 10 00 00 00 D0 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 20 4A 00 00 00 E0 07 00 00 32 00 00 00 D4 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 78 BE 02 00 00 30 08 00 00 C0 02 00 | success or wait | 539548253 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@169be56 | success or wait | 539548434 |
Section loaded | Path: C:\WINDOWS\system32\ntdll.dll Access: query and read Type: commit Baseaddress: 1390000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 539548550 |
Memory attributes changed | PID: 576 Path: C:\WINDOWS\system32\winlogon.exe Base: 7C90DF1E Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 539549510 |
Memory attributes changed | PID: 576 Path: C:\WINDOWS\system32\winlogon.exe Base: BB17110 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 539549612 |
Memory attributes changed | PID: 576 Path: C:\WINDOWS\system32\winlogon.exe Base: 7C90D2EE Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 539549718 |
File opened | Path: C:\WINDOWS\system32\ntdll.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: null | success or wait | 539550057 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@d8f5e8 | success or wait | 539550355 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 4 Value: D0 00 00 00 | success or wait | 539550445 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1f86e79 | success or wait | 539550579 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 20 Value: 4C 01 04 00 7D F2 00 4D 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 539550667 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 D0 07 00 00 3C 03 00 00 00 00 00 F8 20 01 00 00 10 00 00 00 90 07 00 00 00 90 7C 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 0A 00 00 00 00 00 00 20 0B 00 00 04 00 00 30 FD 0A 00 03 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 34 00 00 | success or wait | 539550773 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@11cfa21 | success or wait | 539550982 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 DA CE 07 00 00 10 00 00 00 D0 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 20 4A 00 00 00 E0 07 00 00 32 00 00 00 D4 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 78 BE 02 00 00 30 08 00 00 C0 02 00 | success or wait | 539551069 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@169be56 | success or wait | 539551251 |
Section loaded | Path: C:\WINDOWS\system32\ntdll.dll Access: query and read Type: commit Baseaddress: 1390000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 539551366 |
Memory attributes changed | PID: 576 Path: C:\WINDOWS\system32\winlogon.exe Base: 7C90D2EE Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 539552323 |
Memory attributes changed | PID: 576 Path: C:\WINDOWS\system32\winlogon.exe Base: BB02A80 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 539552426 |
Memory attributes changed | PID: 576 Path: C:\WINDOWS\system32\winlogon.exe Base: 7C90DB3E Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 539552532 |
File opened | Path: C:\WINDOWS\system32\ntdll.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: null | success or wait | 539552870 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@d8f5e8 | success or wait | 539553167 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 4 Value: D0 00 00 00 | success or wait | 539553256 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1f86e79 | success or wait | 539553389 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 20 Value: 4C 01 04 00 7D F2 00 4D 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 539553477 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 D0 07 00 00 3C 03 00 00 00 00 00 F8 20 01 00 00 10 00 00 00 90 07 00 00 00 90 7C 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 0A 00 00 00 00 00 00 20 0B 00 00 04 00 00 30 FD 0A 00 03 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 34 00 00 | success or wait | 539553583 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@11cfa21 | success or wait | 539553792 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 DA CE 07 00 00 10 00 00 00 D0 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 20 4A 00 00 00 E0 07 00 00 32 00 00 00 D4 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 78 BE 02 00 00 30 08 00 00 C0 02 00 | success or wait | 539553879 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@169be56 | success or wait | 539554060 |
Section loaded | Path: C:\WINDOWS\system32\ntdll.dll Access: query and read Type: commit Baseaddress: 1390000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 539554175 |
Memory attributes changed | PID: 576 Path: C:\WINDOWS\system32\winlogon.exe Base: 7C90DB3E Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 539555131 |
Memory attributes changed | PID: 576 Path: C:\WINDOWS\system32\winlogon.exe Base: BB169A8 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 539555233 |
Memory attributes changed | PID: 576 Path: C:\WINDOWS\system32\winlogon.exe Base: 7C91632D Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 539555764 |
File opened | Path: C:\WINDOWS\system32\ntdll.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: null | success or wait | 539556127 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@d8f5e8 | success or wait | 539556423 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 4 Value: D0 00 00 00 | success or wait | 539556513 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1f86e79 | success or wait | 539556646 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 20 Value: 4C 01 04 00 7D F2 00 4D 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 539556734 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 D0 07 00 00 3C 03 00 00 00 00 00 F8 20 01 00 00 10 00 00 00 90 07 00 00 00 90 7C 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 0A 00 00 00 00 00 00 20 0B 00 00 04 00 00 30 FD 0A 00 03 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 34 00 00 | success or wait | 539556840 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@11cfa21 | success or wait | 539557047 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 DA CE 07 00 00 10 00 00 00 D0 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 20 4A 00 00 00 E0 07 00 00 32 00 00 00 D4 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 78 BE 02 00 00 30 08 00 00 C0 02 00 | success or wait | 539557134 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@169be56 | success or wait | 539557316 |
Section loaded | Path: C:\WINDOWS\system32\ntdll.dll Access: query and read Type: commit Baseaddress: 1390000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 539557431 |
Memory attributes changed | PID: 576 Path: C:\WINDOWS\system32\winlogon.exe Base: 7C91632D Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 539558863 |
Memory attributes changed | PID: 576 Path: C:\WINDOWS\system32\winlogon.exe Base: BB031F0 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 539558967 |
Memory attributes changed | PID: 576 Path: C:\WINDOWS\system32\winlogon.exe Base: 7E418BF6 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 539559230 |
File opened | Path: C:\WINDOWS\system32\USER32.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: null | success or wait | 539559591 |
File other op | Path: C:\WINDOWS\system32\user32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@14f1b7f | success or wait | 539559901 |
File read | Path: C:\WINDOWS\system32\user32.dll Offset: unknown Length: 4 Value: D8 00 00 00 | success or wait | 539559997 |
File other op | Path: C:\WINDOWS\system32\user32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@964823 | success or wait | 539560672 |
File read | Path: C:\WINDOWS\system32\user32.dll Offset: unknown Length: 20 Value: 4C 01 04 00 1B A1 02 48 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 539560767 |
File read | Path: C:\WINDOWS\system32\user32.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 F4 05 00 00 E2 02 00 00 00 00 00 17 B2 00 00 00 10 00 00 00 B0 05 00 00 00 41 7E 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 00 00 00 00 00 00 00 10 09 00 00 04 00 00 76 FC 08 00 02 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 39 00 00 | success or wait | 539560880 |
File other op | Path: C:\WINDOWS\system32\user32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@5a12f5 | success or wait | 539561095 |
File read | Path: C:\WINDOWS\system32\user32.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 83 F2 05 00 00 10 00 00 00 F4 05 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 80 11 00 00 00 10 06 00 00 0C 00 00 00 F8 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 88 A0 02 00 00 30 06 00 00 A2 02 00 | success or wait | 539561188 |
File other op | Path: C:\WINDOWS\system32\user32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@192b8f5 | success or wait | 539561376 |
Section loaded | Path: C:\WINDOWS\system32\user32.dll Access: query and read Type: commit Baseaddress: 1390000 Size: 57344 Protection: readonly Mapped to pid: own pid | success or wait | 539561498 |
Memory attributes changed | PID: 576 Path: C:\WINDOWS\system32\winlogon.exe Base: 7E418BF6 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 539563798 |
Memory attributes changed | PID: 576 Path: C:\WINDOWS\system32\winlogon.exe Base: BB02140 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 539563907 |
File opened | Path: C:\skhfushjflw\config.bin Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: normal Content Overwritten: null | success or wait | 539564088 |
File read | Path: C:\skhfushjflw\config.bin Offset: unknown Length: 74019 Value: 50 5F A6 6E 46 82 4F 8B 57 93 A9 9E 12 94 50 94 50 94 50 94 50 94 65 A2 66 A2 68 AC 79 BD E4 97 C1 E3 88 2B 9D C5 E2 92 23 B3 04 C0 03 7C B1 2A B3 BE CE AD 37 FD 39 FD 3B 6B 1F 81 21 06 02 04 95 44 7B 58 4F 33 E4 CF A8 3F D4 7E 21 05 7D B3 67 3E 96 B1 22 34 C2 F2 16 A5 36 26 B2 39 84 48 E5 22 EE 43 | success or wait | 539564923 |
Memory attributes changed | PID: 576 Path: C:\WINDOWS\system32\winlogon.exe Base: 3D949088 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 539604692 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: null | success or wait | 539605049 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1ad0dd8 | success or wait | 539605361 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 539605454 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@67ed13 | success or wait | 539606128 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 539606221 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 539606332 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@fd9338 | success or wait | 539606545 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 539606636 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1cc7e90 | success or wait | 539606823 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: 14E0000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 539606943 |
Memory attributes changed | PID: 576 Path: C:\WINDOWS\system32\winlogon.exe Base: 3D949088 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 539609071 |
Memory attributes changed | PID: 576 Path: C:\WINDOWS\system32\winlogon.exe Base: BB17598 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 539609174 |
Memory attributes changed | PID: 576 Path: C:\WINDOWS\system32\winlogon.exe Base: 3D95EE89 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 539609305 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: null | success or wait | 539609658 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1ad0dd8 | success or wait | 539609967 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 539610059 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@67ed13 | success or wait | 539610197 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 539610288 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 539610398 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@fd9338 | success or wait | 539610610 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 539610701 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1cc7e90 | success or wait | 539610887 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: 14E0000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 539611006 |
Memory attributes changed | PID: 576 Path: C:\WINDOWS\system32\winlogon.exe Base: 3D95EE89 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 539612604 |
Memory attributes changed | PID: 576 Path: C:\WINDOWS\system32\winlogon.exe Base: BB16B68 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 539612707 |
Memory attributes changed | PID: 576 Path: C:\WINDOWS\system32\winlogon.exe Base: 3D94FABE Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 539612837 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: null | success or wait | 539613189 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1ad0dd8 | success or wait | 539613494 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 539613587 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@67ed13 | success or wait | 539613724 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 539613815 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 539613923 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@fd9338 | success or wait | 539614135 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 539614225 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1cc7e90 | success or wait | 539614411 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: 14E0000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 539614530 |
Memory attributes changed | PID: 576 Path: C:\WINDOWS\system32\winlogon.exe Base: 3D94FABE Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 539615678 |
Memory attributes changed | PID: 576 Path: C:\WINDOWS\system32\winlogon.exe Base: BAFC6D0 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 539615782 |
Memory attributes changed | PID: 576 Path: C:\WINDOWS\system32\winlogon.exe Base: 3D9A608E Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 539616316 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: null | success or wait | 539616683 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1ad0dd8 | success or wait | 539616985 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 539617078 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@67ed13 | success or wait | 539617214 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 539617305 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 539617414 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@fd9338 | success or wait | 539617625 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 539617716 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1cc7e90 | success or wait | 539617901 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: 14E0000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 539618020 |
Memory attributes changed | PID: 576 Path: C:\WINDOWS\system32\winlogon.exe Base: 3D9A608E Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 539619665 |
Memory attributes changed | PID: 576 Path: C:\WINDOWS\system32\winlogon.exe Base: BB05EA0 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 539619770 |
File opened | Path: C:\skhfushjflw\config.bin Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: normal Content Overwritten: null | success or wait | 539620023 |
File read | Path: C:\skhfushjflw\config.bin Offset: unknown Length: 74019 Value: 50 5F A6 6E 46 82 4F 8B 57 93 A9 9E 12 94 50 94 50 94 50 94 50 94 65 A2 66 A2 68 AC 79 BD E4 97 C1 E3 88 2B 9D C5 E2 92 23 B3 04 C0 03 7C B1 2A B3 BE CE AD 37 FD 39 FD 3B 6B 1F 81 21 06 02 04 95 44 7B 58 4F 33 E4 CF A8 3F D4 7E 21 05 7D B3 67 3E 96 B1 22 34 C2 F2 16 A5 36 26 B2 39 84 48 E5 22 EE 43 | success or wait | 539620386 |
Memory attributes changed | PID: 576 Path: C:\WINDOWS\system32\winlogon.exe Base: 3D94D508 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 539659955 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: null | success or wait | 539661433 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1ad0dd8 | success or wait | 539662002 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 539662285 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@67ed13 | success or wait | 539662580 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 539662795 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 539663005 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@fd9338 | success or wait | 539663308 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 539663463 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1cc7e90 | success or wait | 539663709 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: 14E0000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 539663871 |
Memory attributes changed | PID: 576 Path: C:\WINDOWS\system32\winlogon.exe Base: 3D94D508 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 539665145 |
Memory attributes changed | PID: 576 Path: C:\WINDOWS\system32\winlogon.exe Base: BB06620 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 539665249 |
Memory attributes changed | PID: 576 Path: C:\WINDOWS\system32\winlogon.exe Base: 3D94CF4E Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 539665376 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: null | success or wait | 539665732 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1ad0dd8 | success or wait | 539666036 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 539666128 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@67ed13 | success or wait | 539666265 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 539666356 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 539666465 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@fd9338 | success or wait | 539666676 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 539666767 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1cc7e90 | success or wait | 539666953 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: 14E0000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 539667071 |
Memory attributes changed | PID: 576 Path: C:\WINDOWS\system32\winlogon.exe Base: 3D94CF4E Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 539668217 |
Memory attributes changed | PID: 576 Path: C:\WINDOWS\system32\winlogon.exe Base: BB17758 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 539668324 |
Memory attributes changed | PID: 576 Path: C:\WINDOWS\system32\winlogon.exe Base: 3D94878D Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 539668453 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: null | success or wait | 539668809 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1ad0dd8 | success or wait | 539669112 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 539669205 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@67ed13 | success or wait | 539669342 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 539669433 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 539669541 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@fd9338 | success or wait | 539669754 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 539669845 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1cc7e90 | success or wait | 539670031 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: 14E0000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 539670150 |
Memory attributes changed | PID: 576 Path: C:\WINDOWS\system32\winlogon.exe Base: 3D94878D Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 539672150 |
Memory attributes changed | PID: 576 Path: C:\WINDOWS\system32\winlogon.exe Base: BB033B0 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 539672257 |
Memory attributes changed | PID: 576 Path: C:\WINDOWS\system32\winlogon.exe Base: 3D940049 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 539672386 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: null | success or wait | 539672739 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1ad0dd8 | success or wait | 539673045 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 539673137 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@67ed13 | success or wait | 539673273 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 539673364 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 539673473 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@fd9338 | success or wait | 539673684 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 539673775 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1cc7e90 | success or wait | 539673960 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: 14E0000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 539674079 |
Memory attributes changed | PID: 576 Path: C:\WINDOWS\system32\winlogon.exe Base: 3D940049 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 539675775 |
Memory attributes changed | PID: 576 Path: C:\WINDOWS\system32\winlogon.exe Base: BB17AA8 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 539675879 |
Memory attributes changed | PID: 576 Path: C:\WINDOWS\system32\winlogon.exe Base: 3D94BF83 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 539676007 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: null | success or wait | 539676363 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1ad0dd8 | success or wait | 539676668 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 539676761 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@67ed13 | success or wait | 539676897 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 539676988 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 539677097 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@fd9338 | success or wait | 539677309 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 539677400 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1cc7e90 | success or wait | 539677585 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: 14E0000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 539677704 |
Memory attributes changed | PID: 576 Path: C:\WINDOWS\system32\winlogon.exe Base: 3D94BF83 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 539678852 |
Memory attributes changed | PID: 576 Path: C:\WINDOWS\system32\winlogon.exe Base: BB02C30 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 539678960 |
Memory attributes changed | PID: 576 Path: C:\WINDOWS\system32\winlogon.exe Base: 3D94654B Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 539679088 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: null | success or wait | 539679439 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1ad0dd8 | success or wait | 539679742 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 539679835 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@67ed13 | success or wait | 539679972 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 539680063 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 539680172 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@fd9338 | success or wait | 539680384 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 539680475 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1cc7e90 | success or wait | 539680661 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: 14E0000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 539680780 |
Memory attributes changed | PID: 576 Path: C:\WINDOWS\system32\winlogon.exe Base: 3D94654B Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 539681926 |
Memory attributes changed | PID: 576 Path: C:\WINDOWS\system32\winlogon.exe Base: BB035C0 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 539682030 |
Memory attributes changed | PID: 576 Path: C:\WINDOWS\system32\winlogon.exe Base: 3D963381 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 539682157 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: null | success or wait | 539682923 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1ad0dd8 | success or wait | 539683227 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 539683320 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@67ed13 | success or wait | 539683457 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 539683548 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 539683658 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@fd9338 | success or wait | 539683870 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 539683961 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1cc7e90 | success or wait | 539684147 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: 14E0000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 539684266 |
Memory attributes changed | PID: 576 Path: C:\WINDOWS\system32\winlogon.exe Base: 3D963381 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 539685813 |
Memory attributes changed | PID: 576 Path: C:\WINDOWS\system32\winlogon.exe Base: BAFCB48 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 539685936 |
Memory attributes changed | PID: 576 Path: C:\WINDOWS\system32\winlogon.exe Base: 71AB4C27 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 539686078 |
File opened | Path: C:\WINDOWS\system32\WS2_32.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: null | success or wait | 539686489 |
File other op | Path: C:\WINDOWS\system32\ws2_32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@8920dc | success or wait | 539686803 |
File read | Path: C:\WINDOWS\system32\ws2_32.dll Offset: unknown Length: 4 Value: F0 00 00 00 | success or wait | 539686906 |
File other op | Path: C:\WINDOWS\system32\ws2_32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@cc5819 | success or wait | 539687581 |
File read | Path: C:\WINDOWS\system32\ws2_32.dll Offset: unknown Length: 20 Value: 4C 01 04 00 63 A1 02 48 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 539687683 |
File read | Path: C:\WINDOWS\system32\ws2_32.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 22 01 00 00 1C 00 00 00 00 00 00 73 12 00 00 00 10 00 00 00 20 01 00 00 00 AB 71 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 0A 00 00 00 00 00 00 70 01 00 00 04 00 00 20 F0 01 00 03 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 04 14 00 00 | success or wait | 539687803 |
File other op | Path: C:\WINDOWS\system32\ws2_32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1abfbc6 | success or wait | 539688025 |
File read | Path: C:\WINDOWS\system32\ws2_32.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 53 21 01 00 00 10 00 00 00 22 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 14 09 00 00 00 40 01 00 00 0A 00 00 00 26 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 F8 03 00 00 00 50 01 00 00 04 00 00 | success or wait | 539688126 |
File other op | Path: C:\WINDOWS\system32\ws2_32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1eb84f | success or wait | 539688321 |
Section loaded | Path: C:\WINDOWS\system32\ws2_32.dll Access: query and read Type: commit Baseaddress: 14E0000 Size: 20480 Protection: readonly Mapped to pid: own pid | success or wait | 539688450 |
Memory attributes changed | PID: 576 Path: C:\WINDOWS\system32\winlogon.exe Base: 71AB4C27 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 540590387 |
File opened | Path: C:\WINDOWS\system32\ADVAPI32.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: null | success or wait | 540591070 |
File other op | Path: C:\WINDOWS\system32\advapi32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@d68b39 | success or wait | 540591428 |
File read | Path: C:\WINDOWS\system32\advapi32.dll Offset: unknown Length: 4 Value: F0 00 00 00 | success or wait | 540591531 |
File other op | Path: C:\WINDOWS\system32\advapi32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@14e54d8 | success or wait | 540592218 |
File read | Path: C:\WINDOWS\system32\advapi32.dll Offset: unknown Length: 20 Value: 4C 01 04 00 48 1D 90 49 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 540592320 |
File read | Path: C:\WINDOWS\system32\advapi32.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 46 07 00 00 3E 02 00 00 00 00 00 0B 71 00 00 00 10 00 00 00 20 07 00 00 00 DD 77 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 00 00 00 00 00 00 00 B0 09 00 00 04 00 00 B8 5B 0A 00 03 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 A4 16 00 00 | success or wait | 540592440 |
File other op | Path: C:\WINDOWS\system32\advapi32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1a4536d | success or wait | 540592663 |
File read | Path: C:\WINDOWS\system32\advapi32.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 C9 45 07 00 00 10 00 00 00 46 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 28 46 00 00 00 60 07 00 00 2C 00 00 00 4A 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 80 A9 01 00 00 B0 07 00 00 AA 01 00 | success or wait | 540592764 |
File other op | Path: C:\WINDOWS\system32\advapi32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1613fe7 | success or wait | 540592959 |
Section loaded | Path: C:\WINDOWS\system32\advapi32.dll Access: query and read Type: commit Baseaddress: 14E0000 Size: 28672 Protection: readonly Mapped to pid: own pid | success or wait | 540593090 |
File opened | Path: C:\WINDOWS\system32\CRYPT32.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: null | success or wait | 540595740 |
File other op | Path: C:\WINDOWS\system32\crypt32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1aa5f9b | success or wait | 540596004 |
File read | Path: C:\WINDOWS\system32\crypt32.dll Offset: unknown Length: 4 Value: F0 00 00 00 | success or wait | 540596107 |
File other op | Path: C:\WINDOWS\system32\crypt32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@6abd0b | success or wait | 540596786 |
File read | Path: C:\WINDOWS\system32\crypt32.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D7 A0 02 48 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 540596888 |
File read | Path: C:\WINDOWS\system32\crypt32.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 44 08 00 00 DC 00 00 00 00 00 00 32 16 00 00 00 10 00 00 00 20 08 00 00 00 A8 77 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 00 00 00 00 00 00 00 50 09 00 00 04 00 00 30 C5 09 00 02 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 9C 1A 00 00 | success or wait | 540597007 |
File other op | Path: C:\WINDOWS\system32\crypt32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1a13f3d | success or wait | 540597230 |
File read | Path: C:\WINDOWS\system32\crypt32.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 C4 43 08 00 00 10 00 00 00 44 08 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 E8 23 00 00 00 60 08 00 00 24 00 00 00 48 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 50 67 00 00 00 90 08 00 00 68 00 00 | success or wait | 540597330 |
File other op | Path: C:\WINDOWS\system32\crypt32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@13ef605 | success or wait | 540597525 |
Section loaded | Path: C:\WINDOWS\system32\crypt32.dll Access: query and read Type: commit Baseaddress: 14E0000 Size: 77824 Protection: readonly Mapped to pid: own pid | success or wait | 540597654 |
Mutant created | Name: \BaseNamedObjects\WTFGQ7AIWawyMYWWRAk3SWXkgj39MdG | success or wait | 540599989 |
Thread created | PID: 576 TID: 120 EIP: 7C8106F9 Imagepath: C:\WINDOWS\system32\winlogon.exe | success or wait | 540600981 |
Thread resumed | TID: 120 PID: 576 Path: C:\WINDOWS\system32\winlogon.exe | success or wait | 540601637 |
Process information queried | PID: 576 Info Class: Cookie | success or wait | 540602082 |
Process information queried | PID: 576 Info Class: Cookie | success or wait | 540602207 |
Process information queried | PID: 576 Info Class: Wow64Information | success or wait | 540602574 |
File opened | Path: C:\WINDOWS\system32\ws2_32.dll Access: synchronize and generic read Options: synchronous io non alert and non directory file and random access Overwritten: false | success or wait | 540602694 |
Section loaded | Path: C:\WINDOWS\system32\ws2_32.dll Access: query and write and read and execute and extend size Type: image Baseaddress: 1A70000 Size: 94208 Protection: readonly Mapped to pid: own pid | image not at base | 540603020 |
Thread created | PID: 576 TID: 540 EIP: 7C8106F9 Imagepath: C:\WINDOWS\system32\winlogon.exe | success or wait | 540603511 |
Thread resumed | TID: 540 PID: 576 Path: C:\WINDOWS\system32\winlogon.exe | success or wait | 540604531 |
Process information queried | PID: 576 Info Class: Cookie | success or wait | 540605259 |
Process information queried | PID: 576 Info Class: Cookie | success or wait | 540605467 |
File opened | Path: \pipe\globpluginspipe Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: none Content Overwritten: null | object name not found | 540605783 |
Thread created | PID: 576 TID: 1124 EIP: 7C8106F9 Imagepath: C:\WINDOWS\system32\winlogon.exe | success or wait | 540605979 |
Process information queried | PID: 576 Info Class: Cookie | success or wait | 540606879 |
Thread resumed | TID: 1124 PID: 576 Path: C:\WINDOWS\system32\winlogon.exe | success or wait | 540607530 |
Section loaded | Path: C:\WINDOWS\system32\msctf.dll Access: write and read and execute Type: commit Baseaddress: 1A90000 Size: 299008 Protection: execute Mapped to pid: own pid | success or wait | 540608326 |
Section loaded | Path: C:\WINDOWS\system32\mswsock.dll Access: write and read and execute Type: commit Baseaddress: 1520000 Size: 245760 Protection: execute Mapped to pid: own pid | success or wait | 540609701 |
Section loaded | Path: C:\WINDOWS\system32\mswsock.dll Access: query and write and read and execute Type: image Baseaddress: 71A50000 Size: 258048 Protection: read write Mapped to pid: own pid | success or wait | 540620454 |
Process information queried | PID: 576 Info Class: Cookie | success or wait | 540656594 |
Section loaded | Path: C:\WINDOWS\system32\msctf.dll Access: write and read and execute Type: commit Baseaddress: 1A90000 Size: 299008 Protection: execute Mapped to pid: own pid | success or wait | 540657243 |
Process information queried | PID: 576 Info Class: Cookie | success or wait | 540659647 |
Process information queried | PID: 576 Info Class: Cookie | success or wait | 540659752 |
Thread delayed | Time: 0 TID: 1124 | success or wait | 540660330 |
Section loaded | Path: \KnownDlls\hnetcfg.dll Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 540660517 |
Section loaded | Path: C:\WINDOWS\system32\hnetcfg.dll Access: query and write and read and execute Type: image Baseaddress: 662B0000 Size: 360448 Protection: read write Mapped to pid: own pid | success or wait | 540661085 |
Thread delayed | Time: 0 TID: 1124 | success or wait | 542090990 |
Section loaded | Path: C:\WINDOWS\system32\wshtcpip.dll Access: write and read and execute Type: commit Baseaddress: A70000 Size: 20480 Protection: execute Mapped to pid: own pid | success or wait | 542101454 |
Section loaded | Path: C:\WINDOWS\system32\wshtcpip.dll Access: query and write and read and execute Type: image Baseaddress: 71A90000 Size: 32768 Protection: read write Mapped to pid: own pid | success or wait | 542105327 |
Process information queried | PID: 576 Info Class: Wow64Information | success or wait | 542113380 |
File opened | Path: C:\WINDOWS\system32\ws2_32.dll Access: synchronize and generic read Options: synchronous io non alert and non directory file and random access Overwritten: false | success or wait | 542113672 |
Section loaded | Path: C:\WINDOWS\system32\ws2_32.dll Access: query and write and read and execute and extend size Type: image Baseaddress: A70000 Size: 94208 Protection: readonly Mapped to pid: own pid | image not at base | 542114438 |
Section loaded | Path: \KnownDlls\DNSAPI.dll Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 542116444 |
Section loaded | Path: C:\WINDOWS\system32\dnsapi.dll Access: query and write and read and execute Type: image Baseaddress: 76F20000 Size: 159744 Protection: read write Mapped to pid: own pid | success or wait | 542117890 |
Section loaded | Path: C:\WINDOWS\system32\winrnr.dll Access: write and read and execute Type: commit Baseaddress: A90000 Size: 20480 Protection: execute Mapped to pid: own pid | success or wait | 542204040 |
Section loaded | Path: C:\WINDOWS\system32\winrnr.dll Access: query and write and read and execute Type: image Baseaddress: 76FB0000 Size: 32768 Protection: read write Mapped to pid: own pid | success or wait | 542215207 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters Name: WinSock_Registry_Version | success or wait | 542224269 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters Name: AutodialDLL | object name not found | 542225218 |
Section loaded | Path: \KnownDlls\rasadhlp.dll Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 542225979 |
Section loaded | Path: C:\WINDOWS\system32\rasadhlp.dll Access: query and write and read and execute Type: image Baseaddress: 76FC0000 Size: 24576 Protection: read write Mapped to pid: own pid | success or wait | 542227268 |
Thread delayed | Time: 0 TID: 1124 | success or wait | 543549201 |
Process information queried | PID: 576 Info Class: Wow64Information | success or wait | 543598027 |
File opened | Path: C:\WINDOWS\system32\ws2_32.dll Access: synchronize and generic read Options: synchronous io non alert and non directory file and random access Overwritten: false | success or wait | 543646496 |
Section loaded | Path: C:\WINDOWS\system32\ws2_32.dll Access: query and write and read and execute and extend size Type: image Baseaddress: A70000 Size: 94208 Protection: readonly Mapped to pid: own pid | image not at base | 543649123 |
Thread delayed | Time: 0 TID: 1124 | success or wait | 548285295 |
Process information queried | PID: 576 Info Class: Wow64Information | success or wait | 548305713 |
File opened | Path: C:\WINDOWS\system32\ws2_32.dll Access: synchronize and generic read Options: synchronous io non alert and non directory file and random access Overwritten: false | success or wait | 548306486 |
Section loaded | Path: C:\WINDOWS\system32\ws2_32.dll Access: query and write and read and execute and extend size Type: image Baseaddress: A70000 Size: 94208 Protection: readonly Mapped to pid: own pid | image not at base | 548307326 |
Process information queried | PID: 576 Info Class: Wow64Information | success or wait | 548756827 |
File opened | Path: C:\WINDOWS\system32\ws2_32.dll Access: synchronize and generic read Options: synchronous io non alert and non directory file and random access Overwritten: false | success or wait | 548758004 |
Section loaded | Path: C:\WINDOWS\system32\ws2_32.dll Access: query and write and read and execute and extend size Type: image Baseaddress: A70000 Size: 94208 Protection: readonly Mapped to pid: own pid | image not at base | 548758816 |
Key created | Path: HKEY_USERS\SOFTWARE\Microsoft Windows | success or wait | 549297392 |
Process information queried | PID: 576 Info Class: Cookie | success or wait | 549317309 |
Section loaded | Path: C:\WINDOWS\system32\msctf.dll Access: write and read and execute Type: commit Baseaddress: 1A70000 Size: 299008 Protection: execute Mapped to pid: own pid | success or wait | 549320379 |
Thread delayed | Time: 0 TID: 1124 | success or wait | 550477097 |
Thread delayed | Time: 0 TID: 1124 | success or wait | 551737020 |
Thread delayed | Time: 0 TID: 1124 | success or wait | 553159133 |
Thread delayed | Time: 0 TID: 1124 | success or wait | 554557279 |
Thread delayed | Time: 0 TID: 1124 | success or wait | 556143813 |
Thread delayed | Time: 0 TID: 1124 | success or wait | 558057078 |
Thread delayed | Time: 0 TID: 1124 | success or wait | 559428743 |
Thread delayed | Time: 0 TID: 1124 | success or wait | 563797797 |
Thread delayed | Time: 0 TID: 1124 | success or wait | 564879318 |
Thread delayed | Time: 0 TID: 1124 | success or wait | 566010949 |
Thread delayed | Time: 0 TID: 1124 | success or wait | 567736607 |
Thread delayed | Time: 0 TID: 1124 | success or wait | 568860273 |
Thread delayed | Time: 0 TID: 1124 | success or wait | 570241788 |
Thread delayed | Time: 0 TID: 1124 | success or wait | 571888785 |
Thread delayed | Time: 0 TID: 1124 | success or wait | 573049495 |
Thread delayed | Time: 0 TID: 1124 | success or wait | 574481217 |
Thread delayed | Time: 0 TID: 1124 | success or wait | 575658223 |
Thread delayed | Time: 0 TID: 1124 | success or wait | 576732309 |
Thread delayed | Time: 0 TID: 1124 | success or wait | 578411783 |
Thread delayed | Time: 0 TID: 1124 | success or wait | 580085094 |
Thread delayed | Time: 0 TID: 1124 | success or wait | 582419109 |
Thread delayed | Time: 0 TID: 1124 | success or wait | 583830742 |
Thread delayed | Time: 0 TID: 1124 | success or wait | 585037225 |
Thread delayed | Time: 0 TID: 1124 | success or wait | 586636149 |
Thread delayed | Time: 0 TID: 1124 | success or wait | 587746855 |
Thread delayed | Time: 0 TID: 1124 | success or wait | 588867075 |
Thread delayed | Time: 0 TID: 1124 | success or wait | 589985691 |
Thread delayed | Time: 0 TID: 1124 | success or wait | 591104422 |
Thread delayed | Time: 0 TID: 1124 | success or wait | 592222867 |
Thread delayed | Time: 0 TID: 1124 | success or wait | 593341338 |
Thread delayed | Time: 0 TID: 1124 | success or wait | 594647336 |
Thread delayed | Time: 0 TID: 1124 | success or wait | 596041426 |
Thread delayed | Time: 0 TID: 1124 | success or wait | 597143729 |
Thread delayed | Time: 0 TID: 1124 | success or wait | 598274549 |
Thread delayed | Time: 0 TID: 1124 | success or wait | 599578183 |
Thread delayed | Time: 0 TID: 1124 | success or wait | 600672499 |
Thread delayed | Time: 0 TID: 1124 | success or wait | 601793914 |
Thread delayed | Time: 0 TID: 1124 | success or wait | 602914561 |
Thread delayed | Time: 0 TID: 1124 | success or wait | 604210741 |
Thread delayed | Time: 0 TID: 1124 | success or wait | 605417899 |
Thread delayed | Time: 0 TID: 1124 | success or wait | 606487258 |
Thread delayed | Time: 0 TID: 1124 | success or wait | 607605335 |
Thread delayed | Time: 0 TID: 1124 | success or wait | 608744128 |
Thread delayed | Time: 0 TID: 1124 | success or wait | 609842267 |
Thread delayed | Time: 0 TID: 1124 | success or wait | 610958591 |
Thread delayed | Time: 0 TID: 1124 | success or wait | 612078233 |
Process information queried | PID: 576 Info Class: Cookie | success or wait | 628296230 |
Section loaded | Path: C:\WINDOWS\system32\msctf.dll Access: write and read and execute Type: commit Baseaddress: 14E0000 Size: 299008 Protection: execute Mapped to pid: own pid | success or wait | 628299650 |
Mutant created | Name: \BaseNamedObjects\ofjwkwufhdjfgki | object name exists | 671756637 |
File opened | Path: \pipe\globpluginspipe Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: none Content Overwritten: null | success or wait | 671757513 |
File read | Path: \globpluginspipe Offset: unknown Length: 4 Value: 41 0C 02 00 | success or wait | 671758032 |
File read | Path: \globpluginspipe Offset: unknown Length: 134209 Value: 67 6C 6F 62 70 6C 75 67 69 6E 73 00 04 00 00 00 72 73 74 5F 31 5F 31 00 00 0C 02 00 4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF 00 00 B8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 E8 00 00 00 0E 1F BA 0E 00 B4 09 CD | success or wait | 671780441 |
Memory allocated | PID: 576 Path: C:\WINDOWS\system32\winlogon.exe Base: BF0000 Length: 159FF08 Allocation Type: unknown Protection: page execute and read and write | success or wait | 672750683 |
Memory allocated | PID: 576 Path: C:\WINDOWS\system32\winlogon.exe Base: A70000 Length: 159FE54 Allocation Type: unknown Protection: page read and write | success or wait | 672760359 |
Memory allocated | PID: 576 Path: C:\WINDOWS\system32\winlogon.exe Base: A70000 Length: 159FE58 Allocation Type: unknown Protection: page read and write | success or wait | 672760662 |
Memory allocated | PID: 576 Path: C:\WINDOWS\system32\winlogon.exe Base: A71000 Length: 159FB34 Allocation Type: unknown Protection: page read and write | success or wait | 672761052 |
Process information queried | PID: 576 Info Class: Cookie | success or wait | 672761550 |
Process information queried | PID: 576 Info Class: Cookie | success or wait | 672761952 |
Process information queried | PID: 576 Info Class: Cookie | success or wait | 672762234 |
Process information queried | PID: 576 Info Class: Cookie | success or wait | 672762515 |
Process information queried | PID: 576 Info Class: Cookie | success or wait | 672762792 |
Process information queried | PID: 576 Info Class: Cookie | success or wait | 672763069 |
Process information queried | PID: 576 Info Class: Cookie | success or wait | 672763348 |
Process information queried | PID: 576 Info Class: Cookie | success or wait | 672763696 |
Process information queried | PID: 576 Info Class: Cookie | success or wait | 672764014 |
Process information queried | PID: 576 Info Class: Cookie | success or wait | 672765158 |
Process information queried | PID: 576 Info Class: Cookie | success or wait | 672765431 |
Process information queried | PID: 576 Info Class: Cookie | success or wait | 672765699 |
Process information queried | PID: 576 Info Class: Cookie | success or wait | 672765967 |
Process information queried | PID: 576 Info Class: Cookie | success or wait | 672766235 |
Process information queried | PID: 576 Info Class: Cookie | success or wait | 672766502 |
Process information queried | PID: 576 Info Class: Cookie | success or wait | 672766770 |
Process information queried | PID: 576 Info Class: Cookie | success or wait | 672767037 |
Process information queried | PID: 576 Info Class: Cookie | success or wait | 672767305 |
Process information queried | PID: 576 Info Class: Cookie | success or wait | 672767572 |
Process information queried | PID: 576 Info Class: Cookie | success or wait | 672767850 |
Process information queried | PID: 576 Info Class: Cookie | success or wait | 672768245 |
Process information queried | PID: 576 Info Class: Cookie | success or wait | 672768531 |
Process information queried | PID: 576 Info Class: Cookie | success or wait | 672768818 |
Process information queried | PID: 576 Info Class: Cookie | success or wait | 672769103 |
Process information queried | PID: 576 Info Class: Cookie | success or wait | 672769437 |
Process information queried | PID: 576 Info Class: Cookie | success or wait | 672769737 |
Process information queried | PID: 576 Info Class: Cookie | success or wait | 672770036 |
Process information queried | PID: 576 Info Class: Cookie | success or wait | 672770334 |
Process information queried | PID: 576 Info Class: Cookie | success or wait | 672770642 |
Process information queried | PID: 576 Info Class: Cookie | success or wait | 672770941 |
Process information queried | PID: 576 Info Class: Cookie | success or wait | 672771240 |
Process information queried | PID: 576 Info Class: Cookie | success or wait | 672771537 |
Process information queried | PID: 576 Info Class: Cookie | success or wait | 672771839 |
Thread created | PID: 576 TID: 4012 EIP: 7C8106F9 Imagepath: C:\WINDOWS\system32\winlogon.exe | success or wait | 672876738 |
Thread resumed | TID: 4012 PID: 576 Path: C:\WINDOWS\system32\winlogon.exe | success or wait | 672884645 |
Thread created | PID: 576 TID: 4004 EIP: 7C8106F9 Imagepath: C:\WINDOWS\system32\winlogon.exe | success or wait | 672886459 |
Thread resumed | TID: 4004 PID: 576 Path: C:\WINDOWS\system32\winlogon.exe | success or wait | 672887177 |
Section loaded | Path: C:\WINDOWS\system32\msctf.dll Access: write and read and execute Type: commit Baseaddress: 1A70000 Size: 299008 Protection: execute Mapped to pid: own pid | success or wait | 672910492 |
Section loaded | Path: C:\WINDOWS\system32\msctf.dll Access: write and read and execute Type: commit Baseaddress: 1A70000 Size: 299008 Protection: execute Mapped to pid: own pid | success or wait | 757199284 |
Mutant created | Name: \BaseNamedObjects\ofjwkwufhdjfgki | object name exists | 794632943 |
File opened | Path: \pipe\globpluginspipe Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: none Content Overwritten: null | success or wait | 794633612 |
File read | Path: \globpluginspipe Offset: unknown Length: 4 Value: 41 0C 02 00 | success or wait | 794634146 |
File read | Path: \globpluginspipe Offset: unknown Length: 134209 Value: 67 6C 6F 62 70 6C 75 67 69 6E 73 00 04 00 00 00 72 73 74 5F 31 5F 31 00 00 0C 02 00 4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF 00 00 B8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 E8 00 00 00 0E 1F BA 0E 00 B4 09 CD | success or wait | 794645673 |
Sections | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
File Activities:
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Section Activities:
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Mutant Activities:
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Process Activities:
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Thread Activities:
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Memory Activities:
|
Chronological sections | |||
Operation | Data | Completion | Time |
Section loaded | Path: \KnownDlls\WININET.dll Access: write and read and execute Type: unknown Baseaddress: 3D930000 Size: 942080 Protection: read write Mapped to pid: own pid | success or wait | 540623893 |
Section loaded | Path: \KnownDlls\Normaliz.dll Access: write and read and execute Type: unknown Baseaddress: A70000 Size: 36864 Protection: read write Mapped to pid: own pid | conflicting addresses | 540627041 |
Section loaded | Path: \KnownDlls\urlmon.dll Access: write and read and execute Type: unknown Baseaddress: 78130000 Size: 1257472 Protection: read write Mapped to pid: own pid | success or wait | 540630017 |
Section loaded | Path: \KnownDlls\iertutil.dll Access: write and read and execute Type: unknown Baseaddress: 3DFD0000 Size: 2002944 Protection: read write Mapped to pid: own pid | success or wait | 540633612 |
Memory attributes changed | PID: 676 Path: C:\WINDOWS\system32\lsass.exe Base: 7C90D76E Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 548281923 |
File opened | Path: C:\WINDOWS\system32\ntdll.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: null | success or wait | 548291039 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1427e6e | success or wait | 548299750 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 4 Value: D0 00 00 00 | success or wait | 548301867 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@7a8313 | success or wait | 548302882 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 20 Value: 4C 01 04 00 7D F2 00 4D 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 548304265 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 D0 07 00 00 3C 03 00 00 00 00 00 F8 20 01 00 00 10 00 00 00 90 07 00 00 00 90 7C 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 0A 00 00 00 00 00 00 20 0B 00 00 04 00 00 30 FD 0A 00 03 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 34 00 00 | success or wait | 548305545 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@133650d | success or wait | 548306347 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 DA CE 07 00 00 10 00 00 00 D0 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 20 4A 00 00 00 E0 07 00 00 32 00 00 00 D4 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 78 BE 02 00 00 30 08 00 00 C0 02 00 | success or wait | 548307196 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@12f5f0d | success or wait | 548308123 |
Section loaded | Path: C:\WINDOWS\system32\ntdll.dll Access: query and read Type: commit Baseaddress: AA0000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 548745411 |
Memory attributes changed | PID: 676 Path: C:\WINDOWS\system32\lsass.exe Base: 7C90D76E Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 548760072 |
Memory attributes changed | PID: 676 Path: C:\WINDOWS\system32\lsass.exe Base: BAFCD70 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 548763726 |
Memory attributes changed | PID: 676 Path: C:\WINDOWS\system32\lsass.exe Base: 7C90DF1E Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 548764724 |
File opened | Path: C:\WINDOWS\system32\ntdll.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: null | success or wait | 549295445 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1427e6e | success or wait | 549296790 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 4 Value: D0 00 00 00 | success or wait | 549300871 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@7a8313 | success or wait | 549305847 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 20 Value: 4C 01 04 00 7D F2 00 4D 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 549314348 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 D0 07 00 00 3C 03 00 00 00 00 00 F8 20 01 00 00 10 00 00 00 90 07 00 00 00 90 7C 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 0A 00 00 00 00 00 00 20 0B 00 00 04 00 00 30 FD 0A 00 03 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 34 00 00 | success or wait | 549315750 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@133650d | success or wait | 549317382 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 DA CE 07 00 00 10 00 00 00 D0 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 20 4A 00 00 00 E0 07 00 00 32 00 00 00 D4 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 78 BE 02 00 00 30 08 00 00 C0 02 00 | success or wait | 549319181 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@12f5f0d | success or wait | 549320612 |
Section loaded | Path: C:\WINDOWS\system32\ntdll.dll Access: query and read Type: commit Baseaddress: AA0000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 549321989 |
Memory attributes changed | PID: 676 Path: C:\WINDOWS\system32\lsass.exe Base: 7C90DF1E Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 550488489 |
Memory attributes changed | PID: 676 Path: C:\WINDOWS\system32\lsass.exe Base: BB17110 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 550514971 |
Memory attributes changed | PID: 676 Path: C:\WINDOWS\system32\lsass.exe Base: 7C90D2EE Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 550518618 |
File opened | Path: C:\WINDOWS\system32\ntdll.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: null | success or wait | 550530134 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1427e6e | success or wait | 550556231 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 4 Value: D0 00 00 00 | success or wait | 550559529 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@7a8313 | success or wait | 550563273 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 20 Value: 4C 01 04 00 7D F2 00 4D 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 550566245 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 D0 07 00 00 3C 03 00 00 00 00 00 F8 20 01 00 00 10 00 00 00 90 07 00 00 00 90 7C 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 0A 00 00 00 00 00 00 20 0B 00 00 04 00 00 30 FD 0A 00 03 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 34 00 00 | success or wait | 550569216 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@133650d | success or wait | 550582815 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 DA CE 07 00 00 10 00 00 00 D0 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 20 4A 00 00 00 E0 07 00 00 32 00 00 00 D4 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 78 BE 02 00 00 30 08 00 00 C0 02 00 | success or wait | 550585930 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@12f5f0d | success or wait | 550589047 |
Section loaded | Path: C:\WINDOWS\system32\ntdll.dll Access: query and read Type: commit Baseaddress: AA0000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 550593040 |
Memory attributes changed | PID: 676 Path: C:\WINDOWS\system32\lsass.exe Base: 7C90D2EE Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 550624578 |
Memory attributes changed | PID: 676 Path: C:\WINDOWS\system32\lsass.exe Base: BB02A80 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 550629111 |
Memory attributes changed | PID: 676 Path: C:\WINDOWS\system32\lsass.exe Base: 7C90DB3E Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 550632070 |
File opened | Path: C:\WINDOWS\system32\ntdll.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: null | success or wait | 551747009 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1427e6e | success or wait | 551769996 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 4 Value: D0 00 00 00 | success or wait | 551789252 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@7a8313 | success or wait | 551795596 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 20 Value: 4C 01 04 00 7D F2 00 4D 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 551799364 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 D0 07 00 00 3C 03 00 00 00 00 00 F8 20 01 00 00 10 00 00 00 90 07 00 00 00 90 7C 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 0A 00 00 00 00 00 00 20 0B 00 00 04 00 00 30 FD 0A 00 03 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 34 00 00 | success or wait | 551806718 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@133650d | success or wait | 551812333 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 DA CE 07 00 00 10 00 00 00 D0 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 20 4A 00 00 00 E0 07 00 00 32 00 00 00 D4 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 78 BE 02 00 00 30 08 00 00 C0 02 00 | success or wait | 551816651 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@12f5f0d | success or wait | 551834523 |
Section loaded | Path: C:\WINDOWS\system32\ntdll.dll Access: query and read Type: commit Baseaddress: AA0000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 551839196 |
Memory attributes changed | PID: 676 Path: C:\WINDOWS\system32\lsass.exe Base: 7C90DB3E Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 553176524 |
Memory attributes changed | PID: 676 Path: C:\WINDOWS\system32\lsass.exe Base: BB169A8 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 553178196 |
Memory attributes changed | PID: 676 Path: C:\WINDOWS\system32\lsass.exe Base: 7C91632D Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 553180063 |
File opened | Path: C:\WINDOWS\system32\ntdll.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: null | success or wait | 553185470 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1427e6e | success or wait | 553188479 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 4 Value: D0 00 00 00 | success or wait | 554150397 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@7a8313 | success or wait | 554152466 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 20 Value: 4C 01 04 00 7D F2 00 4D 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 554155485 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 D0 07 00 00 3C 03 00 00 00 00 00 F8 20 01 00 00 10 00 00 00 90 07 00 00 00 90 7C 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 0A 00 00 00 00 00 00 20 0B 00 00 04 00 00 30 FD 0A 00 03 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 34 00 00 | success or wait | 554169533 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@133650d | success or wait | 554172372 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 DA CE 07 00 00 10 00 00 00 D0 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 20 4A 00 00 00 E0 07 00 00 32 00 00 00 D4 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 78 BE 02 00 00 30 08 00 00 C0 02 00 | success or wait | 554180631 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@12f5f0d | success or wait | 554182392 |
Section loaded | Path: C:\WINDOWS\system32\ntdll.dll Access: query and read Type: commit Baseaddress: AA0000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 554183793 |
Memory attributes changed | PID: 676 Path: C:\WINDOWS\system32\lsass.exe Base: 7C91632D Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 554558191 |
Memory attributes changed | PID: 676 Path: C:\WINDOWS\system32\lsass.exe Base: BB031F0 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 554561087 |
Memory attributes changed | PID: 676 Path: C:\WINDOWS\system32\lsass.exe Base: 7E418BF6 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 554562621 |
File opened | Path: C:\WINDOWS\system32\USER32.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: null | success or wait | 554575477 |
File other op | Path: C:\WINDOWS\system32\user32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1095c6c | success or wait | 554577625 |
File read | Path: C:\WINDOWS\system32\user32.dll Offset: unknown Length: 4 Value: D8 00 00 00 | success or wait | 554581022 |
File other op | Path: C:\WINDOWS\system32\user32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@192d8d6 | success or wait | 554586564 |
File read | Path: C:\WINDOWS\system32\user32.dll Offset: unknown Length: 20 Value: 4C 01 04 00 1B A1 02 48 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 554588511 |
File read | Path: C:\WINDOWS\system32\user32.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 F4 05 00 00 E2 02 00 00 00 00 00 17 B2 00 00 00 10 00 00 00 B0 05 00 00 00 41 7E 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 00 00 00 00 00 00 00 10 09 00 00 04 00 00 76 FC 08 00 02 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 39 00 00 | success or wait | 554592089 |
File other op | Path: C:\WINDOWS\system32\user32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1d9d7be | success or wait | 555051935 |
File read | Path: C:\WINDOWS\system32\user32.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 83 F2 05 00 00 10 00 00 00 F4 05 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 80 11 00 00 00 10 06 00 00 0C 00 00 00 F8 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 88 A0 02 00 00 30 06 00 00 A2 02 00 | success or wait | 555053942 |
File other op | Path: C:\WINDOWS\system32\user32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@e31ec5 | success or wait | 555056461 |
Section loaded | Path: C:\WINDOWS\system32\user32.dll Access: query and read Type: commit Baseaddress: AA0000 Size: 57344 Protection: readonly Mapped to pid: own pid | success or wait | 555058548 |
Memory attributes changed | PID: 676 Path: C:\WINDOWS\system32\lsass.exe Base: 7E418BF6 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 555092815 |
Memory attributes changed | PID: 676 Path: C:\WINDOWS\system32\lsass.exe Base: BB02140 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 555094529 |
File opened | Path: C:\skhfushjflw\config.bin Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: normal Content Overwritten: null | success or wait | 555096473 |
File read | Path: C:\skhfushjflw\config.bin Offset: unknown Length: 74019 Value: 50 5F A6 6E 46 82 4F 8B 57 93 A9 9E 12 94 50 94 50 94 50 94 50 94 65 A2 66 A2 68 AC 79 BD E4 97 C1 E3 88 2B 9D C5 E2 92 23 B3 04 C0 03 7C B1 2A B3 BE CE AD 37 FD 39 FD 3B 6B 1F 81 21 06 02 04 95 44 7B 58 4F 33 E4 CF A8 3F D4 7E 21 05 7D B3 67 3E 96 B1 22 34 C2 F2 16 A5 36 26 B2 39 84 48 E5 22 EE 43 | success or wait | 555397242 |
Memory attributes changed | PID: 676 Path: C:\WINDOWS\system32\lsass.exe Base: 3D949088 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 555461767 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: null | success or wait | 555472305 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@f94934 | success or wait | 555485199 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 555508294 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@3525a2 | success or wait | 556142851 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 556145849 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 556147638 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@139cf9c | success or wait | 556149992 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 556160677 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@6d3ca2 | success or wait | 556163598 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: AA0000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 556165735 |
Memory attributes changed | PID: 676 Path: C:\WINDOWS\system32\lsass.exe Base: 3D949088 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 556747612 |
Memory attributes changed | PID: 676 Path: C:\WINDOWS\system32\lsass.exe Base: BB17598 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 556749923 |
Memory attributes changed | PID: 676 Path: C:\WINDOWS\system32\lsass.exe Base: 3D95EE89 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 556752620 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: null | success or wait | 556770571 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@f94934 | success or wait | 556784480 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 556786628 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@3525a2 | success or wait | 556799164 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 556802744 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 556806985 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@139cf9c | success or wait | 556810091 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 556812550 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@6d3ca2 | success or wait | 556814625 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: AA0000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 556817268 |
Memory attributes changed | PID: 676 Path: C:\WINDOWS\system32\lsass.exe Base: 3D95EE89 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 556891443 |
Memory attributes changed | PID: 676 Path: C:\WINDOWS\system32\lsass.exe Base: BB16B68 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 556894389 |
Memory attributes changed | PID: 676 Path: C:\WINDOWS\system32\lsass.exe Base: 3D94FABE Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 556914527 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: null | success or wait | 556927346 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@f94934 | success or wait | 556931845 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 556934646 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@3525a2 | success or wait | 556949230 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 556951543 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 556953938 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@139cf9c | success or wait | 558052354 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 558057412 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@6d3ca2 | success or wait | 558071582 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: AA0000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 558074968 |
Memory attributes changed | PID: 676 Path: C:\WINDOWS\system32\lsass.exe Base: 3D94FABE Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 558152817 |
Memory attributes changed | PID: 676 Path: C:\WINDOWS\system32\lsass.exe Base: BAFC6D0 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 558156153 |
Memory attributes changed | PID: 676 Path: C:\WINDOWS\system32\lsass.exe Base: 3D9A608E Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 558159071 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: null | success or wait | 558172998 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@f94934 | success or wait | 558190192 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 558193152 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@3525a2 | success or wait | 558196420 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 558210828 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 558213263 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@139cf9c | success or wait | 558216110 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 558226057 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@6d3ca2 | success or wait | 558228591 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: AA0000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 558239081 |
Memory attributes changed | PID: 676 Path: C:\WINDOWS\system32\lsass.exe Base: 3D9A608E Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 558256808 |
Memory attributes changed | PID: 676 Path: C:\WINDOWS\system32\lsass.exe Base: BB05EA0 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 558258972 |
File opened | Path: C:\skhfushjflw\config.bin Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: normal Content Overwritten: null | success or wait | 559406910 |
File read | Path: C:\skhfushjflw\config.bin Offset: unknown Length: 74019 Value: 50 5F A6 6E 46 82 4F 8B 57 93 A9 9E 12 94 50 94 50 94 50 94 50 94 65 A2 66 A2 68 AC 79 BD E4 97 C1 E3 88 2B 9D C5 E2 92 23 B3 04 C0 03 7C B1 2A B3 BE CE AD 37 FD 39 FD 3B 6B 1F 81 21 06 02 04 95 44 7B 58 4F 33 E4 CF A8 3F D4 7E 21 05 7D B3 67 3E 96 B1 22 34 C2 F2 16 A5 36 26 B2 39 84 48 E5 22 EE 43 | success or wait | 559438907 |
Memory attributes changed | PID: 676 Path: C:\WINDOWS\system32\lsass.exe Base: 3D94D508 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 559719682 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: null | success or wait | 559759535 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@f94934 | success or wait | 559777668 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 559787272 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@3525a2 | success or wait | 559816334 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 559849342 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 559857526 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@139cf9c | success or wait | 559866368 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 559896966 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@6d3ca2 | success or wait | 559904527 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: AA0000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 559913451 |
Memory attributes changed | PID: 676 Path: C:\WINDOWS\system32\lsass.exe Base: 3D94D508 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 563835584 |
Memory attributes changed | PID: 676 Path: C:\WINDOWS\system32\lsass.exe Base: BB06620 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 563847088 |
Memory attributes changed | PID: 676 Path: C:\WINDOWS\system32\lsass.exe Base: 3D94CF4E Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 563849967 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: null | success or wait | 563858262 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@f94934 | success or wait | 563861004 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 563878383 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@3525a2 | success or wait | 563884073 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 563898573 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 563973318 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@139cf9c | success or wait | 563977756 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 563983287 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@6d3ca2 | success or wait | 563985904 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: AA0000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 564029343 |
Memory attributes changed | PID: 676 Path: C:\WINDOWS\system32\lsass.exe Base: 3D94CF4E Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 564109011 |
Memory attributes changed | PID: 676 Path: C:\WINDOWS\system32\lsass.exe Base: BB17758 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 564112088 |
Memory attributes changed | PID: 676 Path: C:\WINDOWS\system32\lsass.exe Base: 3D94878D Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 564162827 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: null | success or wait | 564183305 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@f94934 | success or wait | 564199721 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 564202993 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@3525a2 | success or wait | 564207068 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 564210105 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 564224211 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@139cf9c | success or wait | 564265492 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 564270808 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@6d3ca2 | success or wait | 564285006 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: AA0000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 564288389 |
Memory attributes changed | PID: 676 Path: C:\WINDOWS\system32\lsass.exe Base: 3D94878D Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 564323972 |
Memory attributes changed | PID: 676 Path: C:\WINDOWS\system32\lsass.exe Base: BB033B0 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 564349168 |
Memory attributes changed | PID: 676 Path: C:\WINDOWS\system32\lsass.exe Base: 3D940049 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 564352510 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: null | success or wait | 564531466 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@f94934 | success or wait | 564545589 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 564563100 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@3525a2 | success or wait | 564581866 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 564593995 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 564677554 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@139cf9c | success or wait | 564690504 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 564699942 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@6d3ca2 | success or wait | 564714779 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: AA0000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 564733979 |
Memory attributes changed | PID: 676 Path: C:\WINDOWS\system32\lsass.exe Base: 3D940049 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 564802864 |
Memory attributes changed | PID: 676 Path: C:\WINDOWS\system32\lsass.exe Base: BB17AA8 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 564811059 |
Memory attributes changed | PID: 676 Path: C:\WINDOWS\system32\lsass.exe Base: 3D94BF83 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 564839212 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: null | success or wait | 564885675 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@f94934 | success or wait | 565727371 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 565743659 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@3525a2 | success or wait | 565758397 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 565766509 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 565773708 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@139cf9c | success or wait | 565781420 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 565788498 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@6d3ca2 | success or wait | 565799902 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: AA0000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 565808537 |
Memory attributes changed | PID: 676 Path: C:\WINDOWS\system32\lsass.exe Base: 3D94BF83 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 566014920 |
Memory attributes changed | PID: 676 Path: C:\WINDOWS\system32\lsass.exe Base: BB02C30 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 566022402 |
Memory attributes changed | PID: 676 Path: C:\WINDOWS\system32\lsass.exe Base: 3D94654B Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 566051911 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: null | success or wait | 566237382 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@f94934 | success or wait | 566512528 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 566540054 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@3525a2 | success or wait | 566653293 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 566669191 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 566711455 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@139cf9c | success or wait | 566740716 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 566748808 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@6d3ca2 | success or wait | 566757968 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: AA0000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 566764971 |
Memory attributes changed | PID: 676 Path: C:\WINDOWS\system32\lsass.exe Base: 3D94654B Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 567851830 |
Memory attributes changed | PID: 676 Path: C:\WINDOWS\system32\lsass.exe Base: BB035C0 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 567864557 |
Memory attributes changed | PID: 676 Path: C:\WINDOWS\system32\lsass.exe Base: 3D963381 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 567871660 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: null | success or wait | 568039542 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@f94934 | success or wait | 568053683 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 568064650 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@3525a2 | success or wait | 568072672 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 568091085 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 568100640 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@139cf9c | success or wait | 568119896 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 568141130 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@6d3ca2 | success or wait | 568154313 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: AA0000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 568169529 |
Memory attributes changed | PID: 676 Path: C:\WINDOWS\system32\lsass.exe Base: 3D963381 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 568376539 |
Memory attributes changed | PID: 676 Path: C:\WINDOWS\system32\lsass.exe Base: BAFCB48 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 568621976 |
Memory attributes changed | PID: 676 Path: C:\WINDOWS\system32\lsass.exe Base: 71AB4C27 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 568630786 |
File opened | Path: C:\WINDOWS\system32\WS2_32.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: null | success or wait | 568656602 |
File other op | Path: C:\WINDOWS\system32\ws2_32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1a7bd3b | success or wait | 568669473 |
File read | Path: C:\WINDOWS\system32\ws2_32.dll Offset: unknown Length: 4 Value: F0 00 00 00 | success or wait | 568683317 |
File other op | Path: C:\WINDOWS\system32\ws2_32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@178aae2 | success or wait | 568691002 |
File read | Path: C:\WINDOWS\system32\ws2_32.dll Offset: unknown Length: 20 Value: 4C 01 04 00 63 A1 02 48 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 568703214 |
File read | Path: C:\WINDOWS\system32\ws2_32.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 22 01 00 00 1C 00 00 00 00 00 00 73 12 00 00 00 10 00 00 00 20 01 00 00 00 AB 71 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 0A 00 00 00 00 00 00 70 01 00 00 04 00 00 20 F0 01 00 03 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 04 14 00 00 | success or wait | 568712428 |
File other op | Path: C:\WINDOWS\system32\ws2_32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@11b16a7 | success or wait | 568755019 |
File read | Path: C:\WINDOWS\system32\ws2_32.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 53 21 01 00 00 10 00 00 00 22 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 14 09 00 00 00 40 01 00 00 0A 00 00 00 26 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 F8 03 00 00 00 50 01 00 00 04 00 00 | success or wait | 568764708 |
File other op | Path: C:\WINDOWS\system32\ws2_32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@16c6b08 | success or wait | 568772615 |
Section loaded | Path: C:\WINDOWS\system32\ws2_32.dll Access: query and read Type: commit Baseaddress: AA0000 Size: 20480 Protection: readonly Mapped to pid: own pid | success or wait | 568780790 |
Memory attributes changed | PID: 676 Path: C:\WINDOWS\system32\lsass.exe Base: 71AB4C27 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 568941163 |
File opened | Path: C:\WINDOWS\system32\ADVAPI32.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: null | success or wait | 569160564 |
File other op | Path: C:\WINDOWS\system32\advapi32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@e6e42e | success or wait | 569170298 |
File read | Path: C:\WINDOWS\system32\advapi32.dll Offset: unknown Length: 4 Value: F0 00 00 00 | success or wait | 569177880 |
File other op | Path: C:\WINDOWS\system32\advapi32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@8ea21d | success or wait | 569188003 |
File read | Path: C:\WINDOWS\system32\advapi32.dll Offset: unknown Length: 20 Value: 4C 01 04 00 48 1D 90 49 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 569195195 |
File read | Path: C:\WINDOWS\system32\advapi32.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 46 07 00 00 3E 02 00 00 00 00 00 0B 71 00 00 00 10 00 00 00 20 07 00 00 00 DD 77 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 00 00 00 00 00 00 00 B0 09 00 00 04 00 00 B8 5B 0A 00 03 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 A4 16 00 00 | success or wait | 569203162 |
File other op | Path: C:\WINDOWS\system32\advapi32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@354949 | success or wait | 569210432 |
File read | Path: C:\WINDOWS\system32\advapi32.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 C9 45 07 00 00 10 00 00 00 46 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 28 46 00 00 00 60 07 00 00 2C 00 00 00 4A 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 80 A9 01 00 00 B0 07 00 00 AA 01 00 | success or wait | 569218463 |
File other op | Path: C:\WINDOWS\system32\advapi32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@5e88f7 | success or wait | 569226191 |
Section loaded | Path: C:\WINDOWS\system32\advapi32.dll Access: query and read Type: commit Baseaddress: AA0000 Size: 28672 Protection: readonly Mapped to pid: own pid | success or wait | 569255695 |
File other op | Path: C:\WINDOWS\system32\crypt32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@723646 | success or wait | 569779069 |
File read | Path: C:\WINDOWS\system32\crypt32.dll Offset: unknown Length: 4 Value: F0 00 00 00 | success or wait | 569792443 |
File other op | Path: C:\WINDOWS\system32\crypt32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@492ff1 | success or wait | 570228573 |
File read | Path: C:\WINDOWS\system32\crypt32.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D7 A0 02 48 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 570242413 |
File read | Path: C:\WINDOWS\system32\crypt32.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 44 08 00 00 DC 00 00 00 00 00 00 32 16 00 00 00 10 00 00 00 20 08 00 00 00 A8 77 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 00 00 00 00 00 00 00 50 09 00 00 04 00 00 30 C5 09 00 02 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 9C 1A 00 00 | success or wait | 570254201 |
File other op | Path: C:\WINDOWS\system32\crypt32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@eaabad | success or wait | 570262982 |
File read | Path: C:\WINDOWS\system32\crypt32.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 C4 43 08 00 00 10 00 00 00 44 08 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 E8 23 00 00 00 60 08 00 00 24 00 00 00 48 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 50 67 00 00 00 90 08 00 00 68 00 00 | success or wait | 570270542 |
File other op | Path: C:\WINDOWS\system32\crypt32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@ad1355 | success or wait | 570278966 |
Section loaded | Path: C:\WINDOWS\system32\crypt32.dll Access: query and read Type: commit Baseaddress: AF0000 Size: 77824 Protection: readonly Mapped to pid: own pid | success or wait | 570292042 |
Mutant created | Name: \BaseNamedObjects\WTFGQ7AIWawyMYWWRAk3SWXkgj39MdG | object name exists | 570662805 |
Thread created | PID: 676 TID: 3404 EIP: 7C8106F9 Imagepath: C:\WINDOWS\system32\lsass.exe | success or wait | 570913815 |
Thread resumed | TID: 3404 PID: 676 Path: C:\WINDOWS\system32\lsass.exe | success or wait | 571024347 |
File opened | Path: \pipe\globpluginspipe Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: none Content Overwritten: null | object name not found | 571030685 |
Thread created | PID: 676 TID: 3408 EIP: 7C8106F9 Imagepath: C:\WINDOWS\system32\lsass.exe | success or wait | 571061926 |
Thread resumed | TID: 3408 PID: 676 Path: C:\WINDOWS\system32\lsass.exe | success or wait | 571065574 |
Thread delayed | Time: 0 TID: 3408 | success or wait | 571067593 |
Thread delayed | Time: 0 TID: 3408 | success or wait | 572147349 |
Thread delayed | Time: 0 TID: 3408 | success or wait | 573264881 |
Thread delayed | Time: 0 TID: 3408 | success or wait | 574481985 |
Thread delayed | Time: 0 TID: 3408 | success or wait | 575658661 |
Thread delayed | Time: 0 TID: 3408 | success or wait | 576732753 |
Thread delayed | Time: 0 TID: 3408 | success or wait | 578412221 |
Thread delayed | Time: 0 TID: 3408 | success or wait | 580085620 |
Thread delayed | Time: 0 TID: 3408 | success or wait | 582419551 |
Thread delayed | Time: 0 TID: 3408 | success or wait | 583831185 |
Thread delayed | Time: 0 TID: 3408 | success or wait | 585037663 |
Thread delayed | Time: 0 TID: 3408 | success or wait | 586636309 |
Thread delayed | Time: 0 TID: 3408 | success or wait | 587747176 |
Thread delayed | Time: 0 TID: 3408 | success or wait | 588867878 |
Thread delayed | Time: 0 TID: 3408 | success or wait | 589986513 |
Thread delayed | Time: 0 TID: 3408 | success or wait | 591105266 |
Thread delayed | Time: 0 TID: 3408 | success or wait | 592223708 |
Thread delayed | Time: 0 TID: 3408 | success or wait | 593342192 |
Thread delayed | Time: 0 TID: 3408 | success or wait | 594647776 |
Thread delayed | Time: 0 TID: 3408 | success or wait | 596041867 |
Thread delayed | Time: 0 TID: 3408 | success or wait | 597143889 |
Thread delayed | Time: 0 TID: 3408 | success or wait | 598274703 |
Thread delayed | Time: 0 TID: 3408 | success or wait | 599578342 |
Thread delayed | Time: 0 TID: 3408 | success or wait | 600672696 |
Thread delayed | Time: 0 TID: 3408 | success or wait | 601794106 |
Thread delayed | Time: 0 TID: 3408 | success or wait | 602914752 |
Thread delayed | Time: 0 TID: 3408 | success or wait | 604210901 |
Thread delayed | Time: 0 TID: 3408 | success or wait | 605418053 |
Thread delayed | Time: 0 TID: 3408 | success or wait | 606487699 |
Thread delayed | Time: 0 TID: 3408 | success or wait | 607605731 |
Thread delayed | Time: 0 TID: 3408 | success or wait | 608744527 |
Thread delayed | Time: 0 TID: 3408 | success or wait | 609842557 |
Thread delayed | Time: 0 TID: 3408 | success or wait | 610958875 |
Thread delayed | Time: 0 TID: 3408 | success or wait | 612078970 |
Thread delayed | Time: 0 TID: 3408 | success or wait | 613198289 |
Thread delayed | Time: 0 TID: 3408 | success or wait | 614319262 |
Thread delayed | Time: 0 TID: 3408 | success or wait | 615435233 |
Thread delayed | Time: 0 TID: 3408 | success or wait | 616553714 |
Thread delayed | Time: 0 TID: 3408 | success or wait | 617675321 |
Thread delayed | Time: 0 TID: 3408 | success or wait | 618790966 |
Thread delayed | Time: 0 TID: 3408 | success or wait | 619917549 |
Thread delayed | Time: 0 TID: 3408 | success or wait | 621028091 |
Thread delayed | Time: 0 TID: 3408 | success or wait | 622147314 |
Thread delayed | Time: 0 TID: 3408 | success or wait | 623265329 |
Thread delayed | Time: 0 TID: 3408 | success or wait | 624386630 |
Thread delayed | Time: 0 TID: 3408 | success or wait | 625502585 |
Thread delayed | Time: 0 TID: 3408 | success or wait | 626624095 |
Thread delayed | Time: 0 TID: 3408 | success or wait | 627739901 |
Thread delayed | Time: 0 TID: 3408 | success or wait | 628862730 |
Thread delayed | Time: 0 TID: 3408 | success or wait | 629977755 |
Process information queried | PID: 2472 Info Class: SessionInformation | success or wait | 644339404 |
Process information queried | PID: 2948 Info Class: SessionInformation | success or wait | 654516893 |
Mutant created | Name: \BaseNamedObjects\ofjwkwufhdjfgki | object name exists | 692341371 |
File opened | Path: \pipe\globpluginspipe Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: none Content Overwritten: null | success or wait | 692343976 |
File read | Path: \globpluginspipe Offset: unknown Length: 4 Value: 41 0C 02 00 | success or wait | 692344477 |
File read | Path: \globpluginspipe Offset: unknown Length: 134209 Value: 67 6C 6F 62 70 6C 75 67 69 6E 73 00 04 00 00 00 72 73 74 5F 31 5F 31 00 00 0C 02 00 4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF 00 00 B8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 E8 00 00 00 0E 1F BA 0E 00 B4 09 CD | success or wait | 694111232 |
Memory allocated | PID: 676 Path: C:\WINDOWS\system32\lsass.exe Base: A30000 Length: CAFF08 Allocation Type: unknown Protection: page execute and read and write | success or wait | 694288898 |
Memory allocated | PID: 676 Path: C:\WINDOWS\system32\lsass.exe Base: AA0000 Length: CAFE54 Allocation Type: unknown Protection: page read and write | success or wait | 694302411 |
Memory allocated | PID: 676 Path: C:\WINDOWS\system32\lsass.exe Base: AA0000 Length: CAFE58 Allocation Type: unknown Protection: page read and write | success or wait | 694302686 |
Memory allocated | PID: 676 Path: C:\WINDOWS\system32\lsass.exe Base: AA1000 Length: CAFB34 Allocation Type: unknown Protection: page read and write | success or wait | 694303053 |
Process information queried | PID: 676 Info Class: Cookie | success or wait | 694303527 |
Process information queried | PID: 676 Info Class: Cookie | success or wait | 694303834 |
Process information queried | PID: 676 Info Class: Cookie | success or wait | 694304088 |
Process information queried | PID: 676 Info Class: Cookie | success or wait | 694304339 |
Process information queried | PID: 676 Info Class: Cookie | success or wait | 694304647 |
Process information queried | PID: 676 Info Class: Cookie | success or wait | 694304900 |
Process information queried | PID: 676 Info Class: Cookie | success or wait | 694305151 |
Process information queried | PID: 676 Info Class: Cookie | success or wait | 694305471 |
Process information queried | PID: 676 Info Class: Cookie | success or wait | 694305803 |
Process information queried | PID: 676 Info Class: Cookie | success or wait | 694306875 |
Process information queried | PID: 676 Info Class: Cookie | success or wait | 694307122 |
Process information queried | PID: 676 Info Class: Cookie | success or wait | 694307364 |
Process information queried | PID: 676 Info Class: Cookie | success or wait | 694307518 |
Process information queried | PID: 676 Info Class: Cookie | success or wait | 694307760 |
Process information queried | PID: 676 Info Class: Cookie | success or wait | 694308001 |
Process information queried | PID: 676 Info Class: Cookie | success or wait | 694308243 |
Process information queried | PID: 676 Info Class: Cookie | success or wait | 694308509 |
Process information queried | PID: 676 Info Class: Cookie | success or wait | 694308756 |
Process information queried | PID: 676 Info Class: Cookie | success or wait | 694308998 |
Process information queried | PID: 676 Info Class: Cookie | success or wait | 694309250 |
Process information queried | PID: 676 Info Class: Cookie | success or wait | 694309546 |
Process information queried | PID: 676 Info Class: Cookie | success or wait | 694309803 |
Process information queried | PID: 676 Info Class: Cookie | success or wait | 694310061 |
Process information queried | PID: 676 Info Class: Cookie | success or wait | 694310319 |
Process information queried | PID: 676 Info Class: Cookie | success or wait | 694310713 |
Process information queried | PID: 676 Info Class: Cookie | success or wait | 694310986 |
Process information queried | PID: 676 Info Class: Cookie | success or wait | 694311258 |
Process information queried | PID: 676 Info Class: Cookie | success or wait | 694311526 |
Process information queried | PID: 676 Info Class: Cookie | success or wait | 694311806 |
Process information queried | PID: 676 Info Class: Cookie | success or wait | 694312076 |
Process information queried | PID: 676 Info Class: Cookie | success or wait | 694312345 |
Process information queried | PID: 676 Info Class: Cookie | success or wait | 694312613 |
Process information queried | PID: 676 Info Class: Cookie | success or wait | 694312886 |
Process information queried | PID: 676 Info Class: Cookie | success or wait | 694313154 |
Process information queried | PID: 676 Info Class: Cookie | success or wait | 694313423 |
Process information queried | PID: 676 Info Class: Cookie | success or wait | 694313692 |
Process information queried | PID: 676 Info Class: Cookie | success or wait | 694313964 |
Process information queried | PID: 676 Info Class: Cookie | success or wait | 694314233 |
Process information queried | PID: 676 Info Class: Cookie | success or wait | 694314502 |
Process information queried | PID: 676 Info Class: Cookie | success or wait | 694314771 |
Process information queried | PID: 676 Info Class: Cookie | success or wait | 694315043 |
Process information queried | PID: 676 Info Class: Cookie | success or wait | 694315312 |
Process information queried | PID: 676 Info Class: Cookie | success or wait | 694315581 |
Process information queried | PID: 676 Info Class: Cookie | success or wait | 694315850 |
Process information queried | PID: 676 Info Class: Cookie | success or wait | 694316123 |
Process information queried | PID: 676 Info Class: Cookie | success or wait | 694316392 |
Process information queried | PID: 676 Info Class: Cookie | success or wait | 694316661 |
Process information queried | PID: 676 Info Class: Cookie | success or wait | 694316930 |
Process information queried | PID: 676 Info Class: Cookie | success or wait | 694317201 |
Process information queried | PID: 676 Info Class: Cookie | success or wait | 694317470 |
Thread created | PID: 676 TID: 2436 EIP: 7C8106F9 Imagepath: C:\WINDOWS\system32\lsass.exe | success or wait | 694407982 |
Thread resumed | TID: 2436 PID: 676 Path: C:\WINDOWS\system32\lsass.exe | success or wait | 694408742 |
Thread created | PID: 676 TID: 2440 EIP: 7C8106F9 Imagepath: C:\WINDOWS\system32\lsass.exe | success or wait | 694410370 |
Thread resumed | TID: 2440 PID: 676 Path: C:\WINDOWS\system32\lsass.exe | success or wait | 694411005 |
Thread resumed | TID: 2312 PID: 676 Path: C:\WINDOWS\system32\lsass.exe | success or wait | 759110963 |
Process information queried | PID: 676 Info Class: DefaultHardErrorMode | success or wait | 759126404 |
Process information queried | PID: 676 Info Class: DefaultHardErrorMode | success or wait | 759126643 |
Process information queried | PID: 676 Info Class: DefaultHardErrorMode | success or wait | 759126855 |
Process information queried | PID: 676 Info Class: DefaultHardErrorMode | success or wait | 759127052 |
Process information queried | PID: 676 Info Class: DefaultHardErrorMode | success or wait | 759147520 |
Process information queried | PID: 676 Info Class: DefaultHardErrorMode | success or wait | 759148092 |
Process information queried | PID: 676 Info Class: DefaultHardErrorMode | success or wait | 759148868 |
Process information queried | PID: 676 Info Class: DefaultHardErrorMode | success or wait | 759150918 |
Process information queried | PID: 676 Info Class: DefaultHardErrorMode | success or wait | 759151108 |
Process information queried | PID: 676 Info Class: DefaultHardErrorMode | success or wait | 759153065 |
Section loaded | Path: C:\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-507921405-1960408961-839522115-500\3451b0ec-3405-40b2-a0c3-2aff95c811f5 Access: query and read Type: commit Baseaddress: CD0000 Size: 4096 Protection: readonly Mapped to pid: own pid | success or wait | 759159257 |
Process information queried | PID: 676 Info Class: DefaultHardErrorMode | success or wait | 759162867 |
Process information queried | PID: 676 Info Class: DefaultHardErrorMode | success or wait | 759163113 |
Process information queried | PID: 676 Info Class: DefaultHardErrorMode | success or wait | 759163328 |
Process information queried | PID: 676 Info Class: DefaultHardErrorMode | success or wait | 759163548 |
Process information queried | PID: 676 Info Class: DefaultHardErrorMode | success or wait | 759180536 |
Process information queried | PID: 676 Info Class: DefaultHardErrorMode | success or wait | 759181123 |
Process information queried | PID: 676 Info Class: DefaultHardErrorMode | success or wait | 759181714 |
Process information queried | PID: 676 Info Class: DefaultHardErrorMode | success or wait | 759183793 |
Process information queried | PID: 676 Info Class: DefaultHardErrorMode | success or wait | 759183998 |
Process information queried | PID: 676 Info Class: DefaultHardErrorMode | success or wait | 759186066 |
Section loaded | Path: C:\Documents and Settings\Administrator\Application Data\Microsoft\Protect\CREDHIST Access: query and read Type: commit Baseaddress: CD0000 Size: 4096 Protection: readonly Mapped to pid: own pid | success or wait | 759188805 |
Process information queried | PID: 676 Info Class: DefaultHardErrorMode | success or wait | 759275344 |
Process information queried | PID: 676 Info Class: DefaultHardErrorMode | success or wait | 759275892 |
Process information queried | PID: 676 Info Class: DefaultHardErrorMode | success or wait | 759276096 |
Process information queried | PID: 676 Info Class: DefaultHardErrorMode | success or wait | 759276294 |
Process information queried | PID: 676 Info Class: DefaultHardErrorMode | success or wait | 759292869 |
Process information queried | PID: 676 Info Class: DefaultHardErrorMode | success or wait | 759293434 |
Process information queried | PID: 676 Info Class: DefaultHardErrorMode | success or wait | 759294027 |
Process information queried | PID: 676 Info Class: DefaultHardErrorMode | success or wait | 759296031 |
Process information queried | PID: 676 Info Class: DefaultHardErrorMode | success or wait | 759296221 |
Process information queried | PID: 676 Info Class: DefaultHardErrorMode | success or wait | 759298189 |
Mutant created | Name: \BaseNamedObjects\ofjwkwufhdjfgki | object name exists | 813594293 |
File opened | Path: \pipe\globpluginspipe Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: none Content Overwritten: null | success or wait | 813594952 |
File read | Path: \globpluginspipe Offset: unknown Length: 4 Value: 41 0C 02 00 | success or wait | 813595472 |
File read | Path: \globpluginspipe Offset: unknown Length: 134209 Value: 67 6C 6F 62 70 6C 75 67 69 6E 73 00 04 00 00 00 72 73 74 5F 31 5F 31 00 00 0C 02 00 4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF 00 00 B8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 E8 00 00 00 0E 1F BA 0E 00 B4 09 CD | success or wait | 813605833 |
Sections | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
File Activities:
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Section Activities:
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Mutant Activities:
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Process Activities:
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Thread Activities:
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Memory Activities:
|
Chronological sections | |||
Operation | Data | Completion | Time |
Section loaded | Path: \KnownDlls\WININET.dll Access: write and read and execute Type: unknown Baseaddress: 3D930000 Size: 942080 Protection: read write Mapped to pid: own pid | success or wait | 542208800 |
Section loaded | Path: \KnownDlls\Normaliz.dll Access: write and read and execute Type: unknown Baseaddress: EF0000 Size: 36864 Protection: read write Mapped to pid: own pid | conflicting addresses | 548306287 |
Section loaded | Path: \KnownDlls\urlmon.dll Access: write and read and execute Type: unknown Baseaddress: 78130000 Size: 1257472 Protection: read write Mapped to pid: own pid | success or wait | 549325893 |
Section loaded | Path: \KnownDlls\iertutil.dll Access: write and read and execute Type: unknown Baseaddress: 3DFD0000 Size: 2002944 Protection: read write Mapped to pid: own pid | success or wait | 550627799 |
Memory attributes changed | PID: 836 Path: C:\WINDOWS\system32\svchost.exe Base: 7C90D76E Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 555440317 |
File opened | Path: C:\WINDOWS\system32\ntdll.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: null | success or wait | 555461520 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@4e23c3 | success or wait | 555465618 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 4 Value: D0 00 00 00 | success or wait | 555469975 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@df416 | success or wait | 555472774 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 20 Value: 4C 01 04 00 7D F2 00 4D 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 555485967 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 D0 07 00 00 3C 03 00 00 00 00 00 F8 20 01 00 00 10 00 00 00 90 07 00 00 00 90 7C 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 0A 00 00 00 00 00 00 20 0B 00 00 04 00 00 30 FD 0A 00 03 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 34 00 00 | success or wait | 556140688 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@13d99c | success or wait | 556145132 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 DA CE 07 00 00 10 00 00 00 D0 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 20 4A 00 00 00 E0 07 00 00 32 00 00 00 D4 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 78 BE 02 00 00 30 08 00 00 C0 02 00 | success or wait | 556147272 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@133badd | success or wait | 556159228 |
Section loaded | Path: C:\WINDOWS\system32\ntdll.dll Access: query and read Type: commit Baseaddress: F20000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 556162270 |
Memory attributes changed | PID: 836 Path: C:\WINDOWS\system32\svchost.exe Base: 7C90D76E Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 556744679 |
Memory attributes changed | PID: 836 Path: C:\WINDOWS\system32\svchost.exe Base: BAFCD70 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 556748432 |
Memory attributes changed | PID: 836 Path: C:\WINDOWS\system32\svchost.exe Base: 7C90DF1E Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 556751137 |
File opened | Path: C:\WINDOWS\system32\ntdll.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: null | success or wait | 556768354 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@4e23c3 | success or wait | 556784038 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 4 Value: D0 00 00 00 | success or wait | 556786568 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@df416 | success or wait | 556799271 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 20 Value: 4C 01 04 00 7D F2 00 4D 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 556802908 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 D0 07 00 00 3C 03 00 00 00 00 00 F8 20 01 00 00 10 00 00 00 90 07 00 00 00 90 7C 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 0A 00 00 00 00 00 00 20 0B 00 00 04 00 00 30 FD 0A 00 03 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 34 00 00 | success or wait | 556808602 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@13d99c | success or wait | 556811664 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 DA CE 07 00 00 10 00 00 00 D0 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 20 4A 00 00 00 E0 07 00 00 32 00 00 00 D4 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 78 BE 02 00 00 30 08 00 00 C0 02 00 | success or wait | 556813898 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@133badd | success or wait | 556817480 |
Section loaded | Path: C:\WINDOWS\system32\ntdll.dll Access: query and read Type: commit Baseaddress: F20000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 556820308 |
Memory attributes changed | PID: 836 Path: C:\WINDOWS\system32\svchost.exe Base: 7C90DF1E Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 556914860 |
Memory attributes changed | PID: 836 Path: C:\WINDOWS\system32\svchost.exe Base: BB17110 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 556920058 |
Memory attributes changed | PID: 836 Path: C:\WINDOWS\system32\svchost.exe Base: 7C90D2EE Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 556923446 |
File opened | Path: C:\WINDOWS\system32\ntdll.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: null | success or wait | 556936202 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@4e23c3 | success or wait | 556950572 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 4 Value: D0 00 00 00 | success or wait | 556952898 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@df416 | success or wait | 558050909 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 20 Value: 4C 01 04 00 7D F2 00 4D 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 558057300 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 D0 07 00 00 3C 03 00 00 00 00 00 F8 20 01 00 00 10 00 00 00 90 07 00 00 00 90 7C 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 0A 00 00 00 00 00 00 20 0B 00 00 04 00 00 30 FD 0A 00 03 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 34 00 00 | success or wait | 558072468 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@13d99c | success or wait | 558075841 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 DA CE 07 00 00 10 00 00 00 D0 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 20 4A 00 00 00 E0 07 00 00 32 00 00 00 D4 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 78 BE 02 00 00 30 08 00 00 C0 02 00 | success or wait | 558086771 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@133badd | success or wait | 558127805 |
Section loaded | Path: C:\WINDOWS\system32\ntdll.dll Access: query and read Type: commit Baseaddress: F20000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 558132614 |
Memory attributes changed | PID: 836 Path: C:\WINDOWS\system32\svchost.exe Base: 7C90D2EE Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 558172325 |
Memory attributes changed | PID: 836 Path: C:\WINDOWS\system32\svchost.exe Base: BB02A80 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 558190127 |
Memory attributes changed | PID: 836 Path: C:\WINDOWS\system32\svchost.exe Base: 7C90DB3E Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 558193304 |
File opened | Path: C:\WINDOWS\system32\ntdll.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: null | success or wait | 558215063 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@4e23c3 | success or wait | 558225057 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 4 Value: D0 00 00 00 | success or wait | 558228086 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@df416 | success or wait | 558237086 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 20 Value: 4C 01 04 00 7D F2 00 4D 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 558240741 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 D0 07 00 00 3C 03 00 00 00 00 00 F8 20 01 00 00 10 00 00 00 90 07 00 00 00 90 7C 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 0A 00 00 00 00 00 00 20 0B 00 00 04 00 00 30 FD 0A 00 03 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 34 00 00 | success or wait | 558243271 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@13d99c | success or wait | 558245718 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 DA CE 07 00 00 10 00 00 00 D0 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 20 4A 00 00 00 E0 07 00 00 32 00 00 00 D4 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 78 BE 02 00 00 30 08 00 00 C0 02 00 | success or wait | 558248409 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@133badd | success or wait | 558252400 |
Section loaded | Path: C:\WINDOWS\system32\ntdll.dll Access: query and read Type: commit Baseaddress: F20000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 558254814 |
Memory attributes changed | PID: 836 Path: C:\WINDOWS\system32\svchost.exe Base: 7C90DB3E Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 559581650 |
Memory attributes changed | PID: 836 Path: C:\WINDOWS\system32\svchost.exe Base: BB169A8 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 559605928 |
Memory attributes changed | PID: 836 Path: C:\WINDOWS\system32\svchost.exe Base: 7C91632D Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 559640564 |
File opened | Path: C:\WINDOWS\system32\ntdll.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: null | success or wait | 559667808 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@4e23c3 | success or wait | 559675710 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 4 Value: D0 00 00 00 | success or wait | 559685895 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@df416 | success or wait | 559696501 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 20 Value: 4C 01 04 00 7D F2 00 4D 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 559704145 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 D0 07 00 00 3C 03 00 00 00 00 00 F8 20 01 00 00 10 00 00 00 90 07 00 00 00 90 7C 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 0A 00 00 00 00 00 00 20 0B 00 00 04 00 00 30 FD 0A 00 03 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 34 00 00 | success or wait | 559717797 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@13d99c | success or wait | 559723699 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 DA CE 07 00 00 10 00 00 00 D0 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 20 4A 00 00 00 E0 07 00 00 32 00 00 00 D4 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 78 BE 02 00 00 30 08 00 00 C0 02 00 | success or wait | 559751205 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@133badd | success or wait | 559760187 |
Section loaded | Path: C:\WINDOWS\system32\ntdll.dll Access: query and read Type: commit Baseaddress: F20000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 559778386 |
Memory attributes changed | PID: 836 Path: C:\WINDOWS\system32\svchost.exe Base: 7C91632D Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 559914114 |
Memory attributes changed | PID: 836 Path: C:\WINDOWS\system32\svchost.exe Base: BB031F0 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 559922757 |
Memory attributes changed | PID: 836 Path: C:\WINDOWS\system32\svchost.exe Base: 7E418BF6 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 559929827 |
File other op | Path: C:\WINDOWS\system32\user32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1310e0a | success or wait | 563836873 |
File read | Path: C:\WINDOWS\system32\user32.dll Offset: unknown Length: 4 Value: D8 00 00 00 | success or wait | 563848344 |
File other op | Path: C:\WINDOWS\system32\user32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@190efa8 | success or wait | 563851689 |
File read | Path: C:\WINDOWS\system32\user32.dll Offset: unknown Length: 20 Value: 4C 01 04 00 1B A1 02 48 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 563854149 |
File read | Path: C:\WINDOWS\system32\user32.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 F4 05 00 00 E2 02 00 00 00 00 00 17 B2 00 00 00 10 00 00 00 B0 05 00 00 00 41 7E 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 00 00 00 00 00 00 00 10 09 00 00 04 00 00 76 FC 08 00 02 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 39 00 00 | success or wait | 563858151 |
File other op | Path: C:\WINDOWS\system32\user32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@661a11 | success or wait | 563861118 |
File read | Path: C:\WINDOWS\system32\user32.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 83 F2 05 00 00 10 00 00 00 F4 05 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 80 11 00 00 00 10 06 00 00 0C 00 00 00 F8 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 88 A0 02 00 00 30 06 00 00 A2 02 00 | success or wait | 563878681 |
File other op | Path: C:\WINDOWS\system32\user32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1397218 | success or wait | 563895622 |
Section loaded | Path: C:\WINDOWS\system32\user32.dll Access: query and read Type: commit Baseaddress: F20000 Size: 57344 Protection: readonly Mapped to pid: own pid | success or wait | 563911541 |
Memory attributes changed | PID: 836 Path: C:\WINDOWS\system32\svchost.exe Base: 7E418BF6 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 564059706 |
Memory attributes changed | PID: 836 Path: C:\WINDOWS\system32\svchost.exe Base: BB02140 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 564071293 |
File read | Path: C:\skhfushjflw\config.bin Offset: unknown Length: 74019 Value: 50 5F A6 6E 46 82 4F 8B 57 93 A9 9E 12 94 50 94 50 94 50 94 50 94 65 A2 66 A2 68 AC 79 BD E4 97 C1 E3 88 2B 9D C5 E2 92 23 B3 04 C0 03 7C B1 2A B3 BE CE AD 37 FD 39 FD 3B 6B 1F 81 21 06 02 04 95 44 7B 58 4F 33 E4 CF A8 3F D4 7E 21 05 7D B3 67 3E 96 B1 22 34 C2 F2 16 A5 36 26 B2 39 84 48 E5 22 EE 43 | success or wait | 564111201 |
Memory attributes changed | PID: 836 Path: C:\WINDOWS\system32\svchost.exe Base: 3D949088 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 564200708 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: null | success or wait | 564214442 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@7196b2 | success or wait | 564229159 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 564269550 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@15ca232 | success or wait | 564286389 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 564289474 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 564292050 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@9c98e8 | success or wait | 564295207 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 564299690 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@fade06 | success or wait | 564304884 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: F20000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 564308516 |
Memory attributes changed | PID: 836 Path: C:\WINDOWS\system32\svchost.exe Base: 3D949088 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 564546665 |
Memory attributes changed | PID: 836 Path: C:\WINDOWS\system32\svchost.exe Base: BB17598 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 564564225 |
Memory attributes changed | PID: 836 Path: C:\WINDOWS\system32\svchost.exe Base: 3D95EE89 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 564591990 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: null | success or wait | 564702582 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@7196b2 | success or wait | 564717560 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 564743047 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@15ca232 | success or wait | 564751620 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 564763385 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 564771895 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@9c98e8 | success or wait | 564780328 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 564790785 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@fade06 | success or wait | 564799968 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: F20000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 564808820 |
Memory attributes changed | PID: 836 Path: C:\WINDOWS\system32\svchost.exe Base: 3D95EE89 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 565758594 |
Memory attributes changed | PID: 836 Path: C:\WINDOWS\system32\svchost.exe Base: BB16B68 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 565767012 |
Memory attributes changed | PID: 836 Path: C:\WINDOWS\system32\svchost.exe Base: 3D94FABE Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 565776655 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: null | success or wait | 565807152 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@7196b2 | success or wait | 565917357 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 565927514 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@15ca232 | success or wait | 565957945 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 565969811 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 565979338 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@9c98e8 | success or wait | 566009950 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 566017454 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@fade06 | success or wait | 566046544 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: F20000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 566056808 |
Memory attributes changed | PID: 836 Path: C:\WINDOWS\system32\svchost.exe Base: 3D94FABE Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 566714143 |
Memory attributes changed | PID: 836 Path: C:\WINDOWS\system32\svchost.exe Base: BAFC6D0 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 566743289 |
Memory attributes changed | PID: 836 Path: C:\WINDOWS\system32\svchost.exe Base: 3D9A608E Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 566753032 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: null | success or wait | 567735378 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@7196b2 | success or wait | 567777414 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 567786572 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@15ca232 | success or wait | 567835662 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 567847929 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 567863989 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@9c98e8 | success or wait | 567872525 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 567919187 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@fade06 | success or wait | 567929000 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: F20000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 568048974 |
Memory attributes changed | PID: 836 Path: C:\WINDOWS\system32\svchost.exe Base: 3D9A608E Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 568154514 |
Memory attributes changed | PID: 836 Path: C:\WINDOWS\system32\svchost.exe Base: BB05EA0 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 568171049 |
File read | Path: C:\skhfushjflw\config.bin Offset: unknown Length: 74019 Value: 50 5F A6 6E 46 82 4F 8B 57 93 A9 9E 12 94 50 94 50 94 50 94 50 94 65 A2 66 A2 68 AC 79 BD E4 97 C1 E3 88 2B 9D C5 E2 92 23 B3 04 C0 03 7C B1 2A B3 BE CE AD 37 FD 39 FD 3B 6B 1F 81 21 06 02 04 95 44 7B 58 4F 33 E4 CF A8 3F D4 7E 21 05 7D B3 67 3E 96 B1 22 34 C2 F2 16 A5 36 26 B2 39 84 48 E5 22 EE 43 | success or wait | 568221119 |
Memory attributes changed | PID: 836 Path: C:\WINDOWS\system32\svchost.exe Base: 3D94D508 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 568710310 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: null | success or wait | 568773684 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@7196b2 | success or wait | 568782308 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 568795261 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@15ca232 | success or wait | 568836314 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 568856456 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 568872791 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@9c98e8 | success or wait | 568887231 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 568942520 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@fade06 | success or wait | 568952317 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: F20000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 569014121 |
Memory attributes changed | PID: 836 Path: C:\WINDOWS\system32\svchost.exe Base: 3D94D508 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 569205038 |
Memory attributes changed | PID: 836 Path: C:\WINDOWS\system32\svchost.exe Base: BB06620 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 569212289 |
Memory attributes changed | PID: 836 Path: C:\WINDOWS\system32\svchost.exe Base: 3D94CF4E Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 569221102 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: null | success or wait | 569274478 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@7196b2 | success or wait | 569283592 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 569293859 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@15ca232 | success or wait | 569303830 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 569314666 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 569330442 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@9c98e8 | success or wait | 569342762 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 569410953 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@fade06 | success or wait | 569606051 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: F20000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 569730560 |
Memory attributes changed | PID: 836 Path: C:\WINDOWS\system32\svchost.exe Base: 3D94CF4E Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 570277390 |
Memory attributes changed | PID: 836 Path: C:\WINDOWS\system32\svchost.exe Base: BB17758 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 570290803 |
Memory attributes changed | PID: 836 Path: C:\WINDOWS\system32\svchost.exe Base: 3D94878D Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 570308372 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: null | success or wait | 570344518 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@7196b2 | success or wait | 570409215 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 570419613 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@15ca232 | success or wait | 570524311 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 570658972 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 570673975 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@9c98e8 | success or wait | 570885305 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 570896700 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@fade06 | success or wait | 570904894 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: F20000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 570916463 |
Memory attributes changed | PID: 836 Path: C:\WINDOWS\system32\svchost.exe Base: 3D94878D Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 571070198 |
Memory attributes changed | PID: 836 Path: C:\WINDOWS\system32\svchost.exe Base: BB033B0 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 571074370 |
Memory attributes changed | PID: 836 Path: C:\WINDOWS\system32\svchost.exe Base: 3D940049 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 571088804 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: null | success or wait | 571110897 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@7196b2 | success or wait | 571116488 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 571119170 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@15ca232 | success or wait | 571122026 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 571128047 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 571131529 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@9c98e8 | success or wait | 571135499 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 571146581 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@fade06 | success or wait | 571155268 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: F20000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 571163012 |
Memory attributes changed | PID: 836 Path: C:\WINDOWS\system32\svchost.exe Base: 3D940049 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 571218638 |
Memory attributes changed | PID: 836 Path: C:\WINDOWS\system32\svchost.exe Base: BB17AA8 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 571275841 |
Memory attributes changed | PID: 836 Path: C:\WINDOWS\system32\svchost.exe Base: 3D94BF83 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 571288031 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: null | success or wait | 571897312 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@7196b2 | success or wait | 571904631 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 571908507 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@15ca232 | success or wait | 571914117 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 571917949 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 571933425 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@9c98e8 | success or wait | 571936403 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 571975976 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@fade06 | success or wait | 571979921 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: F20000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 571982887 |
Memory attributes changed | PID: 836 Path: C:\WINDOWS\system32\svchost.exe Base: 3D94BF83 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 572017352 |
Memory attributes changed | PID: 836 Path: C:\WINDOWS\system32\svchost.exe Base: BB02C30 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 572057754 |
Memory attributes changed | PID: 836 Path: C:\WINDOWS\system32\svchost.exe Base: 3D94654B Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 572061318 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: null | success or wait | 572083441 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@7196b2 | success or wait | 572087217 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 572090387 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@15ca232 | success or wait | 572093272 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 572100832 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 572104860 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@9c98e8 | success or wait | 572107428 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 572121873 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@fade06 | success or wait | 572125912 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: F20000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 572128426 |
Memory attributes changed | PID: 836 Path: C:\WINDOWS\system32\svchost.exe Base: 3D94654B Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 572192680 |
Memory attributes changed | PID: 836 Path: C:\WINDOWS\system32\svchost.exe Base: BB035C0 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 572194670 |
Memory attributes changed | PID: 836 Path: C:\WINDOWS\system32\svchost.exe Base: 3D963381 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 572197548 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: null | success or wait | 572207002 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@7196b2 | success or wait | 572212865 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 572215136 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@15ca232 | success or wait | 572217391 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 572219941 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 572223794 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@9c98e8 | success or wait | 572226067 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 572263679 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@fade06 | success or wait | 572266723 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: F20000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 572281051 |
Memory attributes changed | PID: 836 Path: C:\WINDOWS\system32\svchost.exe Base: 3D963381 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 572626770 |
Memory attributes changed | PID: 836 Path: C:\WINDOWS\system32\svchost.exe Base: BAFCB48 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 572638285 |
Memory attributes changed | PID: 836 Path: C:\WINDOWS\system32\svchost.exe Base: 71AB4C27 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 572676876 |
File opened | Path: c:\windows\system32\WS2_32.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: null | success or wait | 572692581 |
File other op | Path: C:\WINDOWS\system32\ws2_32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@6846c | success or wait | 572697956 |
File read | Path: C:\WINDOWS\system32\ws2_32.dll Offset: unknown Length: 4 Value: F0 00 00 00 | success or wait | 572700231 |
File other op | Path: C:\WINDOWS\system32\ws2_32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1dfeb30 | success or wait | 572713526 |
File read | Path: C:\WINDOWS\system32\ws2_32.dll Offset: unknown Length: 20 Value: 4C 01 04 00 63 A1 02 48 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 572717608 |
File read | Path: C:\WINDOWS\system32\ws2_32.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 22 01 00 00 1C 00 00 00 00 00 00 73 12 00 00 00 10 00 00 00 20 01 00 00 00 AB 71 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 0A 00 00 00 00 00 00 70 01 00 00 04 00 00 20 F0 01 00 03 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 04 14 00 00 | success or wait | 572720052 |
File other op | Path: C:\WINDOWS\system32\ws2_32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1c9b6eb | success or wait | 572722217 |
File read | Path: C:\WINDOWS\system32\ws2_32.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 53 21 01 00 00 10 00 00 00 22 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 14 09 00 00 00 40 01 00 00 0A 00 00 00 26 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 F8 03 00 00 00 50 01 00 00 04 00 00 | success or wait | 572726548 |
File other op | Path: C:\WINDOWS\system32\ws2_32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@817d6 | success or wait | 573046693 |
Section loaded | Path: C:\WINDOWS\system32\ws2_32.dll Access: query and read Type: commit Baseaddress: F20000 Size: 20480 Protection: readonly Mapped to pid: own pid | success or wait | 573049953 |
Memory attributes changed | PID: 836 Path: C:\WINDOWS\system32\svchost.exe Base: 71AB4C27 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 573108581 |
File opened | Path: C:\WINDOWS\system32\ADVAPI32.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: null | success or wait | 573134465 |
File other op | Path: C:\WINDOWS\system32\advapi32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@154fc43 | success or wait | 573137202 |
File read | Path: C:\WINDOWS\system32\advapi32.dll Offset: unknown Length: 4 Value: F0 00 00 00 | success or wait | 573139242 |
File other op | Path: C:\WINDOWS\system32\advapi32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@7dac02 | success or wait | 573154704 |
File read | Path: C:\WINDOWS\system32\advapi32.dll Offset: unknown Length: 20 Value: 4C 01 04 00 48 1D 90 49 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 573157351 |
File read | Path: C:\WINDOWS\system32\advapi32.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 46 07 00 00 3E 02 00 00 00 00 00 0B 71 00 00 00 10 00 00 00 20 07 00 00 00 DD 77 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 00 00 00 00 00 00 00 B0 09 00 00 04 00 00 B8 5B 0A 00 03 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 A4 16 00 00 | success or wait | 573160613 |
File other op | Path: C:\WINDOWS\system32\advapi32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@a7d968 | success or wait | 573162943 |
File read | Path: C:\WINDOWS\system32\advapi32.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 C9 45 07 00 00 10 00 00 00 46 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 28 46 00 00 00 60 07 00 00 2C 00 00 00 4A 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 80 A9 01 00 00 B0 07 00 00 AA 01 00 | success or wait | 573201134 |
File other op | Path: C:\WINDOWS\system32\advapi32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1b2601c | success or wait | 573204209 |
Section loaded | Path: C:\WINDOWS\system32\advapi32.dll Access: query and read Type: commit Baseaddress: F20000 Size: 28672 Protection: readonly Mapped to pid: own pid | success or wait | 573206501 |
File opened | Path: c:\windows\system32\CRYPT32.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: null | success or wait | 573279458 |
File other op | Path: C:\WINDOWS\system32\crypt32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1c3d029 | success or wait | 573283722 |
File read | Path: C:\WINDOWS\system32\crypt32.dll Offset: unknown Length: 4 Value: F0 00 00 00 | success or wait | 573288629 |
File other op | Path: C:\WINDOWS\system32\crypt32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@974e4b | success or wait | 573302329 |
File read | Path: C:\WINDOWS\system32\crypt32.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D7 A0 02 48 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 573304498 |
File read | Path: C:\WINDOWS\system32\crypt32.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 44 08 00 00 DC 00 00 00 00 00 00 32 16 00 00 00 10 00 00 00 20 08 00 00 00 A8 77 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 00 00 00 00 00 00 00 50 09 00 00 04 00 00 30 C5 09 00 02 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 9C 1A 00 00 | success or wait | 573306850 |
File other op | Path: C:\WINDOWS\system32\crypt32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1955dd4 | success or wait | 573309078 |
File read | Path: C:\WINDOWS\system32\crypt32.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 C4 43 08 00 00 10 00 00 00 44 08 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 E8 23 00 00 00 60 08 00 00 24 00 00 00 48 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 50 67 00 00 00 90 08 00 00 68 00 00 | success or wait | 573363009 |
File other op | Path: C:\WINDOWS\system32\crypt32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@14322ba | success or wait | 573369734 |
Section loaded | Path: C:\WINDOWS\system32\crypt32.dll Access: query and read Type: commit Baseaddress: F80000 Size: 77824 Protection: readonly Mapped to pid: own pid | success or wait | 573377145 |
Mutant created | Name: \BaseNamedObjects\WTFGQ7AIWawyMYWWRAk3SWXkgj39MdG | object name exists | 573444124 |
Thread created | PID: 836 TID: 3780 EIP: 7C8106F9 Imagepath: C:\WINDOWS\system32\svchost.exe | success or wait | 573497465 |
Thread resumed | TID: 3780 PID: 836 Path: C:\WINDOWS\system32\svchost.exe | success or wait | 573545932 |
File opened | Path: \pipe\globpluginspipe Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: none Content Overwritten: null | object name not found | 573558465 |
Thread created | PID: 836 TID: 3800 EIP: 7C8106F9 Imagepath: C:\WINDOWS\system32\svchost.exe | success or wait | 573600706 |
Thread resumed | TID: 3800 PID: 836 Path: C:\WINDOWS\system32\svchost.exe | success or wait | 573611389 |
Thread delayed | Time: 0 TID: 3800 | success or wait | 573615074 |
Thread delayed | Time: 0 TID: 3800 | success or wait | 574804151 |
Thread delayed | Time: 0 TID: 3800 | success or wait | 576042437 |
Thread delayed | Time: 0 TID: 3800 | success or wait | 577182350 |
Thread delayed | Time: 0 TID: 3800 | success or wait | 578412662 |
Thread delayed | Time: 0 TID: 3800 | success or wait | 580086066 |
Thread delayed | Time: 0 TID: 3800 | success or wait | 582419996 |
Thread delayed | Time: 0 TID: 3800 | success or wait | 583831626 |
Thread delayed | Time: 0 TID: 3800 | success or wait | 585038106 |
Thread delayed | Time: 0 TID: 3800 | success or wait | 586636470 |
Thread delayed | Time: 0 TID: 3800 | success or wait | 587747506 |
Thread delayed | Time: 0 TID: 3800 | success or wait | 588868690 |
Thread delayed | Time: 0 TID: 3800 | success or wait | 589987340 |
Thread delayed | Time: 0 TID: 3800 | success or wait | 591106202 |
Thread delayed | Time: 0 TID: 3800 | success or wait | 592224562 |
Thread delayed | Time: 0 TID: 3800 | success or wait | 593343066 |
Thread delayed | Time: 0 TID: 3800 | success or wait | 594648218 |
Thread delayed | Time: 0 TID: 3800 | success or wait | 596042309 |
Thread delayed | Time: 0 TID: 3800 | success or wait | 597144049 |
Thread delayed | Time: 0 TID: 3800 | success or wait | 598274858 |
Thread delayed | Time: 0 TID: 3800 | success or wait | 599578502 |
Thread delayed | Time: 0 TID: 3800 | success or wait | 600672888 |
Thread delayed | Time: 0 TID: 3800 | success or wait | 601794288 |
Thread delayed | Time: 0 TID: 3800 | success or wait | 602914934 |
Thread delayed | Time: 0 TID: 3800 | success or wait | 604211061 |
Thread delayed | Time: 0 TID: 3800 | success or wait | 605418208 |
Thread delayed | Time: 0 TID: 3800 | success or wait | 606488142 |
Thread delayed | Time: 0 TID: 3800 | success or wait | 607606128 |
Thread delayed | Time: 0 TID: 3800 | success or wait | 608744927 |
Thread delayed | Time: 0 TID: 3800 | success or wait | 609842855 |
Thread delayed | Time: 0 TID: 3800 | success or wait | 610959161 |
Thread delayed | Time: 0 TID: 3800 | success or wait | 612079720 |
Thread delayed | Time: 0 TID: 3800 | success or wait | 613199138 |
Thread delayed | Time: 0 TID: 3800 | success or wait | 614320072 |
Thread delayed | Time: 0 TID: 3800 | success or wait | 615436091 |
Thread delayed | Time: 0 TID: 3800 | success or wait | 616554519 |
Thread delayed | Time: 0 TID: 3800 | success or wait | 617676133 |
Thread delayed | Time: 0 TID: 3800 | success or wait | 618791794 |
Thread delayed | Time: 0 TID: 3800 | success or wait | 619918400 |
Thread delayed | Time: 0 TID: 3800 | success or wait | 621028902 |
Thread delayed | Time: 0 TID: 3800 | success or wait | 622148143 |
Thread delayed | Time: 0 TID: 3800 | success or wait | 623266138 |
Thread delayed | Time: 0 TID: 3800 | success or wait | 624387440 |
Thread delayed | Time: 0 TID: 3800 | success or wait | 625503406 |
Thread delayed | Time: 0 TID: 3800 | success or wait | 626625033 |
Thread delayed | Time: 0 TID: 3800 | success or wait | 627740751 |
Thread delayed | Time: 0 TID: 3800 | success or wait | 628863543 |
Thread delayed | Time: 0 TID: 3800 | success or wait | 629978583 |
Thread delayed | Time: 0 TID: 3800 | success or wait | 631096855 |
Thread delayed | Time: 0 TID: 3800 | success or wait | 632214970 |
Section loaded | Path: C:\Program Files\Internet Explorer\iexplore.exe Access: query and write and read and execute and extend size Type: image Baseaddress: F80000 Size: 77824 Protection: readonly Mapped to pid: own pid | success or wait | 639570133 |
Section loaded | Path: C:\WINDOWS\AppPatch\sysmain.sdb Access: read Type: commit Baseaddress: 2510000 Size: 1208320 Protection: readonly Mapped to pid: own pid | success or wait | 639576912 |
Process information queried | PID: 836 Info Class: DefaultHardErrorMode | success or wait | 639583954 |
Process information queried | PID: 836 Info Class: DefaultHardErrorMode | success or wait | 639586225 |
Process information queried | PID: 836 Info Class: DeviceMap | success or wait | 639586622 |
Process information queried | PID: 836 Info Class: DefaultHardErrorMode | success or wait | 639606194 |
Section loaded | Path: C:\WINDOWS\system32\ir50_qcx.dll Access: write and read and execute Type: commit Baseaddress: EB0000 Size: 184320 Protection: execute Mapped to pid: own pid | success or wait | 639608113 |
Section loaded | Path: C:\WINDOWS\system32\ir50_qcx.dll Access: query and read Type: commit Baseaddress: EB0000 Size: 184320 Protection: readonly Mapped to pid: own pid | success or wait | 639614009 |
Process information queried | PID: 836 Info Class: DefaultHardErrorMode | success or wait | 639617145 |
Process information queried | PID: 836 Info Class: DefaultHardErrorMode | success or wait | 639620880 |
Section loaded | Path: C:\WINDOWS\system32\ir50_qcx.dll Access: write and read and execute Type: commit Baseaddress: EB0000 Size: 184320 Protection: execute Mapped to pid: own pid | success or wait | 639622740 |
Section loaded | Path: C:\WINDOWS\system32\ir50_qcx.dll Access: query and read Type: commit Baseaddress: EB0000 Size: 184320 Protection: readonly Mapped to pid: own pid | success or wait | 639626318 |
Process information queried | PID: 836 Info Class: DefaultHardErrorMode | success or wait | 639629353 |
Process information queried | PID: 836 Info Class: DefaultHardErrorMode | success or wait | 639631942 |
Section loaded | Path: C:\WINDOWS\system32\ir50_qc.dll Access: write and read and execute Type: commit Baseaddress: EB0000 Size: 200704 Protection: execute Mapped to pid: own pid | success or wait | 639633794 |
Section loaded | Path: C:\WINDOWS\system32\ir50_qc.dll Access: query and read Type: commit Baseaddress: EB0000 Size: 200704 Protection: readonly Mapped to pid: own pid | success or wait | 639639186 |
Process information queried | PID: 836 Info Class: DefaultHardErrorMode | success or wait | 639642229 |
Process information queried | PID: 836 Info Class: DefaultHardErrorMode | success or wait | 639646026 |
Section loaded | Path: C:\WINDOWS\system32\ir50_qc.dll Access: write and read and execute Type: commit Baseaddress: EB0000 Size: 200704 Protection: execute Mapped to pid: own pid | success or wait | 639648199 |
Section loaded | Path: C:\WINDOWS\system32\ir50_qc.dll Access: query and read Type: commit Baseaddress: EB0000 Size: 200704 Protection: readonly Mapped to pid: own pid | success or wait | 639652387 |
Process information queried | PID: 836 Info Class: DefaultHardErrorMode | success or wait | 639655639 |
Process information queried | PID: 836 Info Class: DefaultHardErrorMode | success or wait | 639658119 |
Section loaded | Path: C:\WINDOWS\system32\ir50_32.dll Access: write and read and execute Type: commit Baseaddress: 2640000 Size: 757760 Protection: execute Mapped to pid: own pid | success or wait | 639659970 |
Section loaded | Path: C:\WINDOWS\system32\ir50_32.dll Access: query and read Type: commit Baseaddress: 2640000 Size: 757760 Protection: readonly Mapped to pid: own pid | success or wait | 639665481 |
Process information queried | PID: 836 Info Class: DefaultHardErrorMode | success or wait | 639668543 |
Process information queried | PID: 836 Info Class: DefaultHardErrorMode | success or wait | 639674758 |
Section loaded | Path: C:\WINDOWS\system32\ir50_32.dll Access: write and read and execute Type: commit Baseaddress: 2640000 Size: 757760 Protection: execute Mapped to pid: own pid | success or wait | 639676613 |
Section loaded | Path: C:\WINDOWS\system32\ir50_32.dll Access: query and read Type: commit Baseaddress: 2640000 Size: 757760 Protection: readonly Mapped to pid: own pid | success or wait | 639680207 |
Process information queried | PID: 836 Info Class: DefaultHardErrorMode | success or wait | 639683558 |
Process information queried | PID: 836 Info Class: DefaultHardErrorMode | success or wait | 639689115 |
Section loaded | Path: C:\WINDOWS\system32\ir41_qcx.dll Access: write and read and execute Type: commit Baseaddress: 2640000 Size: 339968 Protection: execute Mapped to pid: own pid | success or wait | 639690976 |
Section loaded | Path: C:\WINDOWS\system32\ir41_qcx.dll Access: query and read Type: commit Baseaddress: 2640000 Size: 339968 Protection: readonly Mapped to pid: own pid | success or wait | 639696402 |
Process information queried | PID: 836 Info Class: DefaultHardErrorMode | success or wait | 639699469 |
Process information queried | PID: 836 Info Class: DefaultHardErrorMode | success or wait | 639703878 |
Section loaded | Path: C:\WINDOWS\system32\ir41_qcx.dll Access: write and read and execute Type: commit Baseaddress: 2640000 Size: 339968 Protection: execute Mapped to pid: own pid | success or wait | 639708880 |
Section loaded | Path: C:\WINDOWS\system32\ir41_qcx.dll Access: query and read Type: commit Baseaddress: 2640000 Size: 339968 Protection: readonly Mapped to pid: own pid | success or wait | 639712637 |
Process information queried | PID: 836 Info Class: DefaultHardErrorMode | success or wait | 639715717 |
Process information queried | PID: 836 Info Class: DefaultHardErrorMode | success or wait | 639718840 |
Section loaded | Path: C:\WINDOWS\system32\ir41_qc.dll Access: write and read and execute Type: commit Baseaddress: EB0000 Size: 122880 Protection: execute Mapped to pid: own pid | success or wait | 639720895 |
Section loaded | Path: C:\WINDOWS\system32\ir41_qc.dll Access: query and read Type: commit Baseaddress: EB0000 Size: 122880 Protection: readonly Mapped to pid: own pid | success or wait | 639726121 |
Process information queried | PID: 836 Info Class: DefaultHardErrorMode | success or wait | 639729190 |
Process information queried | PID: 836 Info Class: DefaultHardErrorMode | success or wait | 639732635 |
Section loaded | Path: C:\WINDOWS\system32\ir41_qc.dll Access: write and read and execute Type: commit Baseaddress: EB0000 Size: 122880 Protection: execute Mapped to pid: own pid | success or wait | 639734513 |
Section loaded | Path: C:\WINDOWS\system32\ir41_qc.dll Access: query and read Type: commit Baseaddress: EB0000 Size: 122880 Protection: readonly Mapped to pid: own pid | success or wait | 639738177 |
Process information queried | PID: 836 Info Class: DefaultHardErrorMode | success or wait | 639741236 |
Process information queried | PID: 836 Info Class: DefaultHardErrorMode | success or wait | 639743502 |
Section loaded | Path: C:\WINDOWS\system32\ir41_32.ax Access: write and read and execute Type: commit Baseaddress: 2640000 Size: 851968 Protection: execute Mapped to pid: own pid | success or wait | 639745350 |
Section loaded | Path: C:\WINDOWS\system32\ir41_32.ax Access: query and read Type: commit Baseaddress: 2640000 Size: 851968 Protection: readonly Mapped to pid: own pid | success or wait | 639750762 |
Process information queried | PID: 836 Info Class: DefaultHardErrorMode | success or wait | 639754105 |
Process information queried | PID: 836 Info Class: DefaultHardErrorMode | success or wait | 639760429 |
Section loaded | Path: C:\WINDOWS\system32\ir41_32.ax Access: write and read and execute Type: commit Baseaddress: 2640000 Size: 851968 Protection: execute Mapped to pid: own pid | success or wait | 639762659 |
Section loaded | Path: C:\WINDOWS\system32\ir41_32.ax Access: query and read Type: commit Baseaddress: 2640000 Size: 851968 Protection: readonly Mapped to pid: own pid | success or wait | 639766253 |
Process information queried | PID: 836 Info Class: DefaultHardErrorMode | success or wait | 639769302 |
Process information queried | PID: 836 Info Class: DefaultHardErrorMode | success or wait | 639773363 |
Section loaded | Path: C:\WINDOWS\system32\ir32_32.dll Access: write and read and execute Type: commit Baseaddress: EB0000 Size: 200704 Protection: execute Mapped to pid: own pid | success or wait | 639775218 |
Section loaded | Path: C:\WINDOWS\system32\ir32_32.dll Access: query and read Type: commit Baseaddress: EB0000 Size: 200704 Protection: readonly Mapped to pid: own pid | success or wait | 639780609 |
Process information queried | PID: 836 Info Class: DefaultHardErrorMode | success or wait | 639783718 |
Process information queried | PID: 836 Info Class: DefaultHardErrorMode | success or wait | 639787540 |
Section loaded | Path: C:\WINDOWS\system32\ir32_32.dll Access: write and read and execute Type: commit Baseaddress: EB0000 Size: 200704 Protection: execute Mapped to pid: own pid | success or wait | 639789682 |
Section loaded | Path: C:\WINDOWS\system32\ir32_32.dll Access: query and read Type: commit Baseaddress: EB0000 Size: 200704 Protection: readonly Mapped to pid: own pid | success or wait | 639793298 |
Process information queried | PID: 836 Info Class: DefaultHardErrorMode | success or wait | 639796337 |
Process information queried | PID: 836 Info Class: DefaultHardErrorMode | success or wait | 639799511 |
Section loaded | Path: C:\Program Files\Internet Explorer\iexplore.exe Access: write and read and execute Type: commit Baseaddress: 2640000 Size: 638976 Protection: execute Mapped to pid: own pid | success or wait | 639801402 |
Section loaded | Path: C:\Program Files\Internet Explorer\iexplore.exe Access: query and read Type: commit Baseaddress: 2640000 Size: 638976 Protection: readonly Mapped to pid: own pid | success or wait | 639806815 |
Process information queried | PID: 836 Info Class: DefaultHardErrorMode | success or wait | 639809882 |
Process information queried | PID: 836 Info Class: DefaultHardErrorMode | success or wait | 639820299 |
Section loaded | Path: C:\Program Files\Internet Explorer\iexplore.exe Access: write and read and execute Type: commit Baseaddress: 2640000 Size: 638976 Protection: execute Mapped to pid: own pid | success or wait | 639822213 |
Section loaded | Path: C:\Program Files\Internet Explorer\iexplore.exe Access: query and read Type: commit Baseaddress: 2640000 Size: 638976 Protection: readonly Mapped to pid: own pid | success or wait | 639825876 |
Process information queried | PID: 836 Info Class: DefaultHardErrorMode | success or wait | 639829307 |
Process information queried | PID: 836 Info Class: DefaultHardErrorMode | success or wait | 639837688 |
Process information queried | PID: 836 Info Class: DefaultHardErrorMode | success or wait | 639839966 |
Process information queried | PID: 836 Info Class: DefaultHardErrorMode | success or wait | 639896712 |
Process information queried | PID: 836 Info Class: DefaultHardErrorMode | success or wait | 639899262 |
Section loaded | Path: C:\Program Files\Internet Explorer\iexplore.exe Access: query and read Type: commit Baseaddress: 2510000 Size: 638976 Protection: readonly Mapped to pid: own pid | success or wait | 639899751 |
Process created | PID: 2472 Path: C:\Program Files\Internet Explorer\iexplore.exe Cmdline: C:\Program Files\Internet Explorer\IEXPLORE.EXE -Embedding Createflags: none | success or wait | 639907551 |
Process information queried | PID: 2472 Info Class: BasicInformation | success or wait | 639910230 |
Process information queried | PID: 2472 Info Class: BasicInformation | success or wait | 639919659 |
Process information queried | PID: 2472 Info Class: ImageFileName | success or wait | 640940347 |
Process information queried | PID: 836 Info Class: DeviceMap | success or wait | 640941105 |
Process information queried | PID: 836 Info Class: DeviceMap | success or wait | 640941592 |
Memory read | PID: 2472 Path: C:\Program Files\Internet Explorer\iexplore.exe Base: 7FFDF000 Length: 2860 Value: FF FF FF FF 00 00 14 00 00 20 13 00 00 00 00 00 00 1E 00 00 00 00 00 00 00 F0 FD 7F 00 00 00 00 A8 09 00 00 AC 09 00 00 00 00 00 00 00 00 00 00 00 D0 FD 7F 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 09 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | success or wait | 640942909 |
Memory read | PID: 2472 Path: C:\Program Files\Internet Explorer\iexplore.exe Base: 7FFDD000 Length: 488 Value: 00 00 00 00 FF FF FF FF 00 00 40 00 00 00 00 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FB 7F 00 10 FC 7F 00 20 FD 7F 01 00 00 00 00 00 00 00 00 00 00 00 00 80 9B 07 6D E8 FF FF 00 00 10 00 00 20 00 00 00 00 01 00 00 10 00 00 00 00 00 00 7C 03 00 00 10 D2 FD 7F 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05 00 00 00 01 00 00 00 28 0A 00 03 02 00 00 00 02 00 00 00 05 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | success or wait | 640946949 |
Memory read | PID: 2472 Path: C:\Program Files\Internet Explorer\iexplore.exe Base: 40003C Length: 4 Value: E0 00 00 00 | success or wait | 640947949 |
Memory read | PID: 2472 Path: C:\Program Files\Internet Explorer\iexplore.exe Base: 4000F8 Length: 24 Value: 0B 01 08 00 00 A0 00 00 00 04 09 00 00 00 00 00 25 1A 00 00 00 10 00 00 | success or wait | 640948333 |
Memory allocated | PID: 2472 Path: C:\Program Files\Internet Explorer\iexplore.exe Base: BAD0000 Length: ADF3F8 Allocation Type: unknown Protection: page execute and read and write | success or wait | 640949114 |
Memory attributes changed | PID: 2472 Path: C:\Program Files\Internet Explorer\iexplore.exe Base: BAD0000 Length: 4D000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 640949531 |
Memory attributes changed | PID: 2472 Path: C:\Program Files\Internet Explorer\iexplore.exe Base: BAD0000 Length: 4D000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 640949981 |
Memory attributes changed | PID: 2472 Path: C:\Program Files\Internet Explorer\iexplore.exe Base: BAD0000 Length: 4D000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 640950400 |
Memory written | PID: 2472 Path: C:\Program Files\Internet Explorer\iexplore.exe Base: BAD0000 Length: 315392 Value: 4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF 00 00 B8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4C 01 02 00 9B 20 34 4D 00 00 00 00 00 00 00 00 E0 00 02 01 0B 01 0A 00 00 8C 04 00 00 22 00 00 00 00 00 00 72 44 02 00 00 10 00 | success or wait | 640969655 |
Memory read | PID: 2472 Path: C:\Program Files\Internet Explorer\iexplore.exe Base: 401A25 Length: 5 Value: E8 87 FD FF FF | success or wait | 640973067 |
Memory attributes changed | PID: 2472 Path: C:\Program Files\Internet Explorer\iexplore.exe Base: BAFC520 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 640975044 |
Memory written | PID: 2472 Path: C:\Program Files\Internet Explorer\iexplore.exe Base: BAFC520 Length: 417 Value: 25 1A 40 00 AF 4A AF 0B E8 87 FD FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05 00 00 00 00 00 40 00 00 00 00 00 E9 85 30 6F 0B 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 43 3A 5C 50 72 6F 67 72 61 6D 20 46 69 6C 65 73 5C 49 6E 74 65 72 6E 65 74 20 45 78 70 6C 6F 72 65 72 5C 69 65 78 70 6C 6F 72 65 2E 65 78 65 00 78 70 6C 6F 72 65 72 5C 69 65 78 70 6C 6F 72 65 2E 65 78 65 00 2C 15 00 00 00 00 00 F9 8B 00 00 00 00 00 00 FF FF FF FF FF FF FF 7F 01 00 00 00 02 00 00 00 F4 01 00 00 98 01 | success or wait | 640990897 |
Memory attributes changed | PID: 2472 Path: C:\Program Files\Internet Explorer\iexplore.exe Base: 401A25 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 640991734 |
Memory written | PID: 2472 Path: C:\Program Files\Internet Explorer\iexplore.exe Base: 401A25 Length: 5 Value: E9 85 30 6F 0B | success or wait | 641006537 |
Thread resumed | TID: 2476 PID: 2472 Path: C:\Program Files\Internet Explorer\iexplore.exe | success or wait | 641007288 |
Mutant created | Name: \BaseNamedObjects\ofjwkwufhdjfgki | object name exists | 695413456 |
File opened | Path: \pipe\globpluginspipe Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: none Content Overwritten: null | pipe not available | 695432791 |
File read | Path: \globpluginspipe Offset: unknown Length: 4 Value: 41 0C 02 00 | success or wait | 696129647 |
File read | Path: \globpluginspipe Offset: unknown Length: 134209 Value: 67 6C 6F 62 70 6C 75 67 69 6E 73 00 04 00 00 00 72 73 74 5F 31 5F 31 00 00 0C 02 00 4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF 00 00 B8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 E8 00 00 00 0E 1F BA 0E 00 B4 09 CD | success or wait | 697683058 |
Memory allocated | PID: 836 Path: C:\WINDOWS\system32\svchost.exe Base: F80000 Length: FFFF08 Allocation Type: unknown Protection: page execute and read and write | success or wait | 697829464 |
Memory allocated | PID: 836 Path: C:\WINDOWS\system32\svchost.exe Base: EC0000 Length: FFFE54 Allocation Type: unknown Protection: page read and write | success or wait | 697879165 |
Memory allocated | PID: 836 Path: C:\WINDOWS\system32\svchost.exe Base: EC0000 Length: FFFE58 Allocation Type: unknown Protection: page read and write | success or wait | 697881100 |
Memory allocated | PID: 836 Path: C:\WINDOWS\system32\svchost.exe Base: EC1000 Length: FFFB34 Allocation Type: unknown Protection: page read and write | success or wait | 697882612 |
Process information queried | PID: 836 Info Class: Cookie | success or wait | 697884156 |
Process information queried | PID: 836 Info Class: Cookie | success or wait | 697884924 |
Process information queried | PID: 836 Info Class: Cookie | success or wait | 697885583 |
Process information queried | PID: 836 Info Class: Cookie | success or wait | 697886310 |
Process information queried | PID: 836 Info Class: Cookie | success or wait | 697887723 |
Process information queried | PID: 836 Info Class: Cookie | success or wait | 697889326 |
Process information queried | PID: 836 Info Class: Cookie | success or wait | 697891947 |
Process information queried | PID: 836 Info Class: Cookie | success or wait | 697893106 |
Process information queried | PID: 836 Info Class: Cookie | success or wait | 697894598 |
Process information queried | PID: 836 Info Class: Cookie | success or wait | 697953885 |
Process information queried | PID: 836 Info Class: Cookie | success or wait | 697954743 |
Process information queried | PID: 836 Info Class: Cookie | success or wait | 697955702 |
Process information queried | PID: 836 Info Class: Cookie | success or wait | 697956055 |
Process information queried | PID: 836 Info Class: Cookie | success or wait | 697956166 |
Process information queried | PID: 836 Info Class: Cookie | success or wait | 697956276 |
Process information queried | PID: 836 Info Class: Cookie | success or wait | 697956387 |
Process information queried | PID: 836 Info Class: Cookie | success or wait | 697956483 |
Process information queried | PID: 836 Info Class: Cookie | success or wait | 697956580 |
Process information queried | PID: 836 Info Class: Cookie | success or wait | 697956677 |
Process information queried | PID: 836 Info Class: Cookie | success or wait | 697956778 |
Process information queried | PID: 836 Info Class: Cookie | success or wait | 697956921 |
Process information queried | PID: 836 Info Class: Cookie | success or wait | 697957023 |
Process information queried | PID: 836 Info Class: Cookie | success or wait | 697957127 |
Process information queried | PID: 836 Info Class: Cookie | success or wait | 697957230 |
Process information queried | PID: 836 Info Class: Cookie | success or wait | 697957354 |
Process information queried | PID: 836 Info Class: Cookie | success or wait | 697957462 |
Process information queried | PID: 836 Info Class: Cookie | success or wait | 697957571 |
Process information queried | PID: 836 Info Class: Cookie | success or wait | 697957678 |
Process information queried | PID: 836 Info Class: Cookie | success or wait | 697957758 |
Process information queried | PID: 836 Info Class: Cookie | success or wait | 697957866 |
Process information queried | PID: 836 Info Class: Cookie | success or wait | 697957974 |
Process information queried | PID: 836 Info Class: Cookie | success or wait | 697958082 |
Process information queried | PID: 836 Info Class: Cookie | success or wait | 697958192 |
Process information queried | PID: 836 Info Class: Cookie | success or wait | 697958299 |
Process information queried | PID: 836 Info Class: Cookie | success or wait | 697958407 |
Process information queried | PID: 836 Info Class: Cookie | success or wait | 697958515 |
Process information queried | PID: 836 Info Class: Cookie | success or wait | 697958625 |
Process information queried | PID: 836 Info Class: Cookie | success or wait | 697958743 |
Process information queried | PID: 836 Info Class: Cookie | success or wait | 697958855 |
Process information queried | PID: 836 Info Class: Cookie | success or wait | 697958963 |
Process information queried | PID: 836 Info Class: Cookie | success or wait | 697959073 |
Process information queried | PID: 836 Info Class: Cookie | success or wait | 697959180 |
Process information queried | PID: 836 Info Class: Cookie | success or wait | 697959288 |
Process information queried | PID: 836 Info Class: Cookie | success or wait | 697959396 |
Process information queried | PID: 836 Info Class: Cookie | success or wait | 697959504 |
Process information queried | PID: 836 Info Class: Cookie | success or wait | 697959611 |
Process information queried | PID: 836 Info Class: Cookie | success or wait | 697959719 |
Process information queried | PID: 836 Info Class: Cookie | success or wait | 697959827 |
Process information queried | PID: 836 Info Class: Cookie | success or wait | 697959936 |
Process information queried | PID: 836 Info Class: Cookie | success or wait | 697960043 |
Thread created | PID: 836 TID: 2720 EIP: 7C8106F9 Imagepath: C:\WINDOWS\system32\svchost.exe | success or wait | 697995943 |
Thread resumed | TID: 2720 PID: 836 Path: C:\WINDOWS\system32\svchost.exe | success or wait | 697996230 |
Thread created | PID: 836 TID: 2768 EIP: 7C8106F9 Imagepath: C:\WINDOWS\system32\svchost.exe | success or wait | 697996906 |
Thread resumed | TID: 2768 PID: 836 Path: C:\WINDOWS\system32\svchost.exe | success or wait | 697997166 |
Mutant created | Name: \BaseNamedObjects\ofjwkwufhdjfgki | object name exists | 816721141 |
File read | Path: \globpluginspipe Offset: unknown Length: 4 Value: 41 0C 02 00 | success or wait | 816725905 |
File read | Path: \globpluginspipe Offset: unknown Length: 134209 Value: 67 6C 6F 62 70 6C 75 67 69 6E 73 00 04 00 00 00 72 73 74 5F 31 5F 31 00 00 0C 02 00 4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF 00 00 B8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 E8 00 00 00 0E 1F BA 0E 00 B4 09 CD | success or wait | 816743674 |
Sections | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
File Activities:
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Section Activities:
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Mutant Activities:
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Process Activities:
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Thread Activities:
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Memory Activities:
|
Chronological sections | |||
Operation | Data | Completion | Time |
Section loaded | Path: \KnownDlls\CRYPT32.dll Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 543592425 |
Section loaded | Path: C:\WINDOWS\system32\crypt32.dll Access: query and write and read and execute Type: image Baseaddress: 77A80000 Size: 610304 Protection: read write Mapped to pid: own pid | success or wait | 543653695 |
Section loaded | Path: \KnownDlls\MSASN1.dll Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 548308432 |
Section loaded | Path: C:\WINDOWS\system32\msasn1.dll Access: query and write and read and execute Type: image Baseaddress: 77B20000 Size: 73728 Protection: read write Mapped to pid: own pid | success or wait | 548757701 |
Section loaded | Path: \KnownDlls\WININET.dll Access: write and read and execute Type: unknown Baseaddress: 3D930000 Size: 942080 Protection: read write Mapped to pid: own pid | success or wait | 550486690 |
Section loaded | Path: \KnownDlls\Normaliz.dll Access: write and read and execute Type: unknown Baseaddress: BF0000 Size: 36864 Protection: read write Mapped to pid: own pid | conflicting addresses | 550616380 |
Section loaded | Path: \KnownDlls\urlmon.dll Access: write and read and execute Type: unknown Baseaddress: 78130000 Size: 1257472 Protection: read write Mapped to pid: own pid | success or wait | 553177771 |
Section loaded | Path: \KnownDlls\iertutil.dll Access: write and read and execute Type: unknown Baseaddress: 3DFD0000 Size: 2002944 Protection: read write Mapped to pid: own pid | success or wait | 554577075 |
Memory attributes changed | PID: 912 Path: C:\WINDOWS\system32\svchost.exe Base: 7C90D76E Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 556923052 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1eacdc4 | success or wait | 556951484 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 4 Value: D0 00 00 00 | success or wait | 556954207 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@6b29e6 | success or wait | 558053790 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 20 Value: 4C 01 04 00 7D F2 00 4D 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 558069360 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 D0 07 00 00 3C 03 00 00 00 00 00 F8 20 01 00 00 10 00 00 00 90 07 00 00 00 90 7C 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 0A 00 00 00 00 00 00 20 0B 00 00 04 00 00 30 FD 0A 00 03 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 34 00 00 | success or wait | 558073652 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@18bea70 | success or wait | 558077392 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 DA CE 07 00 00 10 00 00 00 D0 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 20 4A 00 00 00 E0 07 00 00 32 00 00 00 D4 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 78 BE 02 00 00 30 08 00 00 C0 02 00 | success or wait | 558090420 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@cca07b | success or wait | 558132324 |
Section loaded | Path: C:\WINDOWS\system32\ntdll.dll Access: query and read Type: commit Baseaddress: D60000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 558134990 |
Memory attributes changed | PID: 912 Path: C:\WINDOWS\system32\svchost.exe Base: 7C90D76E Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 558173414 |
Memory attributes changed | PID: 912 Path: C:\WINDOWS\system32\svchost.exe Base: BAFCD70 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 558191562 |
Memory attributes changed | PID: 912 Path: C:\WINDOWS\system32\svchost.exe Base: 7C90DF1E Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 558194301 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1eacdc4 | success or wait | 558225413 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 4 Value: D0 00 00 00 | success or wait | 558228342 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@6b29e6 | success or wait | 558238711 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 20 Value: 4C 01 04 00 7D F2 00 4D 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 558241023 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 D0 07 00 00 3C 03 00 00 00 00 00 F8 20 01 00 00 10 00 00 00 90 07 00 00 00 90 7C 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 0A 00 00 00 00 00 00 20 0B 00 00 04 00 00 30 FD 0A 00 03 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 34 00 00 | success or wait | 558244870 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@18bea70 | success or wait | 558247765 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 DA CE 07 00 00 10 00 00 00 D0 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 20 4A 00 00 00 E0 07 00 00 32 00 00 00 D4 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 78 BE 02 00 00 30 08 00 00 C0 02 00 | success or wait | 558250748 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@cca07b | success or wait | 558253984 |
Section loaded | Path: C:\WINDOWS\system32\ntdll.dll Access: query and read Type: commit Baseaddress: D60000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 558256567 |
Memory attributes changed | PID: 912 Path: C:\WINDOWS\system32\svchost.exe Base: 7C90DF1E Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 559601528 |
Memory attributes changed | PID: 912 Path: C:\WINDOWS\system32\svchost.exe Base: BB17110 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 559637913 |
Memory attributes changed | PID: 912 Path: C:\WINDOWS\system32\svchost.exe Base: 7C90D2EE Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 559646482 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1eacdc4 | success or wait | 559678259 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 4 Value: D0 00 00 00 | success or wait | 559692154 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@6b29e6 | success or wait | 559700247 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 20 Value: 4C 01 04 00 7D F2 00 4D 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 559711642 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 D0 07 00 00 3C 03 00 00 00 00 00 F8 20 01 00 00 10 00 00 00 90 07 00 00 00 90 7C 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 0A 00 00 00 00 00 00 20 0B 00 00 04 00 00 30 FD 0A 00 03 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 34 00 00 | success or wait | 559723064 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@18bea70 | success or wait | 559749848 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 DA CE 07 00 00 10 00 00 00 D0 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 20 4A 00 00 00 E0 07 00 00 32 00 00 00 D4 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 78 BE 02 00 00 30 08 00 00 C0 02 00 | success or wait | 559757740 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@cca07b | success or wait | 559764244 |
Section loaded | Path: C:\WINDOWS\system32\ntdll.dll Access: query and read Type: commit Baseaddress: D60000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 559785247 |
Memory attributes changed | PID: 912 Path: C:\WINDOWS\system32\svchost.exe Base: 7C90D2EE Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 559917387 |
Memory attributes changed | PID: 912 Path: C:\WINDOWS\system32\svchost.exe Base: BB02A80 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 559923474 |
Memory attributes changed | PID: 912 Path: C:\WINDOWS\system32\svchost.exe Base: 7C90DB3E Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 559930944 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1eacdc4 | success or wait | 563835732 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 4 Value: D0 00 00 00 | success or wait | 563847632 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@6b29e6 | success or wait | 563850830 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 20 Value: 4C 01 04 00 7D F2 00 4D 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 563853264 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 D0 07 00 00 3C 03 00 00 00 00 00 F8 20 01 00 00 10 00 00 00 90 07 00 00 00 90 7C 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 0A 00 00 00 00 00 00 20 0B 00 00 04 00 00 30 FD 0A 00 03 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 34 00 00 | success or wait | 563857133 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@18bea70 | success or wait | 563860094 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 DA CE 07 00 00 10 00 00 00 D0 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 20 4A 00 00 00 E0 07 00 00 32 00 00 00 D4 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 78 BE 02 00 00 30 08 00 00 C0 02 00 | success or wait | 563876150 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@cca07b | success or wait | 563884137 |
Section loaded | Path: C:\WINDOWS\system32\ntdll.dll Access: query and read Type: commit Baseaddress: D60000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 563898673 |
Memory attributes changed | PID: 912 Path: C:\WINDOWS\system32\svchost.exe Base: 7C90DB3E Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 564058641 |
Memory attributes changed | PID: 912 Path: C:\WINDOWS\system32\svchost.exe Base: BB169A8 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 564069566 |
Memory attributes changed | PID: 912 Path: C:\WINDOWS\system32\svchost.exe Base: 7C91632D Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 564073243 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1eacdc4 | success or wait | 564162610 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 4 Value: D0 00 00 00 | success or wait | 564166877 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@6b29e6 | success or wait | 564180837 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 20 Value: 4C 01 04 00 7D F2 00 4D 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 564184531 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 D0 07 00 00 3C 03 00 00 00 00 00 F8 20 01 00 00 10 00 00 00 90 07 00 00 00 90 7C 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 0A 00 00 00 00 00 00 20 0B 00 00 04 00 00 30 FD 0A 00 03 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 34 00 00 | success or wait | 564201926 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@18bea70 | success or wait | 564206519 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 DA CE 07 00 00 10 00 00 00 D0 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 20 4A 00 00 00 E0 07 00 00 32 00 00 00 D4 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 78 BE 02 00 00 30 08 00 00 C0 02 00 | success or wait | 564209590 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@cca07b | success or wait | 564225054 |
Section loaded | Path: C:\WINDOWS\system32\ntdll.dll Access: query and read Type: commit Baseaddress: D60000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 564266099 |
Memory attributes changed | PID: 912 Path: C:\WINDOWS\system32\svchost.exe Base: 7C91632D Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 564304940 |
Memory attributes changed | PID: 912 Path: C:\WINDOWS\system32\svchost.exe Base: BB031F0 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 564308814 |
Memory attributes changed | PID: 912 Path: C:\WINDOWS\system32\svchost.exe Base: 7E418BF6 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 564323244 |
File other op | Path: C:\WINDOWS\system32\user32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@3c0965 | success or wait | 564532860 |
File read | Path: C:\WINDOWS\system32\user32.dll Offset: unknown Length: 4 Value: D8 00 00 00 | success or wait | 564547297 |
File other op | Path: C:\WINDOWS\system32\user32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@18cef0a | success or wait | 564564507 |
File read | Path: C:\WINDOWS\system32\user32.dll Offset: unknown Length: 20 Value: 4C 01 04 00 1B A1 02 48 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 564583980 |
File read | Path: C:\WINDOWS\system32\user32.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 F4 05 00 00 E2 02 00 00 00 00 00 17 B2 00 00 00 10 00 00 00 B0 05 00 00 00 41 7E 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 00 00 00 00 00 00 00 10 09 00 00 04 00 00 76 FC 08 00 02 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 39 00 00 | success or wait | 564630438 |
File other op | Path: C:\WINDOWS\system32\user32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1a18493 | success or wait | 564683939 |
File read | Path: C:\WINDOWS\system32\user32.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 83 F2 05 00 00 10 00 00 00 F4 05 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 80 11 00 00 00 10 06 00 00 0C 00 00 00 F8 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 88 A0 02 00 00 30 06 00 00 A2 02 00 | success or wait | 564693278 |
File other op | Path: C:\WINDOWS\system32\user32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@106fbd7 | success or wait | 564705288 |
Section loaded | Path: C:\WINDOWS\system32\user32.dll Access: query and read Type: commit Baseaddress: D60000 Size: 57344 Protection: readonly Mapped to pid: own pid | success or wait | 564720145 |
Memory attributes changed | PID: 912 Path: C:\WINDOWS\system32\svchost.exe Base: 7E418BF6 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 564803080 |
Memory attributes changed | PID: 912 Path: C:\WINDOWS\system32\svchost.exe Base: BB02140 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 564815659 |
File opened | Path: C:\skhfushjflw\config.bin Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: normal Content Overwritten: null | success or wait | 564844144 |
File read | Path: C:\skhfushjflw\config.bin Offset: unknown Length: 74019 Value: 50 5F A6 6E 46 82 4F 8B 57 93 A9 9E 12 94 50 94 50 94 50 94 50 94 65 A2 66 A2 68 AC 79 BD E4 97 C1 E3 88 2B 9D C5 E2 92 23 B3 04 C0 03 7C B1 2A B3 BE CE AD 37 FD 39 FD 3B 6B 1F 81 21 06 02 04 95 44 7B 58 4F 33 E4 CF A8 3F D4 7E 21 05 7D B3 67 3E 96 B1 22 34 C2 F2 16 A5 36 26 B2 39 84 48 E5 22 EE 43 | success or wait | 564890163 |
Memory attributes changed | PID: 912 Path: C:\WINDOWS\system32\svchost.exe Base: 3D949088 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 565800514 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: null | success or wait | 565930184 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@17ff759 | success or wait | 565960344 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 565974736 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@d6c6ea | success or wait | 566003368 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 566013745 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 566024238 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@9d3f8b | success or wait | 566053148 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 566061575 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1b6c732 | success or wait | 566210067 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: D60000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 566267348 |
Memory attributes changed | PID: 912 Path: C:\WINDOWS\system32\svchost.exe Base: 3D949088 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 566759419 |
Memory attributes changed | PID: 912 Path: C:\WINDOWS\system32\svchost.exe Base: BB17598 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 566767742 |
Memory attributes changed | PID: 912 Path: C:\WINDOWS\system32\svchost.exe Base: 3D95EE89 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 567684002 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: null | success or wait | 567786831 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@17ff759 | success or wait | 567836588 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 567857540 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@d6c6ea | success or wait | 567866845 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 567875305 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 567922187 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@9d3f8b | success or wait | 567933398 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 568051393 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1b6c732 | success or wait | 568062638 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: D60000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 568071312 |
Memory attributes changed | PID: 912 Path: C:\WINDOWS\system32\svchost.exe Base: 3D95EE89 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 568183451 |
Memory attributes changed | PID: 912 Path: C:\WINDOWS\system32\svchost.exe Base: BB16B68 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 568214236 |
Memory attributes changed | PID: 912 Path: C:\WINDOWS\system32\svchost.exe Base: 3D94FABE Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 568223552 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: null | success or wait | 568375637 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@17ff759 | success or wait | 568622847 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 568631464 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@d6c6ea | success or wait | 568639656 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 568652836 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 568661979 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@9d3f8b | success or wait | 568675141 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 568690547 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1b6c732 | success or wait | 568703500 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: D60000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 568713349 |
Memory attributes changed | PID: 912 Path: C:\WINDOWS\system32\svchost.exe Base: 3D94FABE Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 568861981 |
Memory attributes changed | PID: 912 Path: C:\WINDOWS\system32\svchost.exe Base: BAFC6D0 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 568883585 |
Memory attributes changed | PID: 912 Path: C:\WINDOWS\system32\svchost.exe Base: 3D9A608E Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 568932956 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: null | success or wait | 569018198 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@17ff759 | success or wait | 569046846 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 569163072 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@d6c6ea | success or wait | 569171838 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 569180823 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 569190590 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@9d3f8b | success or wait | 569198293 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 569206721 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1b6c732 | success or wait | 569220170 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: D60000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 569228291 |
Memory attributes changed | PID: 912 Path: C:\WINDOWS\system32\svchost.exe Base: 3D9A608E Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 569320588 |
Memory attributes changed | PID: 912 Path: C:\WINDOWS\system32\svchost.exe Base: BB05EA0 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 569335004 |
File opened | Path: C:\skhfushjflw\config.bin Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: normal Content Overwritten: null | success or wait | 569366680 |
File read | Path: C:\skhfushjflw\config.bin Offset: unknown Length: 74019 Value: 50 5F A6 6E 46 82 4F 8B 57 93 A9 9E 12 94 50 94 50 94 50 94 50 94 65 A2 66 A2 68 AC 79 BD E4 97 C1 E3 88 2B 9D C5 E2 92 23 B3 04 C0 03 7C B1 2A B3 BE CE AD 37 FD 39 FD 3B 6B 1F 81 21 06 02 04 95 44 7B 58 4F 33 E4 CF A8 3F D4 7E 21 05 7D B3 67 3E 96 B1 22 34 C2 F2 16 A5 36 26 B2 39 84 48 E5 22 EE 43 | success or wait | 569611793 |
Memory attributes changed | PID: 912 Path: C:\WINDOWS\system32\svchost.exe Base: 3D94D508 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 570408862 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: null | success or wait | 570557257 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@17ff759 | success or wait | 570670935 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 570883249 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@d6c6ea | success or wait | 570896006 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 570904128 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 570915727 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@9d3f8b | success or wait | 571027071 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 571038000 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1b6c732 | success or wait | 571043633 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: D60000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 571049610 |
Memory attributes changed | PID: 912 Path: C:\WINDOWS\system32\svchost.exe Base: 3D94D508 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 571105529 |
Memory attributes changed | PID: 912 Path: C:\WINDOWS\system32\svchost.exe Base: BB06620 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 571108572 |
Memory attributes changed | PID: 912 Path: C:\WINDOWS\system32\svchost.exe Base: 3D94CF4E Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 571112226 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: null | success or wait | 571121548 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@17ff759 | success or wait | 571124821 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 571128183 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@d6c6ea | success or wait | 571131737 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 571136603 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 571144896 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@9d3f8b | success or wait | 571154206 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 571161919 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1b6c732 | success or wait | 571169738 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: D60000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 571177504 |
Memory attributes changed | PID: 912 Path: C:\WINDOWS\system32\svchost.exe Base: 3D94CF4E Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 571881174 |
Memory attributes changed | PID: 912 Path: C:\WINDOWS\system32\svchost.exe Base: BB17758 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 571890219 |
Memory attributes changed | PID: 912 Path: C:\WINDOWS\system32\svchost.exe Base: 3D94878D Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 571895462 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: null | success or wait | 571910390 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@17ff759 | success or wait | 571915225 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 571931069 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@d6c6ea | success or wait | 571934135 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 571973054 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 571976462 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@9d3f8b | success or wait | 571980810 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 571983947 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1b6c732 | success or wait | 571986903 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: D60000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 571989722 |
Memory attributes changed | PID: 912 Path: C:\WINDOWS\system32\svchost.exe Base: 3D94878D Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 572075645 |
Memory attributes changed | PID: 912 Path: C:\WINDOWS\system32\svchost.exe Base: BB033B0 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 572078303 |
Memory attributes changed | PID: 912 Path: C:\WINDOWS\system32\svchost.exe Base: 3D940049 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 572081330 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: null | success or wait | 572091069 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@17ff759 | success or wait | 572095754 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 572100973 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@d6c6ea | success or wait | 572105182 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 572107786 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 572110511 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@9d3f8b | success or wait | 572123903 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 572127913 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1b6c732 | success or wait | 572129911 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: D60000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 572132403 |
Memory attributes changed | PID: 912 Path: C:\WINDOWS\system32\svchost.exe Base: 3D940049 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 572198021 |
Memory attributes changed | PID: 912 Path: C:\WINDOWS\system32\svchost.exe Base: BB17AA8 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 572200466 |
Memory attributes changed | PID: 912 Path: C:\WINDOWS\system32\svchost.exe Base: 3D94BF83 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 572203048 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: null | success or wait | 572215648 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@17ff759 | success or wait | 572218048 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 572220638 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@d6c6ea | success or wait | 572224145 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 572226566 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 572264031 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@9d3f8b | success or wait | 572267160 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 572281400 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1b6c732 | success or wait | 572294757 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: D60000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 572297344 |
Memory attributes changed | PID: 912 Path: C:\WINDOWS\system32\svchost.exe Base: 3D94BF83 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 572678661 |
Memory attributes changed | PID: 912 Path: C:\WINDOWS\system32\svchost.exe Base: BB02C30 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 572683023 |
Memory attributes changed | PID: 912 Path: C:\WINDOWS\system32\svchost.exe Base: 3D94654B Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 572688154 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: null | success or wait | 572700780 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@17ff759 | success or wait | 572714256 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 572717084 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@d6c6ea | success or wait | 572719769 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 572721991 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 572724162 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@9d3f8b | success or wait | 572739190 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 573049659 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1b6c732 | success or wait | 573054484 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: D60000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 573057593 |
Memory attributes changed | PID: 912 Path: C:\WINDOWS\system32\svchost.exe Base: 3D94654B Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 573111940 |
Memory attributes changed | PID: 912 Path: C:\WINDOWS\system32\svchost.exe Base: BB035C0 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 573127883 |
Memory attributes changed | PID: 912 Path: C:\WINDOWS\system32\svchost.exe Base: 3D963381 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 573130130 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: null | success or wait | 573138188 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@17ff759 | success or wait | 573154582 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 573156756 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@d6c6ea | success or wait | 573160032 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 573162818 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 573200770 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@9d3f8b | success or wait | 573203264 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 573206600 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1b6c732 | success or wait | 573208905 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: D60000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 573211828 |
Memory attributes changed | PID: 912 Path: C:\WINDOWS\system32\svchost.exe Base: 3D963381 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 573271350 |
Memory attributes changed | PID: 912 Path: C:\WINDOWS\system32\svchost.exe Base: BAFCB48 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 573274932 |
Memory attributes changed | PID: 912 Path: C:\WINDOWS\system32\svchost.exe Base: 71AB4C27 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 573277495 |
File other op | Path: C:\WINDOWS\system32\ws2_32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@cfc659 | success or wait | 573302558 |
File read | Path: C:\WINDOWS\system32\ws2_32.dll Offset: unknown Length: 4 Value: F0 00 00 00 | success or wait | 573304707 |
File other op | Path: C:\WINDOWS\system32\ws2_32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@e707bb | success or wait | 573307117 |
File read | Path: C:\WINDOWS\system32\ws2_32.dll Offset: unknown Length: 20 Value: 4C 01 04 00 63 A1 02 48 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 573309237 |
File read | Path: C:\WINDOWS\system32\ws2_32.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 22 01 00 00 1C 00 00 00 00 00 00 73 12 00 00 00 10 00 00 00 20 01 00 00 00 AB 71 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 0A 00 00 00 00 00 00 70 01 00 00 04 00 00 20 F0 01 00 03 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 04 14 00 00 | success or wait | 573363377 |
File other op | Path: C:\WINDOWS\system32\ws2_32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1acb189 | success or wait | 573370086 |
File read | Path: C:\WINDOWS\system32\ws2_32.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 53 21 01 00 00 10 00 00 00 22 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 14 09 00 00 00 40 01 00 00 0A 00 00 00 26 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 F8 03 00 00 00 50 01 00 00 04 00 00 | success or wait | 573378462 |
File other op | Path: C:\WINDOWS\system32\ws2_32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@bb9f5b | success or wait | 573386531 |
Section loaded | Path: C:\WINDOWS\system32\ws2_32.dll Access: query and read Type: commit Baseaddress: D60000 Size: 20480 Protection: readonly Mapped to pid: own pid | success or wait | 573395021 |
Memory attributes changed | PID: 912 Path: C:\WINDOWS\system32\svchost.exe Base: 71AB4C27 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 573466557 |
File opened | Path: C:\WINDOWS\system32\ADVAPI32.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: null | success or wait | 573499094 |
File other op | Path: C:\WINDOWS\system32\advapi32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1db4c43 | success or wait | 573546695 |
File read | Path: C:\WINDOWS\system32\advapi32.dll Offset: unknown Length: 4 Value: F0 00 00 00 | success or wait | 573552798 |
File other op | Path: C:\WINDOWS\system32\advapi32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@6bcef1 | success or wait | 573559152 |
File read | Path: C:\WINDOWS\system32\advapi32.dll Offset: unknown Length: 20 Value: 4C 01 04 00 48 1D 90 49 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 573585683 |
File read | Path: C:\WINDOWS\system32\advapi32.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 46 07 00 00 3E 02 00 00 00 00 00 0B 71 00 00 00 10 00 00 00 20 07 00 00 00 DD 77 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 00 00 00 00 00 00 00 B0 09 00 00 04 00 00 B8 5B 0A 00 03 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 A4 16 00 00 | success or wait | 573593697 |
File other op | Path: C:\WINDOWS\system32\advapi32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1df503b | success or wait | 573601133 |
File read | Path: C:\WINDOWS\system32\advapi32.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 C9 45 07 00 00 10 00 00 00 46 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 28 46 00 00 00 60 07 00 00 2C 00 00 00 4A 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 80 A9 01 00 00 B0 07 00 00 AA 01 00 | success or wait | 573607560 |
File other op | Path: C:\WINDOWS\system32\advapi32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@c5dbb | success or wait | 573613621 |
Section loaded | Path: C:\WINDOWS\system32\advapi32.dll Access: query and read Type: commit Baseaddress: D60000 Size: 28672 Protection: readonly Mapped to pid: own pid | success or wait | 573618935 |
File opened | Path: C:\WINDOWS\system32\CRYPT32.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: null | success or wait | 574527817 |
File other op | Path: C:\WINDOWS\system32\crypt32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1ddc3ea | success or wait | 574553706 |
File read | Path: C:\WINDOWS\system32\crypt32.dll Offset: unknown Length: 4 Value: F0 00 00 00 | success or wait | 574568228 |
File other op | Path: C:\WINDOWS\system32\crypt32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@6963b0 | success or wait | 574573403 |
File read | Path: C:\WINDOWS\system32\crypt32.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D7 A0 02 48 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 574578314 |
File read | Path: C:\WINDOWS\system32\crypt32.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 44 08 00 00 DC 00 00 00 00 00 00 32 16 00 00 00 10 00 00 00 20 08 00 00 00 A8 77 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 00 00 00 00 00 00 00 50 09 00 00 04 00 00 30 C5 09 00 02 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 9C 1A 00 00 | success or wait | 574605653 |
File other op | Path: C:\WINDOWS\system32\crypt32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@10fe215 | success or wait | 574612249 |
File read | Path: C:\WINDOWS\system32\crypt32.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 C4 43 08 00 00 10 00 00 00 44 08 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 E8 23 00 00 00 60 08 00 00 24 00 00 00 48 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 50 67 00 00 00 90 08 00 00 68 00 00 | success or wait | 574618110 |
File other op | Path: C:\WINDOWS\system32\crypt32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1c3d34b | success or wait | 574625544 |
Section loaded | Path: C:\WINDOWS\system32\crypt32.dll Access: query and read Type: commit Baseaddress: D60000 Size: 77824 Protection: readonly Mapped to pid: own pid | success or wait | 574631175 |
Mutant created | Name: \BaseNamedObjects\WTFGQ7AIWawyMYWWRAk3SWXkgj39MdG | access denied | 574830967 |
Thread created | PID: 912 TID: 3888 EIP: 7C8106F9 Imagepath: C:\WINDOWS\system32\svchost.exe | success or wait | 574898179 |
Thread resumed | TID: 3888 PID: 912 Path: C:\WINDOWS\system32\svchost.exe | success or wait | 574906382 |
File opened | Path: \pipe\globpluginspipe Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: none Content Overwritten: null | object name not found | 574910291 |
Thread created | PID: 912 TID: 3908 EIP: 7C8106F9 Imagepath: C:\WINDOWS\system32\svchost.exe | success or wait | 574959034 |
Thread resumed | TID: 3908 PID: 912 Path: C:\WINDOWS\system32\svchost.exe | success or wait | 574965686 |
Thread delayed | Time: 0 TID: 3908 | success or wait | 574969762 |
Thread delayed | Time: 0 TID: 3908 | success or wait | 576716684 |
Thread delayed | Time: 0 TID: 3908 | success or wait | 578410761 |
Thread delayed | Time: 0 TID: 3908 | success or wait | 580084067 |
Thread delayed | Time: 0 TID: 3908 | success or wait | 582418074 |
Thread delayed | Time: 0 TID: 3908 | success or wait | 583829452 |
Thread delayed | Time: 0 TID: 3908 | success or wait | 585036200 |
Thread delayed | Time: 0 TID: 3908 | success or wait | 586635763 |
Thread delayed | Time: 0 TID: 3908 | success or wait | 587746127 |
Thread delayed | Time: 0 TID: 3908 | success or wait | 588865227 |
Thread delayed | Time: 0 TID: 3908 | success or wait | 589983807 |
Thread delayed | Time: 0 TID: 3908 | success or wait | 591102479 |
Thread delayed | Time: 0 TID: 3908 | success or wait | 592220842 |
Thread delayed | Time: 0 TID: 3908 | success or wait | 593339367 |
Thread delayed | Time: 0 TID: 3908 | success or wait | 594646308 |
Thread delayed | Time: 0 TID: 3908 | success or wait | 596040395 |
Thread delayed | Time: 0 TID: 3908 | success or wait | 597143357 |
Thread delayed | Time: 0 TID: 3908 | success or wait | 598274189 |
Thread delayed | Time: 0 TID: 3908 | success or wait | 599577810 |
Thread delayed | Time: 0 TID: 3908 | success or wait | 600672017 |
Thread delayed | Time: 0 TID: 3908 | success or wait | 601793399 |
Thread delayed | Time: 0 TID: 3908 | success or wait | 602914049 |
Thread delayed | Time: 0 TID: 3908 | success or wait | 604210367 |
Thread delayed | Time: 0 TID: 3908 | success or wait | 605417539 |
Thread delayed | Time: 0 TID: 3908 | success or wait | 606486224 |
Thread delayed | Time: 0 TID: 3908 | success or wait | 607604414 |
Thread delayed | Time: 0 TID: 3908 | success or wait | 608743185 |
Thread delayed | Time: 0 TID: 3908 | success or wait | 609841588 |
Thread delayed | Time: 0 TID: 3908 | success or wait | 610957936 |
Thread delayed | Time: 0 TID: 3908 | success or wait | 612076534 |
Thread delayed | Time: 0 TID: 3908 | success or wait | 613195440 |
Thread delayed | Time: 0 TID: 3908 | success or wait | 614316606 |
Thread delayed | Time: 0 TID: 3908 | success or wait | 615432475 |
Thread delayed | Time: 0 TID: 3908 | success or wait | 616551064 |
Thread delayed | Time: 0 TID: 3908 | success or wait | 617672575 |
Thread delayed | Time: 0 TID: 3908 | success or wait | 618788254 |
Thread delayed | Time: 0 TID: 3908 | success or wait | 619914165 |
Thread delayed | Time: 0 TID: 3908 | success or wait | 621025430 |
Thread delayed | Time: 0 TID: 3908 | success or wait | 622144330 |
Thread delayed | Time: 0 TID: 3908 | success or wait | 623262669 |
Thread delayed | Time: 0 TID: 3908 | success or wait | 624383975 |
Thread delayed | Time: 0 TID: 3908 | success or wait | 625499894 |
Thread delayed | Time: 0 TID: 3908 | success or wait | 626620585 |
Thread delayed | Time: 0 TID: 3908 | success or wait | 627737146 |
Thread delayed | Time: 0 TID: 3908 | success or wait | 628860079 |
Thread delayed | Time: 0 TID: 3908 | success or wait | 629975052 |
Thread delayed | Time: 0 TID: 3908 | success or wait | 631093249 |
Thread delayed | Time: 0 TID: 3908 | success or wait | 632211506 |
Thread delayed | Time: 0 TID: 3908 | success or wait | 633330162 |
Thread delayed | Time: 0 TID: 3908 | success or wait | 634456904 |
Mutant created | Name: \BaseNamedObjects\ofjwkwufhdjfgki | access denied | 697685299 |
File opened | Path: \pipe\globpluginspipe Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: none Content Overwritten: null | pipe not available | 697750855 |
File read | Path: \globpluginspipe Offset: unknown Length: 4 Value: 41 0C 02 00 | success or wait | 697931822 |
File read | Path: \globpluginspipe Offset: unknown Length: 134209 Value: 67 6C 6F 62 70 6C 75 67 69 6E 73 00 04 00 00 00 72 73 74 5F 31 5F 31 00 00 0C 02 00 4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF 00 00 B8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 E8 00 00 00 0E 1F BA 0E 00 B4 09 CD | success or wait | 698471994 |
Memory allocated | PID: 912 Path: C:\WINDOWS\system32\svchost.exe Base: B70000 Length: DDFF08 Allocation Type: unknown Protection: page execute and read and write | success or wait | 698733036 |
Memory allocated | PID: 912 Path: C:\WINDOWS\system32\svchost.exe Base: D60000 Length: DDFE54 Allocation Type: unknown Protection: page read and write | success or wait | 698738596 |
Memory allocated | PID: 912 Path: C:\WINDOWS\system32\svchost.exe Base: D60000 Length: DDFE58 Allocation Type: unknown Protection: page read and write | success or wait | 698739654 |
Memory allocated | PID: 912 Path: C:\WINDOWS\system32\svchost.exe Base: D61000 Length: DDFB34 Allocation Type: unknown Protection: page read and write | success or wait | 698740462 |
Process information queried | PID: 912 Info Class: Cookie | success or wait | 698741926 |
Process information queried | PID: 912 Info Class: Cookie | success or wait | 698743039 |
Process information queried | PID: 912 Info Class: Cookie | success or wait | 698743298 |
Process information queried | PID: 912 Info Class: Cookie | success or wait | 698743510 |
Process information queried | PID: 912 Info Class: Cookie | success or wait | 698743720 |
Process information queried | PID: 912 Info Class: Cookie | success or wait | 698743930 |
Process information queried | PID: 912 Info Class: Cookie | success or wait | 698744141 |
Process information queried | PID: 912 Info Class: Cookie | success or wait | 698744367 |
Process information queried | PID: 912 Info Class: Cookie | success or wait | 698744624 |
Process information queried | PID: 912 Info Class: Cookie | success or wait | 698745259 |
Process information queried | PID: 912 Info Class: Cookie | success or wait | 698745471 |
Process information queried | PID: 912 Info Class: Cookie | success or wait | 698745744 |
Process information queried | PID: 912 Info Class: Cookie | success or wait | 698745986 |
Process information queried | PID: 912 Info Class: Cookie | success or wait | 698746206 |
Process information queried | PID: 912 Info Class: Cookie | success or wait | 698746461 |
Process information queried | PID: 912 Info Class: Cookie | success or wait | 698746735 |
Process information queried | PID: 912 Info Class: Cookie | success or wait | 698746993 |
Process information queried | PID: 912 Info Class: Cookie | success or wait | 698747267 |
Process information queried | PID: 912 Info Class: Cookie | success or wait | 698747525 |
Process information queried | PID: 912 Info Class: Cookie | success or wait | 698747794 |
Process information queried | PID: 912 Info Class: Cookie | success or wait | 698748076 |
Process information queried | PID: 912 Info Class: Cookie | success or wait | 698748301 |
Process information queried | PID: 912 Info Class: Cookie | success or wait | 698748525 |
Process information queried | PID: 912 Info Class: Cookie | success or wait | 698748751 |
Process information queried | PID: 912 Info Class: Cookie | success or wait | 698749004 |
Process information queried | PID: 912 Info Class: Cookie | success or wait | 698749233 |
Process information queried | PID: 912 Info Class: Cookie | success or wait | 698749506 |
Process information queried | PID: 912 Info Class: Cookie | success or wait | 698749779 |
Process information queried | PID: 912 Info Class: Cookie | success or wait | 698750054 |
Process information queried | PID: 912 Info Class: Cookie | success or wait | 698750322 |
Process information queried | PID: 912 Info Class: Cookie | success or wait | 698750591 |
Process information queried | PID: 912 Info Class: Cookie | success or wait | 698750862 |
Process information queried | PID: 912 Info Class: Cookie | success or wait | 698751133 |
Process information queried | PID: 912 Info Class: Cookie | success or wait | 698751402 |
Process information queried | PID: 912 Info Class: Cookie | success or wait | 698751670 |
Process information queried | PID: 912 Info Class: Cookie | success or wait | 698751941 |
Process information queried | PID: 912 Info Class: Cookie | success or wait | 698752212 |
Process information queried | PID: 912 Info Class: Cookie | success or wait | 698752480 |
Process information queried | PID: 912 Info Class: Cookie | success or wait | 698752748 |
Process information queried | PID: 912 Info Class: Cookie | success or wait | 698753019 |
Process information queried | PID: 912 Info Class: Cookie | success or wait | 698753290 |
Process information queried | PID: 912 Info Class: Cookie | success or wait | 698753559 |
Process information queried | PID: 912 Info Class: Cookie | success or wait | 698753827 |
Process information queried | PID: 912 Info Class: Cookie | success or wait | 698754098 |
Process information queried | PID: 912 Info Class: Cookie | success or wait | 698754369 |
Process information queried | PID: 912 Info Class: Cookie | success or wait | 698754637 |
Process information queried | PID: 912 Info Class: Cookie | success or wait | 698754905 |
Process information queried | PID: 912 Info Class: Cookie | success or wait | 698755175 |
Process information queried | PID: 912 Info Class: Cookie | success or wait | 698755446 |
Process information queried | PID: 912 Info Class: Cookie | success or wait | 698755715 |
Thread created | PID: 912 TID: 2860 EIP: 7C8106F9 Imagepath: C:\WINDOWS\system32\svchost.exe | success or wait | 698845158 |
Thread resumed | TID: 2860 PID: 912 Path: C:\WINDOWS\system32\svchost.exe | success or wait | 698846375 |
Thread created | PID: 912 TID: 2868 EIP: 7C8106F9 Imagepath: C:\WINDOWS\system32\svchost.exe | success or wait | 698847028 |
Thread resumed | TID: 2868 PID: 912 Path: C:\WINDOWS\system32\svchost.exe | success or wait | 698847584 |
Mutant created | Name: \BaseNamedObjects\ofjwkwufhdjfgki | access denied | 817792361 |
File opened | Path: \pipe\globpluginspipe Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: none Content Overwritten: null | pipe not available | 817792842 |
File read | Path: \globpluginspipe Offset: unknown Length: 4 Value: 41 0C 02 00 | success or wait | 817806589 |
File read | Path: \globpluginspipe Offset: unknown Length: 134209 Value: 67 6C 6F 62 70 6C 75 67 69 6E 73 00 04 00 00 00 72 73 74 5F 31 5F 31 00 00 0C 02 00 4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF 00 00 B8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 E8 00 00 00 0E 1F BA 0E 00 B4 09 CD | success or wait | 819621223 |
Sections | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
File Activities:
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Section Activities:
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Mutant Activities:
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Process Activities:
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Thread Activities:
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Memory Activities:
|
Chronological sections | |||
Operation | Data | Completion | Time |
Memory attributes changed | PID: 996 Path: C:\WINDOWS\system32\svchost.exe Base: 7C90D76E Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 548304345 |
File opened | Path: C:\WINDOWS\system32\ntdll.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: null | success or wait | 548746716 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@109506a | success or wait | 548748283 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 4 Value: D0 00 00 00 | success or wait | 548756896 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@7e9505 | success or wait | 548758261 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 20 Value: 4C 01 04 00 7D F2 00 4D 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 548760169 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 D0 07 00 00 3C 03 00 00 00 00 00 F8 20 01 00 00 10 00 00 00 90 07 00 00 00 90 7C 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 0A 00 00 00 00 00 00 20 0B 00 00 04 00 00 30 FD 0A 00 03 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 34 00 00 | success or wait | 548769665 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@69adc7 | success or wait | 549296374 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 DA CE 07 00 00 10 00 00 00 D0 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 20 4A 00 00 00 E0 07 00 00 32 00 00 00 D4 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 78 BE 02 00 00 30 08 00 00 C0 02 00 | success or wait | 549298192 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@101751 | success or wait | 549306126 |
Section loaded | Path: C:\WINDOWS\system32\ntdll.dll Access: query and read Type: commit Baseaddress: F80000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 549314564 |
Memory attributes changed | PID: 996 Path: C:\WINDOWS\system32\svchost.exe Base: 7C90D76E Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 550471821 |
Memory attributes changed | PID: 996 Path: C:\WINDOWS\system32\svchost.exe Base: BAFCD70 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 550495924 |
Memory attributes changed | PID: 996 Path: C:\WINDOWS\system32\svchost.exe Base: 7C90DF1E Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 550518001 |
File opened | Path: C:\WINDOWS\system32\ntdll.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: null | success or wait | 550531687 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@109506a | success or wait | 550557757 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 4 Value: D0 00 00 00 | success or wait | 550562103 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@7e9505 | success or wait | 550565726 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 20 Value: 4C 01 04 00 7D F2 00 4D 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 550568920 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 D0 07 00 00 3C 03 00 00 00 00 00 F8 20 01 00 00 10 00 00 00 90 07 00 00 00 90 7C 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 0A 00 00 00 00 00 00 20 0B 00 00 04 00 00 30 FD 0A 00 03 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 34 00 00 | success or wait | 550582987 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@69adc7 | success or wait | 550586397 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 DA CE 07 00 00 10 00 00 00 D0 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 20 4A 00 00 00 E0 07 00 00 32 00 00 00 D4 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 78 BE 02 00 00 30 08 00 00 C0 02 00 | success or wait | 550589919 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@101751 | success or wait | 550595697 |
Section loaded | Path: C:\WINDOWS\system32\ntdll.dll Access: query and read Type: commit Baseaddress: F80000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 550600765 |
Memory attributes changed | PID: 996 Path: C:\WINDOWS\system32\svchost.exe Base: 7C90DF1E Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 551738960 |
Memory attributes changed | PID: 996 Path: C:\WINDOWS\system32\svchost.exe Base: BB17110 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 551747933 |
Memory attributes changed | PID: 996 Path: C:\WINDOWS\system32\svchost.exe Base: 7C90D2EE Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 551785603 |
File opened | Path: C:\WINDOWS\system32\ntdll.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: null | success or wait | 551806548 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@109506a | success or wait | 551812632 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 4 Value: D0 00 00 00 | success or wait | 551836649 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@7e9505 | success or wait | 551842045 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 20 Value: 4C 01 04 00 7D F2 00 4D 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 553158952 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 D0 07 00 00 3C 03 00 00 00 00 00 F8 20 01 00 00 10 00 00 00 90 07 00 00 00 90 7C 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 0A 00 00 00 00 00 00 20 0B 00 00 04 00 00 30 FD 0A 00 03 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 34 00 00 | success or wait | 553162478 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@69adc7 | success or wait | 553164410 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 DA CE 07 00 00 10 00 00 00 D0 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 20 4A 00 00 00 E0 07 00 00 32 00 00 00 D4 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 78 BE 02 00 00 30 08 00 00 C0 02 00 | success or wait | 553166208 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@101751 | success or wait | 553175237 |
Section loaded | Path: C:\WINDOWS\system32\ntdll.dll Access: query and read Type: commit Baseaddress: F70000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 553177553 |
Memory attributes changed | PID: 996 Path: C:\WINDOWS\system32\svchost.exe Base: 7C90D2EE Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 554156354 |
Memory attributes changed | PID: 996 Path: C:\WINDOWS\system32\svchost.exe Base: BB02A80 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 554171760 |
Memory attributes changed | PID: 996 Path: C:\WINDOWS\system32\svchost.exe Base: 7C90DB3E Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 554180119 |
File opened | Path: C:\WINDOWS\system32\ntdll.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: null | success or wait | 554186221 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@109506a | success or wait | 554188567 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 4 Value: D0 00 00 00 | success or wait | 554190419 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@7e9505 | success or wait | 554192110 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 20 Value: 4C 01 04 00 7D F2 00 4D 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 554556888 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 D0 07 00 00 3C 03 00 00 00 00 00 F8 20 01 00 00 10 00 00 00 90 07 00 00 00 90 7C 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 0A 00 00 00 00 00 00 20 0B 00 00 04 00 00 30 FD 0A 00 03 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 34 00 00 | success or wait | 554562076 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@69adc7 | success or wait | 554563706 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 DA CE 07 00 00 10 00 00 00 D0 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 20 4A 00 00 00 E0 07 00 00 32 00 00 00 D4 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 78 BE 02 00 00 30 08 00 00 C0 02 00 | success or wait | 554572868 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@101751 | success or wait | 554575683 |
Section loaded | Path: C:\WINDOWS\system32\ntdll.dll Access: query and read Type: commit Baseaddress: F70000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 554578270 |
Memory attributes changed | PID: 996 Path: C:\WINDOWS\system32\svchost.exe Base: 7C90DB3E Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 555058853 |
Memory attributes changed | PID: 996 Path: C:\WINDOWS\system32\svchost.exe Base: BB169A8 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 555069568 |
Memory attributes changed | PID: 996 Path: C:\WINDOWS\system32\svchost.exe Base: 7C91632D Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 555072386 |
File opened | Path: C:\WINDOWS\system32\ntdll.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: null | success or wait | 555091178 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@109506a | success or wait | 555093246 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 4 Value: D0 00 00 00 | success or wait | 555096140 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@7e9505 | success or wait | 555381461 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 20 Value: 4C 01 04 00 7D F2 00 4D 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 555397704 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 D0 07 00 00 3C 03 00 00 00 00 00 F8 20 01 00 00 10 00 00 00 90 07 00 00 00 90 7C 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 0A 00 00 00 00 00 00 20 0B 00 00 04 00 00 30 FD 0A 00 03 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 34 00 00 | success or wait | 555436759 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@69adc7 | success or wait | 555439735 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 DA CE 07 00 00 10 00 00 00 D0 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 20 4A 00 00 00 E0 07 00 00 32 00 00 00 D4 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 78 BE 02 00 00 30 08 00 00 C0 02 00 | success or wait | 555451739 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@101751 | success or wait | 555457216 |
Section loaded | Path: C:\WINDOWS\system32\ntdll.dll Access: query and read Type: commit Baseaddress: F70000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 555461339 |
Memory attributes changed | PID: 996 Path: C:\WINDOWS\system32\svchost.exe Base: 7C91632D Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 556146915 |
Memory attributes changed | PID: 996 Path: C:\WINDOWS\system32\svchost.exe Base: BB031F0 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 556149513 |
Memory attributes changed | PID: 996 Path: C:\WINDOWS\system32\svchost.exe Base: 7E418BF6 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 556160528 |
File opened | Path: C:\WINDOWS\system32\USER32.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: null | success or wait | 556171664 |
File other op | Path: C:\WINDOWS\system32\user32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@6af2fb | success or wait | 556176328 |
File read | Path: C:\WINDOWS\system32\user32.dll Offset: unknown Length: 4 Value: D8 00 00 00 | success or wait | 556179193 |
File other op | Path: C:\WINDOWS\system32\user32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1765ab3 | success or wait | 556192532 |
File read | Path: C:\WINDOWS\system32\user32.dll Offset: unknown Length: 20 Value: 4C 01 04 00 1B A1 02 48 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 556195276 |
File read | Path: C:\WINDOWS\system32\user32.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 F4 05 00 00 E2 02 00 00 00 00 00 17 B2 00 00 00 10 00 00 00 B0 05 00 00 00 41 7E 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 00 00 00 00 00 00 00 10 09 00 00 04 00 00 76 FC 08 00 02 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 39 00 00 | success or wait | 556746420 |
File other op | Path: C:\WINDOWS\system32\user32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@13cc05f | success or wait | 556749077 |
File read | Path: C:\WINDOWS\system32\user32.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 83 F2 05 00 00 10 00 00 00 F4 05 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 80 11 00 00 00 10 06 00 00 0C 00 00 00 F8 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 88 A0 02 00 00 30 06 00 00 A2 02 00 | success or wait | 556752019 |
File other op | Path: C:\WINDOWS\system32\user32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@179a4c9 | success or wait | 556762350 |
Section loaded | Path: C:\WINDOWS\system32\user32.dll Access: query and read Type: commit Baseaddress: F70000 Size: 57344 Protection: readonly Mapped to pid: own pid | success or wait | 556765277 |
Memory attributes changed | PID: 996 Path: C:\WINDOWS\system32\svchost.exe Base: 7E418BF6 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 556813791 |
Memory attributes changed | PID: 996 Path: C:\WINDOWS\system32\svchost.exe Base: BB02140 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 556817005 |
File opened | Path: C:\skhfushjflw\config.bin Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: normal Content Overwritten: null | success or wait | 556819774 |
File read | Path: C:\skhfushjflw\config.bin Offset: unknown Length: 74019 Value: 50 5F A6 6E 46 82 4F 8B 57 93 A9 9E 12 94 50 94 50 94 50 94 50 94 65 A2 66 A2 68 AC 79 BD E4 97 C1 E3 88 2B 9D C5 E2 92 23 B3 04 C0 03 7C B1 2A B3 BE CE AD 37 FD 39 FD 3B 6B 1F 81 21 06 02 04 95 44 7B 58 4F 33 E4 CF A8 3F D4 7E 21 05 7D B3 67 3E 96 B1 22 34 C2 F2 16 A5 36 26 B2 39 84 48 E5 22 EE 43 | success or wait | 556823278 |
Memory attributes changed | PID: 996 Path: C:\WINDOWS\system32\svchost.exe Base: 3D949088 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 556876500 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: null | success or wait | 556893201 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@131b810 | success or wait | 556905864 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 556916930 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@12b523c | success or wait | 556922171 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 556927081 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 556934301 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@124181b | success or wait | 556937346 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 556951307 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@aaca8a | success or wait | 556954145 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: F70000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 558053533 |
Memory attributes changed | PID: 996 Path: C:\WINDOWS\system32\svchost.exe Base: 3D949088 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 558136203 |
Memory attributes changed | PID: 996 Path: C:\WINDOWS\system32\svchost.exe Base: BB17598 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 558139028 |
Memory attributes changed | PID: 996 Path: C:\WINDOWS\system32\svchost.exe Base: 3D95EE89 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 558152896 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: null | success or wait | 558165477 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@131b810 | success or wait | 558171957 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 558187183 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@12b523c | success or wait | 558193498 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 558196874 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 558211340 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@124181b | success or wait | 558214475 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 558224477 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@aaca8a | success or wait | 558227456 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: F70000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 558238845 |
Memory attributes changed | PID: 996 Path: C:\WINDOWS\system32\svchost.exe Base: 3D95EE89 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 558258702 |
Memory attributes changed | PID: 996 Path: C:\WINDOWS\system32\svchost.exe Base: BB16B68 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 559406404 |
Memory attributes changed | PID: 996 Path: C:\WINDOWS\system32\svchost.exe Base: 3D94FABE Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 559434461 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: null | success or wait | 559576508 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@131b810 | success or wait | 559601137 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 559635925 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@12b523c | success or wait | 559646084 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 559652737 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 559658931 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@124181b | success or wait | 559670878 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 559677747 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@aaca8a | success or wait | 559686158 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: F70000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 559699083 |
Memory attributes changed | PID: 996 Path: C:\WINDOWS\system32\svchost.exe Base: 3D94FABE Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 559793577 |
Memory attributes changed | PID: 996 Path: C:\WINDOWS\system32\svchost.exe Base: BAFC6D0 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 559840994 |
Memory attributes changed | PID: 996 Path: C:\WINDOWS\system32\svchost.exe Base: 3D9A608E Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 559858530 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: null | success or wait | 559906821 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@131b810 | success or wait | 559916355 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 559922174 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@12b523c | success or wait | 559929667 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 563792875 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 563800976 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@124181b | success or wait | 563804811 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 563835661 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@aaca8a | success or wait | 563847174 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: F70000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 563850558 |
Memory attributes changed | PID: 996 Path: C:\WINDOWS\system32\svchost.exe Base: 3D9A608E Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 563959031 |
Memory attributes changed | PID: 996 Path: C:\WINDOWS\system32\svchost.exe Base: BB05EA0 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 563976504 |
File opened | Path: C:\skhfushjflw\config.bin Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: normal Content Overwritten: null | success or wait | 563982862 |
File read | Path: C:\skhfushjflw\config.bin Offset: unknown Length: 74019 Value: 50 5F A6 6E 46 82 4F 8B 57 93 A9 9E 12 94 50 94 50 94 50 94 50 94 65 A2 66 A2 68 AC 79 BD E4 97 C1 E3 88 2B 9D C5 E2 92 23 B3 04 C0 03 7C B1 2A B3 BE CE AD 37 FD 39 FD 3B 6B 1F 81 21 06 02 04 95 44 7B 58 4F 33 E4 CF A8 3F D4 7E 21 05 7D B3 67 3E 96 B1 22 34 C2 F2 16 A5 36 26 B2 39 84 48 E5 22 EE 43 | success or wait | 563985695 |
Memory attributes changed | PID: 996 Path: C:\WINDOWS\system32\svchost.exe Base: 3D94D508 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 564057662 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: null | success or wait | 564075134 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@131b810 | success or wait | 564106534 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 564110106 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@12b523c | success or wait | 564161483 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 564164826 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 564168090 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@124181b | success or wait | 564182028 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 564186259 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@aaca8a | success or wait | 564202823 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: F70000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 564207235 |
Memory attributes changed | PID: 996 Path: C:\WINDOWS\system32\svchost.exe Base: 3D94D508 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 564293306 |
Memory attributes changed | PID: 996 Path: C:\WINDOWS\system32\svchost.exe Base: BB06620 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 564296794 |
Memory attributes changed | PID: 996 Path: C:\WINDOWS\system32\svchost.exe Base: 3D94CF4E Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 564302045 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: null | success or wait | 564324573 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@131b810 | success or wait | 564349336 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 564354749 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@12b523c | success or wait | 564411621 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 564473663 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 564537772 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@124181b | success or wait | 564552057 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 564572225 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@aaca8a | success or wait | 564591818 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: F70000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 564675394 |
Memory attributes changed | PID: 996 Path: C:\WINDOWS\system32\svchost.exe Base: 3D94CF4E Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 564768581 |
Memory attributes changed | PID: 996 Path: C:\WINDOWS\system32\svchost.exe Base: BB17758 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 564778495 |
Memory attributes changed | PID: 996 Path: C:\WINDOWS\system32\svchost.exe Base: 3D94878D Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 564788980 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: null | success or wait | 564816614 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@131b810 | success or wait | 564844720 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 564877195 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@12b523c | success or wait | 564886244 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 565728726 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 565751447 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@124181b | success or wait | 565762689 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 565770556 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@aaca8a | success or wait | 565783702 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: F70000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 565792327 |
Memory attributes changed | PID: 996 Path: C:\WINDOWS\system32\svchost.exe Base: 3D94878D Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 566006618 |
Memory attributes changed | PID: 996 Path: C:\WINDOWS\system32\svchost.exe Base: BB033B0 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 566016822 |
Memory attributes changed | PID: 996 Path: C:\WINDOWS\system32\svchost.exe Base: 3D940049 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 566045302 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: null | success or wait | 566213821 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@131b810 | success or wait | 566273260 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 566534888 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@12b523c | success or wait | 566652711 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 566668812 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 566712283 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@124181b | success or wait | 566741918 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 566750546 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@aaca8a | success or wait | 566759995 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: F70000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 566767241 |
Memory attributes changed | PID: 996 Path: C:\WINDOWS\system32\svchost.exe Base: 3D940049 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 567866632 |
Memory attributes changed | PID: 996 Path: C:\WINDOWS\system32\svchost.exe Base: BB17AA8 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 567882223 |
Memory attributes changed | PID: 996 Path: C:\WINDOWS\system32\svchost.exe Base: 3D94BF83 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 567926545 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: null | success or wait | 568067575 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@131b810 | success or wait | 568086149 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 568099434 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@12b523c | success or wait | 568118821 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 568139865 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 568156224 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@124181b | success or wait | 568172096 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 568180562 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@aaca8a | success or wait | 568213669 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: F70000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 568222858 |
Memory attributes changed | PID: 996 Path: C:\WINDOWS\system32\svchost.exe Base: 3D94BF83 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 568648737 |
Memory attributes changed | PID: 996 Path: C:\WINDOWS\system32\svchost.exe Base: BB02C30 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 568658492 |
Memory attributes changed | PID: 996 Path: C:\WINDOWS\system32\svchost.exe Base: 3D94654B Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 568671529 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: null | success or wait | 568708003 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@131b810 | success or wait | 568717249 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 568761438 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@12b523c | success or wait | 568771669 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 568779978 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 568791335 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@124181b | success or wait | 568801483 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 568853023 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@aaca8a | success or wait | 568863733 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: F70000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 568874679 |
Memory attributes changed | PID: 996 Path: C:\WINDOWS\system32\svchost.exe Base: 3D94654B Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 569169599 |
Memory attributes changed | PID: 996 Path: C:\WINDOWS\system32\svchost.exe Base: BB035C0 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 569178712 |
Memory attributes changed | PID: 996 Path: C:\WINDOWS\system32\svchost.exe Base: 3D963381 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 569188727 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: null | success or wait | 569219278 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@131b810 | success or wait | 569227499 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 569264074 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@12b523c | success or wait | 569271795 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 569280447 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 569291728 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@124181b | success or wait | 569301752 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 569312686 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@aaca8a | success or wait | 569321012 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: F70000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 569334343 |
Memory attributes changed | PID: 996 Path: C:\WINDOWS\system32\svchost.exe Base: 3D963381 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 570233419 |
Memory attributes changed | PID: 996 Path: C:\WINDOWS\system32\svchost.exe Base: BAFCB48 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 570246674 |
Memory attributes changed | PID: 996 Path: C:\WINDOWS\system32\svchost.exe Base: 71AB4C27 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 570258495 |
File opened | Path: c:\windows\system32\WS2_32.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: null | success or wait | 570288137 |
File other op | Path: C:\WINDOWS\system32\ws2_32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@d74b31 | success or wait | 570306322 |
File read | Path: C:\WINDOWS\system32\ws2_32.dll Offset: unknown Length: 4 Value: F0 00 00 00 | success or wait | 570320451 |
File other op | Path: C:\WINDOWS\system32\ws2_32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@89848d | success or wait | 570335778 |
File read | Path: C:\WINDOWS\system32\ws2_32.dll Offset: unknown Length: 20 Value: 4C 01 04 00 63 A1 02 48 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 570345964 |
File read | Path: C:\WINDOWS\system32\ws2_32.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 22 01 00 00 1C 00 00 00 00 00 00 73 12 00 00 00 10 00 00 00 20 01 00 00 00 AB 71 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 0A 00 00 00 00 00 00 70 01 00 00 04 00 00 20 F0 01 00 03 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 04 14 00 00 | success or wait | 570410165 |
File other op | Path: C:\WINDOWS\system32\ws2_32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@5d4a62 | success or wait | 570418311 |
File read | Path: C:\WINDOWS\system32\ws2_32.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 53 21 01 00 00 10 00 00 00 22 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 14 09 00 00 00 40 01 00 00 0A 00 00 00 26 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 F8 03 00 00 00 50 01 00 00 04 00 00 | success or wait | 570522324 |
File other op | Path: C:\WINDOWS\system32\ws2_32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@be8e12 | success or wait | 570660893 |
Section loaded | Path: C:\WINDOWS\system32\ws2_32.dll Access: query and read Type: commit Baseaddress: F70000 Size: 20480 Protection: readonly Mapped to pid: own pid | success or wait | 570673254 |
Memory attributes changed | PID: 996 Path: C:\WINDOWS\system32\svchost.exe Base: 71AB4C27 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 571044220 |
File other op | Path: C:\WINDOWS\system32\advapi32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@6159c4 | success or wait | 571088950 |
File read | Path: C:\WINDOWS\system32\advapi32.dll Offset: unknown Length: 4 Value: F0 00 00 00 | success or wait | 571102779 |
File other op | Path: C:\WINDOWS\system32\advapi32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@14c92a7 | success or wait | 571107049 |
File read | Path: C:\WINDOWS\system32\advapi32.dll Offset: unknown Length: 20 Value: 4C 01 04 00 48 1D 90 49 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 571109689 |
File read | Path: C:\WINDOWS\system32\advapi32.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 46 07 00 00 3E 02 00 00 00 00 00 0B 71 00 00 00 10 00 00 00 20 07 00 00 00 DD 77 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 00 00 00 00 00 00 00 B0 09 00 00 04 00 00 B8 5B 0A 00 03 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 A4 16 00 00 | success or wait | 571114163 |
File other op | Path: C:\WINDOWS\system32\advapi32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@3040c5 | success or wait | 571117226 |
Process information queried | PID: 1052 Info Class: ImageFileName | info length mismatch | 571118196 |
File read | Path: C:\WINDOWS\system32\advapi32.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 C9 45 07 00 00 10 00 00 00 46 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 28 46 00 00 00 60 07 00 00 2C 00 00 00 4A 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 80 A9 01 00 00 B0 07 00 00 AA 01 00 | success or wait | 571120340 |
Process information queried | PID: 1052 Info Class: ImageFileName | success or wait | 571120823 |
File other op | Path: C:\WINDOWS\system32\advapi32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1ec459b | success or wait | 571123435 |
Section loaded | Path: C:\WINDOWS\system32\advapi32.dll Access: query and read Type: commit Baseaddress: F70000 Size: 28672 Protection: readonly Mapped to pid: own pid | success or wait | 571126817 |
File other op | Path: C:\WINDOWS\system32\crypt32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@cdf450 | success or wait | 571273534 |
File read | Path: C:\WINDOWS\system32\crypt32.dll Offset: unknown Length: 4 Value: F0 00 00 00 | success or wait | 571284660 |
File other op | Path: C:\WINDOWS\system32\crypt32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@162b8ce | success or wait | 571881397 |
File read | Path: C:\WINDOWS\system32\crypt32.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D7 A0 02 48 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 571890682 |
File read | Path: C:\WINDOWS\system32\crypt32.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 44 08 00 00 DC 00 00 00 00 00 00 32 16 00 00 00 10 00 00 00 20 08 00 00 00 A8 77 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 00 00 00 00 00 00 00 50 09 00 00 04 00 00 30 C5 09 00 02 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 9C 1A 00 00 | success or wait | 571895910 |
File other op | Path: C:\WINDOWS\system32\crypt32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@52fdeb | success or wait | 571901516 |
File read | Path: C:\WINDOWS\system32\crypt32.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 C4 43 08 00 00 10 00 00 00 44 08 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 E8 23 00 00 00 60 08 00 00 24 00 00 00 48 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 50 67 00 00 00 90 08 00 00 68 00 00 | success or wait | 571906792 |
File other op | Path: C:\WINDOWS\system32\crypt32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@9c6c30 | success or wait | 571910887 |
Section loaded | Path: C:\WINDOWS\system32\crypt32.dll Access: query and read Type: commit Baseaddress: F70000 Size: 77824 Protection: readonly Mapped to pid: own pid | success or wait | 571915121 |
Mutant created | Name: \BaseNamedObjects\WTFGQ7AIWawyMYWWRAk3SWXkgj39MdG | object name exists | 571994583 |
Thread created | PID: 996 TID: 3552 EIP: 7C8106F9 Imagepath: C:\WINDOWS\system32\svchost.exe | success or wait | 572059514 |
Thread resumed | TID: 3552 PID: 996 Path: C:\WINDOWS\system32\svchost.exe | success or wait | 572076635 |
File opened | Path: \pipe\globpluginspipe Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: none Content Overwritten: null | object name not found | 572078067 |
Thread created | PID: 996 TID: 3572 EIP: 7C8106F9 Imagepath: C:\WINDOWS\system32\svchost.exe | success or wait | 572092476 |
Thread resumed | TID: 3572 PID: 996 Path: C:\WINDOWS\system32\svchost.exe | success or wait | 572096867 |
Thread delayed | Time: 0 TID: 3572 | success or wait | 572103250 |
Thread delayed | Time: 0 TID: 3572 | success or wait | 573205965 |
Thread delayed | Time: 0 TID: 3572 | success or wait | 574481837 |
Thread delayed | Time: 0 TID: 3572 | success or wait | 575658516 |
Thread delayed | Time: 0 TID: 3572 | success or wait | 576732605 |
Thread delayed | Time: 0 TID: 3572 | success or wait | 578412075 |
Thread delayed | Time: 0 TID: 3572 | success or wait | 580085388 |
Thread delayed | Time: 0 TID: 3572 | success or wait | 582419404 |
Thread delayed | Time: 0 TID: 3572 | success or wait | 583831038 |
Thread delayed | Time: 0 TID: 3572 | success or wait | 585037517 |
Thread delayed | Time: 0 TID: 3572 | success or wait | 586636255 |
Thread delayed | Time: 0 TID: 3572 | success or wait | 587747066 |
Thread delayed | Time: 0 TID: 3572 | success or wait | 588867609 |
Thread delayed | Time: 0 TID: 3572 | success or wait | 589986242 |
Thread delayed | Time: 0 TID: 3572 | success or wait | 591104979 |
Thread delayed | Time: 0 TID: 3572 | success or wait | 592223425 |
Thread delayed | Time: 0 TID: 3572 | success or wait | 593341902 |
Thread delayed | Time: 0 TID: 3572 | success or wait | 594647630 |
Thread delayed | Time: 0 TID: 3572 | success or wait | 596041719 |
Thread delayed | Time: 0 TID: 3572 | success or wait | 597143836 |
Thread delayed | Time: 0 TID: 3572 | success or wait | 598274651 |
Thread delayed | Time: 0 TID: 3572 | success or wait | 599578289 |
Thread delayed | Time: 0 TID: 3572 | success or wait | 600672631 |
Thread delayed | Time: 0 TID: 3572 | success or wait | 601794043 |
Thread delayed | Time: 0 TID: 3572 | success or wait | 602914690 |
Thread delayed | Time: 0 TID: 3572 | success or wait | 604210847 |
Thread delayed | Time: 0 TID: 3572 | success or wait | 605418002 |
Thread delayed | Time: 0 TID: 3572 | success or wait | 606487551 |
Thread delayed | Time: 0 TID: 3572 | success or wait | 607605599 |
Thread delayed | Time: 0 TID: 3572 | success or wait | 608744394 |
Thread delayed | Time: 0 TID: 3572 | success or wait | 609842460 |
Thread delayed | Time: 0 TID: 3572 | success or wait | 610958781 |
Thread delayed | Time: 0 TID: 3572 | success or wait | 612078724 |
Thread delayed | Time: 0 TID: 3572 | success or wait | 613198007 |
Thread delayed | Time: 0 TID: 3572 | success or wait | 614318992 |
Thread delayed | Time: 0 TID: 3572 | success or wait | 615434954 |
Thread delayed | Time: 0 TID: 3572 | success or wait | 616553445 |
Thread delayed | Time: 0 TID: 3572 | success or wait | 617675053 |
Thread delayed | Time: 0 TID: 3572 | success or wait | 618790693 |
Thread delayed | Time: 0 TID: 3572 | success or wait | 619917265 |
Thread delayed | Time: 0 TID: 3572 | success or wait | 621027820 |
Thread delayed | Time: 0 TID: 3572 | success or wait | 622147042 |
Thread delayed | Time: 0 TID: 3572 | success or wait | 623265059 |
Thread delayed | Time: 0 TID: 3572 | success or wait | 624386362 |
Thread delayed | Time: 0 TID: 3572 | success or wait | 625502312 |
Thread delayed | Time: 0 TID: 3572 | success or wait | 626623774 |
Thread delayed | Time: 0 TID: 3572 | success or wait | 627739621 |
Thread delayed | Time: 0 TID: 3572 | success or wait | 628862462 |
Thread delayed | Time: 0 TID: 3572 | success or wait | 629977482 |
Thread delayed | Time: 0 TID: 3572 | success or wait | 631095684 |
Process information queried | PID: 1052 Info Class: ImageFileName | info length mismatch | 644660542 |
Process information queried | PID: 1052 Info Class: ImageFileName | success or wait | 644660658 |
Thread resumed | TID: 2700 PID: 996 Path: C:\WINDOWS\system32\svchost.exe | success or wait | 645351021 |
Process information queried | PID: 2472 Info Class: SessionInformation | success or wait | 650835490 |
Process information queried | PID: 2948 Info Class: SessionInformation | success or wait | 655938904 |
Process information queried | PID: 2948 Info Class: SessionInformation | success or wait | 664354358 |
Process information queried | PID: 1052 Info Class: ImageFileName | info length mismatch | 665726401 |
Process information queried | PID: 1052 Info Class: ImageFileName | success or wait | 665726519 |
Process information queried | PID: 1052 Info Class: ImageFileName | info length mismatch | 667981213 |
Process information queried | PID: 1052 Info Class: ImageFileName | success or wait | 667981333 |
Section loaded | Path: C:\WINDOWS\Prefetch\IEXPLORE.EXE-27122324.pf Access: query and read Type: commit Baseaddress: 2110000 Size: 69632 Protection: readonly Mapped to pid: own pid | success or wait | 684853612 |
Mutant created | Name: \BaseNamedObjects\ofjwkwufhdjfgki | object name exists | 694116377 |
File opened | Path: \pipe\globpluginspipe Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: none Content Overwritten: null | success or wait | 694281873 |
File read | Path: \globpluginspipe Offset: unknown Length: 4 Value: 41 0C 02 00 | success or wait | 694289065 |
File read | Path: \globpluginspipe Offset: unknown Length: 134209 Value: 67 6C 6F 62 70 6C 75 67 69 6E 73 00 04 00 00 00 72 73 74 5F 31 5F 31 00 00 0C 02 00 4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF 00 00 B8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 E8 00 00 00 0E 1F BA 0E 00 B4 09 CD | success or wait | 694497200 |
Memory allocated | PID: 996 Path: C:\WINDOWS\system32\svchost.exe Base: 2110000 Length: 1ABFF08 Allocation Type: unknown Protection: page execute and read and write | success or wait | 695423127 |
Memory allocated | PID: 996 Path: C:\WINDOWS\system32\svchost.exe Base: 16A0000 Length: 1ABFE54 Allocation Type: unknown Protection: page read and write | success or wait | 695437906 |
Memory allocated | PID: 996 Path: C:\WINDOWS\system32\svchost.exe Base: 16A0000 Length: 1ABFE58 Allocation Type: unknown Protection: page read and write | success or wait | 695440422 |
Memory allocated | PID: 996 Path: C:\WINDOWS\system32\svchost.exe Base: 16A1000 Length: 1ABFB34 Allocation Type: unknown Protection: page read and write | success or wait | 695441876 |
Process information queried | PID: 996 Info Class: Cookie | success or wait | 695444750 |
Process information queried | PID: 996 Info Class: Cookie | success or wait | 695446217 |
Process information queried | PID: 996 Info Class: Cookie | success or wait | 695448797 |
Process information queried | PID: 996 Info Class: Cookie | success or wait | 695451295 |
Process information queried | PID: 996 Info Class: Cookie | success or wait | 695452089 |
Process information queried | PID: 996 Info Class: Cookie | success or wait | 695452262 |
Process information queried | PID: 996 Info Class: Cookie | success or wait | 695452513 |
Process information queried | PID: 996 Info Class: Cookie | success or wait | 695452805 |
Process information queried | PID: 996 Info Class: Cookie | success or wait | 695453111 |
Process information queried | PID: 996 Info Class: Cookie | success or wait | 695454265 |
Process information queried | PID: 996 Info Class: Cookie | success or wait | 695454510 |
Process information queried | PID: 996 Info Class: Cookie | success or wait | 695454751 |
Process information queried | PID: 996 Info Class: Cookie | success or wait | 695454992 |
Process information queried | PID: 996 Info Class: Cookie | success or wait | 695455232 |
Process information queried | PID: 996 Info Class: Cookie | success or wait | 695455550 |
Process information queried | PID: 996 Info Class: Cookie | success or wait | 695455794 |
Process information queried | PID: 996 Info Class: Cookie | success or wait | 695456035 |
Process information queried | PID: 996 Info Class: Cookie | success or wait | 695456276 |
Process information queried | PID: 996 Info Class: Cookie | success or wait | 695456517 |
Process information queried | PID: 996 Info Class: Cookie | success or wait | 695456768 |
Process information queried | PID: 996 Info Class: Cookie | success or wait | 695457085 |
Process information queried | PID: 996 Info Class: Cookie | success or wait | 695457343 |
Process information queried | PID: 996 Info Class: Cookie | success or wait | 695457603 |
Process information queried | PID: 996 Info Class: Cookie | success or wait | 695457862 |
Process information queried | PID: 996 Info Class: Cookie | success or wait | 695458189 |
Process information queried | PID: 996 Info Class: Cookie | success or wait | 695458461 |
Process information queried | PID: 996 Info Class: Cookie | success or wait | 695458743 |
Process information queried | PID: 996 Info Class: Cookie | success or wait | 695459015 |
Process information queried | PID: 996 Info Class: Cookie | success or wait | 695459296 |
Process information queried | PID: 996 Info Class: Cookie | success or wait | 695459569 |
Process information queried | PID: 996 Info Class: Cookie | success or wait | 695459840 |
Process information queried | PID: 996 Info Class: Cookie | success or wait | 695460111 |
Process information queried | PID: 996 Info Class: Cookie | success or wait | 695460386 |
Process information queried | PID: 996 Info Class: Cookie | success or wait | 695460658 |
Process information queried | PID: 996 Info Class: Cookie | success or wait | 695460929 |
Process information queried | PID: 996 Info Class: Cookie | success or wait | 695461199 |
Process information queried | PID: 996 Info Class: Cookie | success or wait | 695461474 |
Process information queried | PID: 996 Info Class: Cookie | success or wait | 695461745 |
Process information queried | PID: 996 Info Class: Cookie | success or wait | 695462015 |
Process information queried | PID: 996 Info Class: Cookie | success or wait | 695462286 |
Process information queried | PID: 996 Info Class: Cookie | success or wait | 695462561 |
Process information queried | PID: 996 Info Class: Cookie | success or wait | 695462831 |
Process information queried | PID: 996 Info Class: Cookie | success or wait | 695463102 |
Process information queried | PID: 996 Info Class: Cookie | success or wait | 695463372 |
Process information queried | PID: 996 Info Class: Cookie | success or wait | 695463647 |
Process information queried | PID: 996 Info Class: Cookie | success or wait | 695463917 |
Process information queried | PID: 996 Info Class: Cookie | success or wait | 695464188 |
Process information queried | PID: 996 Info Class: Cookie | success or wait | 695464458 |
Process information queried | PID: 996 Info Class: Cookie | success or wait | 695464732 |
Process information queried | PID: 996 Info Class: Cookie | success or wait | 695465003 |
Thread created | PID: 996 TID: 2496 EIP: 7C8106F9 Imagepath: C:\WINDOWS\system32\svchost.exe | success or wait | 695556527 |
Thread resumed | TID: 2496 PID: 996 Path: C:\WINDOWS\system32\svchost.exe | success or wait | 695557243 |
Thread created | PID: 996 TID: 2500 EIP: 7C8106F9 Imagepath: C:\WINDOWS\system32\svchost.exe | success or wait | 695558836 |
Thread resumed | TID: 2500 PID: 996 Path: C:\WINDOWS\system32\svchost.exe | success or wait | 695559388 |
Process information queried | PID: 1052 Info Class: ImageFileName | info length mismatch | 705449994 |
Process information queried | PID: 1052 Info Class: ImageFileName | success or wait | 705450327 |
Process information queried | PID: 1052 Info Class: ImageFileName | info length mismatch | 713543015 |
Process information queried | PID: 1052 Info Class: ImageFileName | success or wait | 713543131 |
Process information queried | PID: 1052 Info Class: ImageFileName | info length mismatch | 736880218 |
Process information queried | PID: 1052 Info Class: ImageFileName | success or wait | 736891628 |
Thread resumed | TID: 2972 PID: 996 Path: C:\WINDOWS\system32\svchost.exe | success or wait | 790767031 |
Mutant created | Name: \BaseNamedObjects\ofjwkwufhdjfgki | object name exists | 814712871 |
File opened | Path: \pipe\globpluginspipe Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: none Content Overwritten: null | success or wait | 814713568 |
File read | Path: \globpluginspipe Offset: unknown Length: 4 Value: 41 0C 02 00 | success or wait | 814714076 |
File read | Path: \globpluginspipe Offset: unknown Length: 134209 Value: 67 6C 6F 62 70 6C 75 67 69 6E 73 00 04 00 00 00 72 73 74 5F 31 5F 31 00 00 0C 02 00 4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF 00 00 B8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 E8 00 00 00 0E 1F BA 0E 00 B4 09 CD | success or wait | 814721450 |
Sections | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
File Activities:
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Section Activities:
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Mutant Activities:
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Process Activities:
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Thread Activities:
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Memory Activities:
|
Chronological sections | |||
Operation | Data | Completion | Time |
Section loaded | Path: \KnownDlls\CRYPT32.dll Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 548763673 |
Section loaded | Path: C:\WINDOWS\system32\crypt32.dll Access: query and write and read and execute Type: image Baseaddress: 77A80000 Size: 610304 Protection: read write Mapped to pid: own pid | success or wait | 548767240 |
Section loaded | Path: \KnownDlls\MSASN1.dll Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 549321914 |
Section loaded | Path: C:\WINDOWS\system32\msasn1.dll Access: query and write and read and execute Type: image Baseaddress: 77B20000 Size: 73728 Protection: read write Mapped to pid: own pid | success or wait | 550476661 |
Section loaded | Path: \KnownDlls\WININET.dll Access: write and read and execute Type: unknown Baseaddress: 3D930000 Size: 942080 Protection: read write Mapped to pid: own pid | success or wait | 550608326 |
Section loaded | Path: \KnownDlls\Normaliz.dll Access: write and read and execute Type: unknown Baseaddress: 890000 Size: 36864 Protection: read write Mapped to pid: own pid | conflicting addresses | 553158366 |
Section loaded | Path: \KnownDlls\urlmon.dll Access: write and read and execute Type: unknown Baseaddress: 78130000 Size: 1257472 Protection: read write Mapped to pid: own pid | success or wait | 554188665 |
Section loaded | Path: \KnownDlls\iertutil.dll Access: write and read and execute Type: unknown Baseaddress: 3DFD0000 Size: 2002944 Protection: read write Mapped to pid: own pid | success or wait | 555092688 |
Memory attributes changed | PID: 1052 Path: C:\WINDOWS\system32\svchost.exe Base: 7C90D76E Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 558078053 |
File opened | Path: C:\WINDOWS\system32\ntdll.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: null | success or wait | 558134593 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@7f3159 | success or wait | 558137389 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 4 Value: D0 00 00 00 | success or wait | 558151220 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@80f252 | success or wait | 558154102 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 20 Value: 4C 01 04 00 7D F2 00 4D 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 558157847 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 D0 07 00 00 3C 03 00 00 00 00 00 F8 20 01 00 00 10 00 00 00 90 07 00 00 00 90 7C 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 0A 00 00 00 00 00 00 20 0B 00 00 04 00 00 30 FD 0A 00 03 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 34 00 00 | success or wait | 558161621 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1a4e5c0 | success or wait | 558166523 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 DA CE 07 00 00 10 00 00 00 D0 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 20 4A 00 00 00 E0 07 00 00 32 00 00 00 D4 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 78 BE 02 00 00 30 08 00 00 C0 02 00 | success or wait | 558172567 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@e7a94c | success or wait | 558190065 |
Section loaded | Path: C:\WINDOWS\system32\ntdll.dll Access: query and read Type: commit Baseaddress: 8B0000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 558193394 |
Memory attributes changed | PID: 1052 Path: C:\WINDOWS\system32\svchost.exe Base: 7C90D76E Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 558241592 |
Memory attributes changed | PID: 1052 Path: C:\WINDOWS\system32\svchost.exe Base: BAFCD70 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 558244278 |
Memory attributes changed | PID: 1052 Path: C:\WINDOWS\system32\svchost.exe Base: 7C90DF1E Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 558247822 |
File opened | Path: C:\WINDOWS\system32\ntdll.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: null | success or wait | 558256931 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@7f3159 | success or wait | 558259186 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 4 Value: D0 00 00 00 | success or wait | 559408232 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@80f252 | success or wait | 559434308 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 20 Value: 4C 01 04 00 7D F2 00 4D 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 559441315 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 D0 07 00 00 3C 03 00 00 00 00 00 F8 20 01 00 00 10 00 00 00 90 07 00 00 00 90 7C 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 0A 00 00 00 00 00 00 20 0B 00 00 04 00 00 30 FD 0A 00 03 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 34 00 00 | success or wait | 559544103 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1a4e5c0 | success or wait | 559575948 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 DA CE 07 00 00 10 00 00 00 D0 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 20 4A 00 00 00 E0 07 00 00 32 00 00 00 D4 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 78 BE 02 00 00 30 08 00 00 C0 02 00 | success or wait | 559600351 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@e7a94c | success or wait | 559607674 |
Section loaded | Path: C:\WINDOWS\system32\ntdll.dll Access: query and read Type: commit Baseaddress: 8B0000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 559645457 |
Memory attributes changed | PID: 1052 Path: C:\WINDOWS\system32\svchost.exe Base: 7C90DF1E Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 559713395 |
Memory attributes changed | PID: 1052 Path: C:\WINDOWS\system32\svchost.exe Base: BB17110 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 559721765 |
Memory attributes changed | PID: 1052 Path: C:\WINDOWS\system32\svchost.exe Base: 7C90D2EE Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 559748848 |
File opened | Path: C:\WINDOWS\system32\ntdll.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: null | success or wait | 559784852 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@7f3159 | success or wait | 559801363 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 4 Value: D0 00 00 00 | success or wait | 559846795 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@80f252 | success or wait | 559857179 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 20 Value: 4C 01 04 00 7D F2 00 4D 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 559866872 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 D0 07 00 00 3C 03 00 00 00 00 00 F8 20 01 00 00 10 00 00 00 90 07 00 00 00 90 7C 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 0A 00 00 00 00 00 00 20 0B 00 00 04 00 00 30 FD 0A 00 03 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 34 00 00 | success or wait | 559898131 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1a4e5c0 | success or wait | 559905811 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 DA CE 07 00 00 10 00 00 00 D0 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 20 4A 00 00 00 E0 07 00 00 32 00 00 00 D4 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 78 BE 02 00 00 30 08 00 00 C0 02 00 | success or wait | 559917016 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@e7a94c | success or wait | 559922952 |
Section loaded | Path: C:\WINDOWS\system32\ntdll.dll Access: query and read Type: commit Baseaddress: 8B0000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 559930088 |
Memory attributes changed | PID: 1052 Path: C:\WINDOWS\system32\svchost.exe Base: 7C90D2EE Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 563853474 |
Memory attributes changed | PID: 1052 Path: C:\WINDOWS\system32\svchost.exe Base: BB02A80 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 563856325 |
Memory attributes changed | PID: 1052 Path: C:\WINDOWS\system32\svchost.exe Base: 7C90DB3E Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 563859432 |
File opened | Path: C:\WINDOWS\system32\ntdll.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: null | success or wait | 563896702 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@7f3159 | success or wait | 563961324 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 4 Value: D0 00 00 00 | success or wait | 563976960 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@80f252 | success or wait | 563983185 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 20 Value: 4C 01 04 00 7D F2 00 4D 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 563986347 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 D0 07 00 00 3C 03 00 00 00 00 00 F8 20 01 00 00 10 00 00 00 90 07 00 00 00 90 7C 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 0A 00 00 00 00 00 00 20 0B 00 00 04 00 00 30 FD 0A 00 03 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 34 00 00 | success or wait | 564030317 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1a4e5c0 | success or wait | 564044091 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 DA CE 07 00 00 10 00 00 00 D0 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 20 4A 00 00 00 E0 07 00 00 32 00 00 00 D4 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 78 BE 02 00 00 30 08 00 00 C0 02 00 | success or wait | 564058789 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@e7a94c | success or wait | 564069429 |
Section loaded | Path: C:\WINDOWS\system32\ntdll.dll Access: query and read Type: commit Baseaddress: 8B0000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 564073075 |
Memory attributes changed | PID: 1052 Path: C:\WINDOWS\system32\svchost.exe Base: 7C90DB3E Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 564184082 |
Memory attributes changed | PID: 1052 Path: C:\WINDOWS\system32\svchost.exe Base: BB169A8 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 564200635 |
Memory attributes changed | PID: 1052 Path: C:\WINDOWS\system32\svchost.exe Base: 7C91632D Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 564204795 |
File opened | Path: C:\WINDOWS\system32\ntdll.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: null | success or wait | 564265589 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@7f3159 | success or wait | 564272991 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 4 Value: D0 00 00 00 | success or wait | 564286685 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@80f252 | success or wait | 564289963 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 20 Value: 4C 01 04 00 7D F2 00 4D 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 564293634 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 D0 07 00 00 3C 03 00 00 00 00 00 F8 20 01 00 00 10 00 00 00 90 07 00 00 00 90 7C 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 0A 00 00 00 00 00 00 20 0B 00 00 04 00 00 30 FD 0A 00 03 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 34 00 00 | success or wait | 564297398 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1a4e5c0 | success or wait | 564302442 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 DA CE 07 00 00 10 00 00 00 D0 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 20 4A 00 00 00 E0 07 00 00 32 00 00 00 D4 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 78 BE 02 00 00 30 08 00 00 C0 02 00 | success or wait | 564306278 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@e7a94c | success or wait | 564319624 |
Section loaded | Path: C:\WINDOWS\system32\ntdll.dll Access: query and read Type: commit Baseaddress: 8B0000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 564325540 |
Memory attributes changed | PID: 1052 Path: C:\WINDOWS\system32\svchost.exe Base: 7C91632D Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 564571998 |
Memory attributes changed | PID: 1052 Path: C:\WINDOWS\system32\svchost.exe Base: BB031F0 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 564591426 |
Memory attributes changed | PID: 1052 Path: C:\WINDOWS\system32\svchost.exe Base: 7E418BF6 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 564674893 |
File opened | Path: C:\WINDOWS\system32\USER32.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: null | success or wait | 564715678 |
File other op | Path: C:\WINDOWS\system32\user32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@11bee48 | success or wait | 564744365 |
File read | Path: C:\WINDOWS\system32\user32.dll Offset: unknown Length: 4 Value: D8 00 00 00 | success or wait | 564753637 |
File other op | Path: C:\WINDOWS\system32\user32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@b8bda4 | success or wait | 564764583 |
File read | Path: C:\WINDOWS\system32\user32.dll Offset: unknown Length: 20 Value: 4C 01 04 00 1B A1 02 48 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 564775438 |
File read | Path: C:\WINDOWS\system32\user32.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 F4 05 00 00 E2 02 00 00 00 00 00 17 B2 00 00 00 10 00 00 00 B0 05 00 00 00 41 7E 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 00 00 00 00 00 00 00 10 09 00 00 04 00 00 76 FC 08 00 02 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 39 00 00 | success or wait | 564786686 |
File other op | Path: C:\WINDOWS\system32\user32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@aa5e75 | success or wait | 564795707 |
File read | Path: C:\WINDOWS\system32\user32.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 83 F2 05 00 00 10 00 00 00 F4 05 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 80 11 00 00 00 10 06 00 00 0C 00 00 00 F8 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 88 A0 02 00 00 30 06 00 00 A2 02 00 | success or wait | 564803766 |
File other op | Path: C:\WINDOWS\system32\user32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@11f5ff9 | success or wait | 564812096 |
Section loaded | Path: C:\WINDOWS\system32\user32.dll Access: query and read Type: commit Baseaddress: 8B0000 Size: 57344 Protection: readonly Mapped to pid: own pid | success or wait | 564840781 |
Memory attributes changed | PID: 1052 Path: C:\WINDOWS\system32\svchost.exe Base: 7E418BF6 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 565770746 |
Memory attributes changed | PID: 1052 Path: C:\WINDOWS\system32\svchost.exe Base: BB02140 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 565779453 |
File opened | Path: C:\skhfushjflw\config.bin Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: normal Content Overwritten: null | success or wait | 565786802 |
File read | Path: C:\skhfushjflw\config.bin Offset: unknown Length: 74019 Value: 50 5F A6 6E 46 82 4F 8B 57 93 A9 9E 12 94 50 94 50 94 50 94 50 94 65 A2 66 A2 68 AC 79 BD E4 97 C1 E3 88 2B 9D C5 E2 92 23 B3 04 C0 03 7C B1 2A B3 BE CE AD 37 FD 39 FD 3B 6B 1F 81 21 06 02 04 95 44 7B 58 4F 33 E4 CF A8 3F D4 7E 21 05 7D B3 67 3E 96 B1 22 34 C2 F2 16 A5 36 26 B2 39 84 48 E5 22 EE 43 | success or wait | 565808953 |
Memory attributes changed | PID: 1052 Path: C:\WINDOWS\system32\svchost.exe Base: 3D949088 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 565973273 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@d60225 | success or wait | 566050963 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 566059638 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@26d8e6 | success or wait | 566207254 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 566238790 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 566521490 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@6a1140 | success or wait | 566644037 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 566662808 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@192b12d | success or wait | 566673324 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: 8B0000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 566714597 |
Memory attributes changed | PID: 1052 Path: C:\WINDOWS\system32\svchost.exe Base: 3D949088 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 567779773 |
Memory attributes changed | PID: 1052 Path: C:\WINDOWS\system32\svchost.exe Base: BB17598 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 567789658 |
Memory attributes changed | PID: 1052 Path: C:\WINDOWS\system32\svchost.exe Base: 3D95EE89 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 567837542 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@d60225 | success or wait | 567920426 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 567931233 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@26d8e6 | success or wait | 568049281 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 568060934 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 568068896 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@6a1140 | success or wait | 568090411 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 568100229 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@192b12d | success or wait | 568120088 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: 8B0000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 568141871 |
Memory attributes changed | PID: 1052 Path: C:\WINDOWS\system32\svchost.exe Base: 3D95EE89 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 568365408 |
Memory attributes changed | PID: 1052 Path: C:\WINDOWS\system32\svchost.exe Base: BB16B68 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 568374507 |
Memory attributes changed | PID: 1052 Path: C:\WINDOWS\system32\svchost.exe Base: 3D94FABE Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 568621367 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@d60225 | success or wait | 568658324 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 568671373 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@26d8e6 | success or wait | 568688543 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 568701541 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 568711097 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@6a1140 | success or wait | 568755670 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 568767113 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@192b12d | success or wait | 568774901 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: 8B0000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 568784314 |
Memory attributes changed | PID: 1052 Path: C:\WINDOWS\system32\svchost.exe Base: 3D94FABE Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 568949911 |
Memory attributes changed | PID: 1052 Path: C:\WINDOWS\system32\svchost.exe Base: BAFC6D0 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 568995096 |
Memory attributes changed | PID: 1052 Path: C:\WINDOWS\system32\svchost.exe Base: 3D9A608E Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 569041073 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@d60225 | success or wait | 569184452 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 569193141 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@26d8e6 | success or wait | 569201867 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 569209804 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 569218145 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@6a1140 | success or wait | 569227307 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 569263732 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@192b12d | success or wait | 569271618 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: 8B0000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 569281446 |
Memory attributes changed | PID: 1052 Path: C:\WINDOWS\system32\svchost.exe Base: 3D9A608E Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 569446609 |
Memory attributes changed | PID: 1052 Path: C:\WINDOWS\system32\svchost.exe Base: BB05EA0 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 569608036 |
File opened | Path: C:\skhfushjflw\config.bin Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: normal Content Overwritten: null | success or wait | 569731355 |
File read | Path: C:\skhfushjflw\config.bin Offset: unknown Length: 74019 Value: 50 5F A6 6E 46 82 4F 8B 57 93 A9 9E 12 94 50 94 50 94 50 94 50 94 65 A2 66 A2 68 AC 79 BD E4 97 C1 E3 88 2B 9D C5 E2 92 23 B3 04 C0 03 7C B1 2A B3 BE CE AD 37 FD 39 FD 3B 6B 1F 81 21 06 02 04 95 44 7B 58 4F 33 E4 CF A8 3F D4 7E 21 05 7D B3 67 3E 96 B1 22 34 C2 F2 16 A5 36 26 B2 39 84 48 E5 22 EE 43 | success or wait | 569796612 |
Memory attributes changed | PID: 1052 Path: C:\WINDOWS\system32\svchost.exe Base: 3D94D508 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 570308579 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@d60225 | success or wait | 570404334 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 570416619 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@26d8e6 | success or wait | 570524847 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 570659489 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 570672406 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@6a1140 | success or wait | 570886234 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 570897524 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@192b12d | success or wait | 570905144 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: 8B0000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 571011916 |
Memory attributes changed | PID: 1052 Path: C:\WINDOWS\system32\svchost.exe Base: 3D94D508 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 571070361 |
Memory attributes changed | PID: 1052 Path: C:\WINDOWS\system32\svchost.exe Base: BB06620 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 571073917 |
Memory attributes changed | PID: 1052 Path: C:\WINDOWS\system32\svchost.exe Base: 3D94CF4E Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 571089238 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@d60225 | success or wait | 571115312 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 571118340 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@26d8e6 | success or wait | 571121058 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 571124177 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 571127718 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@6a1140 | success or wait | 571131284 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 571135014 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@192b12d | success or wait | 571141958 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: 8B0000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 571153896 |
Memory attributes changed | PID: 1052 Path: C:\WINDOWS\system32\svchost.exe Base: 3D94CF4E Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 571209501 |
Memory attributes changed | PID: 1052 Path: C:\WINDOWS\system32\svchost.exe Base: BB17758 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 571216476 |
Memory attributes changed | PID: 1052 Path: C:\WINDOWS\system32\svchost.exe Base: 3D94878D Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 571276045 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@d60225 | success or wait | 571896872 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 571902416 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@26d8e6 | success or wait | 571907470 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 571912194 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 571915959 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@6a1140 | success or wait | 571932500 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 571935452 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@192b12d | success or wait | 571974487 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: 8B0000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 571978713 |
Memory attributes changed | PID: 1052 Path: C:\WINDOWS\system32\svchost.exe Base: 3D94878D Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 572000216 |
Memory attributes changed | PID: 1052 Path: C:\WINDOWS\system32\svchost.exe Base: BB033B0 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 572015503 |
Memory attributes changed | PID: 1052 Path: C:\WINDOWS\system32\svchost.exe Base: 3D940049 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 572019050 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@d60225 | success or wait | 572082114 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 572085928 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@26d8e6 | success or wait | 572089989 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 572092749 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 572096943 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@6a1140 | success or wait | 572105246 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 572107580 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@192b12d | success or wait | 572110313 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: 8B0000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 572124732 |
Memory attributes changed | PID: 1052 Path: C:\WINDOWS\system32\svchost.exe Base: 3D940049 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 572189357 |
Memory attributes changed | PID: 1052 Path: C:\WINDOWS\system32\svchost.exe Base: BB17AA8 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 572191171 |
Memory attributes changed | PID: 1052 Path: C:\WINDOWS\system32\svchost.exe Base: 3D94BF83 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 572193959 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@d60225 | success or wait | 572206255 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 572211847 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@26d8e6 | success or wait | 572214332 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 572216624 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 572218663 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@6a1140 | success or wait | 572222107 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 572225171 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@192b12d | success or wait | 572227683 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: 8B0000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 572265421 |
Memory attributes changed | PID: 1052 Path: C:\WINDOWS\system32\svchost.exe Base: 3D94BF83 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 572622225 |
Memory attributes changed | PID: 1052 Path: C:\WINDOWS\system32\svchost.exe Base: BB02C30 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 572625424 |
Memory attributes changed | PID: 1052 Path: C:\WINDOWS\system32\svchost.exe Base: 3D94654B Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 572638791 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@d60225 | success or wait | 572691112 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 572696479 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@26d8e6 | success or wait | 572700166 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 572713448 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 572715728 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@6a1140 | success or wait | 572719156 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 572721553 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@192b12d | success or wait | 572723794 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: 8B0000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 572728576 |
Memory attributes changed | PID: 1052 Path: C:\WINDOWS\system32\svchost.exe Base: 3D94654B Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 573104516 |
Memory attributes changed | PID: 1052 Path: C:\WINDOWS\system32\svchost.exe Base: BB035C0 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 573107532 |
Memory attributes changed | PID: 1052 Path: C:\WINDOWS\system32\svchost.exe Base: 3D963381 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 573109767 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@d60225 | success or wait | 573133648 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 573136200 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@26d8e6 | success or wait | 573138399 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 573153830 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 573156170 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@6a1140 | success or wait | 573159773 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 573161982 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@192b12d | success or wait | 573164882 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: 8B0000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 573202579 |
Memory attributes changed | PID: 1052 Path: C:\WINDOWS\system32\svchost.exe Base: 3D963381 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 573221592 |
Memory attributes changed | PID: 1052 Path: C:\WINDOWS\system32\svchost.exe Base: BAFCB48 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 573259157 |
Memory attributes changed | PID: 1052 Path: C:\WINDOWS\system32\svchost.exe Base: 71AB4C27 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 573265320 |
File opened | Path: c:\windows\system32\WS2_32.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: null | success or wait | 573276881 |
File other op | Path: C:\WINDOWS\system32\ws2_32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1ae0436 | success or wait | 573278928 |
File read | Path: C:\WINDOWS\system32\ws2_32.dll Offset: unknown Length: 4 Value: F0 00 00 00 | success or wait | 573281215 |
File other op | Path: C:\WINDOWS\system32\ws2_32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@196a753 | success or wait | 573285556 |
File read | Path: C:\WINDOWS\system32\ws2_32.dll Offset: unknown Length: 20 Value: 4C 01 04 00 63 A1 02 48 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 573301958 |
File read | Path: C:\WINDOWS\system32\ws2_32.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 22 01 00 00 1C 00 00 00 00 00 00 73 12 00 00 00 10 00 00 00 20 01 00 00 00 AB 71 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 0A 00 00 00 00 00 00 70 01 00 00 04 00 00 20 F0 01 00 03 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 04 14 00 00 | success or wait | 573303948 |
File other op | Path: C:\WINDOWS\system32\ws2_32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1c36f46 | success or wait | 573307913 |
File read | Path: C:\WINDOWS\system32\ws2_32.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 53 21 01 00 00 10 00 00 00 22 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 14 09 00 00 00 40 01 00 00 0A 00 00 00 26 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 F8 03 00 00 00 50 01 00 00 04 00 00 | success or wait | 573310385 |
File other op | Path: C:\WINDOWS\system32\ws2_32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1be87a0 | success or wait | 573365050 |
Section loaded | Path: C:\WINDOWS\system32\ws2_32.dll Access: query and read Type: commit Baseaddress: 8B0000 Size: 20480 Protection: readonly Mapped to pid: own pid | success or wait | 573372733 |
Memory attributes changed | PID: 1052 Path: C:\WINDOWS\system32\svchost.exe Base: 71AB4C27 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 573424290 |
File opened | Path: C:\WINDOWS\system32\ADVAPI32.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: null | success or wait | 573479369 |
File other op | Path: C:\WINDOWS\system32\advapi32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1ba3c1f | success or wait | 573485401 |
File read | Path: C:\WINDOWS\system32\advapi32.dll Offset: unknown Length: 4 Value: F0 00 00 00 | success or wait | 573491151 |
File other op | Path: C:\WINDOWS\system32\advapi32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1c12050 | success or wait | 573500240 |
File read | Path: C:\WINDOWS\system32\advapi32.dll Offset: unknown Length: 20 Value: 4C 01 04 00 48 1D 90 49 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 573547791 |
File read | Path: C:\WINDOWS\system32\advapi32.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 46 07 00 00 3E 02 00 00 00 00 00 0B 71 00 00 00 10 00 00 00 20 07 00 00 00 DD 77 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 00 00 00 00 00 00 00 B0 09 00 00 04 00 00 B8 5B 0A 00 03 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 A4 16 00 00 | success or wait | 573553186 |
File other op | Path: C:\WINDOWS\system32\advapi32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@309239 | success or wait | 573559563 |
File read | Path: C:\WINDOWS\system32\advapi32.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 C9 45 07 00 00 10 00 00 00 46 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 28 46 00 00 00 60 07 00 00 2C 00 00 00 4A 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 80 A9 01 00 00 B0 07 00 00 AA 01 00 | success or wait | 573586123 |
File other op | Path: C:\WINDOWS\system32\advapi32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@cfe790 | success or wait | 573593186 |
Section loaded | Path: C:\WINDOWS\system32\advapi32.dll Access: query and read Type: commit Baseaddress: 8B0000 Size: 28672 Protection: readonly Mapped to pid: own pid | success or wait | 573601629 |
File opened | Path: C:\WINDOWS\system32\CRYPT32.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: null | success or wait | 574506321 |
File other op | Path: C:\WINDOWS\system32\crypt32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@16bc75c | success or wait | 574511432 |
File read | Path: C:\WINDOWS\system32\crypt32.dll Offset: unknown Length: 4 Value: F0 00 00 00 | success or wait | 574517429 |
File other op | Path: C:\WINDOWS\system32\crypt32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@ed8363 | success or wait | 574550019 |
File read | Path: C:\WINDOWS\system32\crypt32.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D7 A0 02 48 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 574564510 |
File read | Path: C:\WINDOWS\system32\crypt32.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 44 08 00 00 DC 00 00 00 00 00 00 32 16 00 00 00 10 00 00 00 20 08 00 00 00 A8 77 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 00 00 00 00 00 00 00 50 09 00 00 04 00 00 30 C5 09 00 02 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 9C 1A 00 00 | success or wait | 574569914 |
File other op | Path: C:\WINDOWS\system32\crypt32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@14d0e66 | success or wait | 574575335 |
File read | Path: C:\WINDOWS\system32\crypt32.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 C4 43 08 00 00 10 00 00 00 44 08 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 E8 23 00 00 00 60 08 00 00 24 00 00 00 48 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 50 67 00 00 00 90 08 00 00 68 00 00 | success or wait | 574580298 |
File other op | Path: C:\WINDOWS\system32\crypt32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1ec6c08 | success or wait | 574608274 |
Section loaded | Path: C:\WINDOWS\system32\crypt32.dll Access: query and read Type: commit Baseaddress: 8B0000 Size: 77824 Protection: readonly Mapped to pid: own pid | success or wait | 574616083 |
Mutant created | Name: \BaseNamedObjects\WTFGQ7AIWawyMYWWRAk3SWXkgj39MdG | access denied | 574773835 |
Thread created | PID: 1052 TID: 3856 EIP: 7C8106F9 Imagepath: C:\WINDOWS\system32\svchost.exe | success or wait | 574836902 |
Thread resumed | TID: 3856 PID: 1052 Path: C:\WINDOWS\system32\svchost.exe | success or wait | 574844785 |
File opened | Path: \pipe\globpluginspipe Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: none Content Overwritten: null | object name not found | 574849689 |
Thread created | PID: 1052 TID: 3904 EIP: 7C8106F9 Imagepath: C:\WINDOWS\system32\svchost.exe | success or wait | 574940411 |
Thread resumed | TID: 3904 PID: 1052 Path: C:\WINDOWS\system32\svchost.exe | success or wait | 574948739 |
Thread delayed | Time: 0 TID: 3904 | success or wait | 574951879 |
Thread delayed | Time: 0 TID: 3904 | success or wait | 576716533 |
Thread delayed | Time: 0 TID: 3904 | success or wait | 578410609 |
Thread delayed | Time: 0 TID: 3904 | success or wait | 580083920 |
Thread delayed | Time: 0 TID: 3904 | success or wait | 582417926 |
Thread delayed | Time: 0 TID: 3904 | success or wait | 583829303 |
Thread delayed | Time: 0 TID: 3904 | success or wait | 585036052 |
Thread delayed | Time: 0 TID: 3904 | success or wait | 586635699 |
Thread delayed | Time: 0 TID: 3904 | success or wait | 587746015 |
Thread delayed | Time: 0 TID: 3904 | success or wait | 588864954 |
Thread delayed | Time: 0 TID: 3904 | success or wait | 589983526 |
Thread delayed | Time: 0 TID: 3904 | success or wait | 591102192 |
Thread delayed | Time: 0 TID: 3904 | success or wait | 592220556 |
Thread delayed | Time: 0 TID: 3904 | success or wait | 593339077 |
Thread delayed | Time: 0 TID: 3904 | success or wait | 594646159 |
Thread delayed | Time: 0 TID: 3904 | success or wait | 596040247 |
Thread delayed | Time: 0 TID: 3904 | success or wait | 597143303 |
Thread delayed | Time: 0 TID: 3904 | success or wait | 598274137 |
Thread delayed | Time: 0 TID: 3904 | success or wait | 599577757 |
Thread delayed | Time: 0 TID: 3904 | success or wait | 600671944 |
Thread delayed | Time: 0 TID: 3904 | success or wait | 601793315 |
Thread delayed | Time: 0 TID: 3904 | success or wait | 602913965 |
Thread delayed | Time: 0 TID: 3904 | success or wait | 604210313 |
Thread delayed | Time: 0 TID: 3904 | success or wait | 605417488 |
Thread delayed | Time: 0 TID: 3904 | success or wait | 606486076 |
Thread delayed | Time: 0 TID: 3904 | success or wait | 607604282 |
Thread delayed | Time: 0 TID: 3904 | success or wait | 608743034 |
Thread delayed | Time: 0 TID: 3904 | success or wait | 609841492 |
Thread delayed | Time: 0 TID: 3904 | success or wait | 610957841 |
Thread delayed | Time: 0 TID: 3904 | success or wait | 612076281 |
Thread delayed | Time: 0 TID: 3904 | success or wait | 613195158 |
Thread delayed | Time: 0 TID: 3904 | success or wait | 614316335 |
Thread delayed | Time: 0 TID: 3904 | success or wait | 615432194 |
Thread delayed | Time: 0 TID: 3904 | success or wait | 616550794 |
Thread delayed | Time: 0 TID: 3904 | success or wait | 617672306 |
Thread delayed | Time: 0 TID: 3904 | success or wait | 618787967 |
Thread delayed | Time: 0 TID: 3904 | success or wait | 619913710 |
Thread delayed | Time: 0 TID: 3904 | success or wait | 621025160 |
Thread delayed | Time: 0 TID: 3904 | success or wait | 622144015 |
Thread delayed | Time: 0 TID: 3904 | success or wait | 623262400 |
Thread delayed | Time: 0 TID: 3904 | success or wait | 624383706 |
Thread delayed | Time: 0 TID: 3904 | success or wait | 625499624 |
Thread delayed | Time: 0 TID: 3904 | success or wait | 626620011 |
Thread delayed | Time: 0 TID: 3904 | success or wait | 627736867 |
Thread delayed | Time: 0 TID: 3904 | success or wait | 628859809 |
Thread delayed | Time: 0 TID: 3904 | success or wait | 629974781 |
Thread delayed | Time: 0 TID: 3904 | success or wait | 631092980 |
Thread delayed | Time: 0 TID: 3904 | success or wait | 632211237 |
Thread delayed | Time: 0 TID: 3904 | success or wait | 633329889 |
Thread delayed | Time: 0 TID: 3904 | success or wait | 634456330 |
Mutant created | Name: \BaseNamedObjects\ofjwkwufhdjfgki | access denied | 697685195 |
File read | Path: \globpluginspipe Offset: unknown Length: 4 Value: 41 0C 02 00 | success or wait | 697802035 |
File read | Path: \globpluginspipe Offset: unknown Length: 134209 Value: 67 6C 6F 62 70 6C 75 67 69 6E 73 00 04 00 00 00 72 73 74 5F 31 5F 31 00 00 0C 02 00 4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF 00 00 B8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 E8 00 00 00 0E 1F BA 0E 00 B4 09 CD | success or wait | 698010832 |
Memory allocated | PID: 1052 Path: C:\WINDOWS\system32\svchost.exe Base: 850000 Length: 97FF08 Allocation Type: unknown Protection: page execute and read and write | success or wait | 698361714 |
Memory allocated | PID: 1052 Path: C:\WINDOWS\system32\svchost.exe Base: 8B0000 Length: 97FE54 Allocation Type: unknown Protection: page read and write | success or wait | 698367184 |
Memory allocated | PID: 1052 Path: C:\WINDOWS\system32\svchost.exe Base: 8B0000 Length: 97FE58 Allocation Type: unknown Protection: page read and write | success or wait | 698368495 |
Memory allocated | PID: 1052 Path: C:\WINDOWS\system32\svchost.exe Base: 8B1000 Length: 97FB34 Allocation Type: unknown Protection: page read and write | success or wait | 698396129 |
Process information queried | PID: 1052 Info Class: Cookie | success or wait | 698471934 |
Process information queried | PID: 1052 Info Class: Cookie | success or wait | 698720410 |
Process information queried | PID: 1052 Info Class: Cookie | success or wait | 698729083 |
Process information queried | PID: 1052 Info Class: Cookie | success or wait | 698732714 |
Process information queried | PID: 1052 Info Class: Cookie | success or wait | 698734391 |
Process information queried | PID: 1052 Info Class: Cookie | success or wait | 698736899 |
Process information queried | PID: 1052 Info Class: Cookie | success or wait | 698738312 |
Process information queried | PID: 1052 Info Class: Cookie | success or wait | 698739584 |
Process information queried | PID: 1052 Info Class: Cookie | success or wait | 698740383 |
Process information queried | PID: 1052 Info Class: Cookie | success or wait | 698742973 |
Process information queried | PID: 1052 Info Class: Cookie | success or wait | 698743234 |
Process information queried | PID: 1052 Info Class: Cookie | success or wait | 698743446 |
Process information queried | PID: 1052 Info Class: Cookie | success or wait | 698743657 |
Process information queried | PID: 1052 Info Class: Cookie | success or wait | 698743867 |
Process information queried | PID: 1052 Info Class: Cookie | success or wait | 698744077 |
Process information queried | PID: 1052 Info Class: Cookie | success or wait | 698744303 |
Process information queried | PID: 1052 Info Class: Cookie | success or wait | 698744560 |
Process information queried | PID: 1052 Info Class: Cookie | success or wait | 698744937 |
Process information queried | PID: 1052 Info Class: Cookie | success or wait | 698745193 |
Process information queried | PID: 1052 Info Class: Cookie | success or wait | 698745406 |
Process information queried | PID: 1052 Info Class: Cookie | success or wait | 698745669 |
Process information queried | PID: 1052 Info Class: Cookie | success or wait | 698745912 |
Process information queried | PID: 1052 Info Class: Cookie | success or wait | 698746130 |
Process information queried | PID: 1052 Info Class: Cookie | success or wait | 698746385 |
Process information queried | PID: 1052 Info Class: Cookie | success or wait | 698746659 |
Process information queried | PID: 1052 Info Class: Cookie | success or wait | 698746917 |
Process information queried | PID: 1052 Info Class: Cookie | success or wait | 698747191 |
Process information queried | PID: 1052 Info Class: Cookie | success or wait | 698747449 |
Process information queried | PID: 1052 Info Class: Cookie | success or wait | 698747716 |
Process information queried | PID: 1052 Info Class: Cookie | success or wait | 698748004 |
Process information queried | PID: 1052 Info Class: Cookie | success or wait | 698748229 |
Process information queried | PID: 1052 Info Class: Cookie | success or wait | 698748453 |
Process information queried | PID: 1052 Info Class: Cookie | success or wait | 698748679 |
Process information queried | PID: 1052 Info Class: Cookie | success or wait | 698748927 |
Process information queried | PID: 1052 Info Class: Cookie | success or wait | 698749157 |
Process information queried | PID: 1052 Info Class: Cookie | success or wait | 698749418 |
Process information queried | PID: 1052 Info Class: Cookie | success or wait | 698749692 |
Process information queried | PID: 1052 Info Class: Cookie | success or wait | 698749967 |
Process information queried | PID: 1052 Info Class: Cookie | success or wait | 698750236 |
Process information queried | PID: 1052 Info Class: Cookie | success or wait | 698750505 |
Process information queried | PID: 1052 Info Class: Cookie | success or wait | 698750776 |
Process information queried | PID: 1052 Info Class: Cookie | success or wait | 698751046 |
Process information queried | PID: 1052 Info Class: Cookie | success or wait | 698751315 |
Process information queried | PID: 1052 Info Class: Cookie | success or wait | 698751584 |
Process information queried | PID: 1052 Info Class: Cookie | success or wait | 698751855 |
Process information queried | PID: 1052 Info Class: Cookie | success or wait | 698752125 |
Process information queried | PID: 1052 Info Class: Cookie | success or wait | 698752394 |
Process information queried | PID: 1052 Info Class: Cookie | success or wait | 698752662 |
Process information queried | PID: 1052 Info Class: Cookie | success or wait | 698752932 |
Process information queried | PID: 1052 Info Class: Cookie | success or wait | 698753204 |
Thread created | PID: 1052 TID: 2856 EIP: 7C8106F9 Imagepath: C:\WINDOWS\system32\svchost.exe | success or wait | 698843761 |
Thread resumed | TID: 2856 PID: 1052 Path: C:\WINDOWS\system32\svchost.exe | success or wait | 698845449 |
Thread created | PID: 1052 TID: 2864 EIP: 7C8106F9 Imagepath: C:\WINDOWS\system32\svchost.exe | success or wait | 698846107 |
Thread resumed | TID: 2864 PID: 1052 Path: C:\WINDOWS\system32\svchost.exe | success or wait | 698847283 |
Mutant created | Name: \BaseNamedObjects\ofjwkwufhdjfgki | access denied | 817791002 |
File read | Path: \globpluginspipe Offset: unknown Length: 4 Value: 41 0C 02 00 | success or wait | 817791957 |
File read | Path: \globpluginspipe Offset: unknown Length: 134209 Value: 67 6C 6F 62 70 6C 75 67 69 6E 73 00 04 00 00 00 72 73 74 5F 31 5F 31 00 00 0C 02 00 4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF 00 00 B8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 E8 00 00 00 0E 1F BA 0E 00 B4 09 CD | success or wait | 817811909 |
Sections | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
File Activities:
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Section Activities:
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Mutant Activities:
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Process Activities:
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Thread Activities:
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Memory Activities:
|
Chronological sections | |||
Operation | Data | Completion | Time |
Section loaded | Path: \KnownDlls\CRYPT32.dll Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 549318910 |
Section loaded | Path: C:\WINDOWS\system32\crypt32.dll Access: query and write and read and execute Type: image Baseaddress: 77A80000 Size: 610304 Protection: read write Mapped to pid: own pid | success or wait | 549322361 |
Section loaded | Path: \KnownDlls\MSASN1.dll Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 550526909 |
Section loaded | Path: C:\WINDOWS\system32\msasn1.dll Access: query and write and read and execute Type: image Baseaddress: 77B20000 Size: 73728 Protection: read write Mapped to pid: own pid | success or wait | 550557473 |
Section loaded | Path: \KnownDlls\WININET.dll Access: write and read and execute Type: unknown Baseaddress: 3D930000 Size: 942080 Protection: read write Mapped to pid: own pid | success or wait | 551770336 |
Section loaded | Path: \KnownDlls\Normaliz.dll Access: write and read and execute Type: unknown Baseaddress: A10000 Size: 36864 Protection: read write Mapped to pid: own pid | conflicting addresses | 553183854 |
Section loaded | Path: \KnownDlls\urlmon.dll Access: write and read and execute Type: unknown Baseaddress: 78130000 Size: 1257472 Protection: read write Mapped to pid: own pid | success or wait | 554575385 |
Section loaded | Path: \KnownDlls\iertutil.dll Access: write and read and execute Type: unknown Baseaddress: 3DFD0000 Size: 2002944 Protection: read write Mapped to pid: own pid | success or wait | 555460169 |
Memory attributes changed | PID: 1092 Path: C:\WINDOWS\system32\svchost.exe Base: 7C90D76E Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 558207948 |
File opened | Path: C:\WINDOWS\system32\ntdll.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: null | success or wait | 558225268 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1626c6d | success or wait | 558228282 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 4 Value: D0 00 00 00 | success or wait | 558238606 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@bc8690 | success or wait | 558240968 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 20 Value: 4C 01 04 00 7D F2 00 4D 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 558244201 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 D0 07 00 00 3C 03 00 00 00 00 00 F8 20 01 00 00 10 00 00 00 90 07 00 00 00 90 7C 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 0A 00 00 00 00 00 00 20 0B 00 00 04 00 00 30 FD 0A 00 03 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 34 00 00 | success or wait | 558246603 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1267610 | success or wait | 558249532 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 DA CE 07 00 00 10 00 00 00 D0 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 20 4A 00 00 00 E0 07 00 00 32 00 00 00 D4 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 78 BE 02 00 00 30 08 00 00 C0 02 00 | success or wait | 558252983 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@112c9f | success or wait | 558255610 |
Section loaded | Path: C:\WINDOWS\system32\ntdll.dll Access: query and read Type: commit Baseaddress: B80000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 558258037 |
Memory attributes changed | PID: 1092 Path: C:\WINDOWS\system32\svchost.exe Base: 7C90D76E Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 559605759 |
Memory attributes changed | PID: 1092 Path: C:\WINDOWS\system32\svchost.exe Base: BAFCD70 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 559640393 |
Memory attributes changed | PID: 1092 Path: C:\WINDOWS\system32\svchost.exe Base: 7C90DF1E Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 559648698 |
File opened | Path: C:\WINDOWS\system32\ntdll.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: null | success or wait | 559675558 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1626c6d | success or wait | 559682690 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 4 Value: D0 00 00 00 | success or wait | 559694934 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@bc8690 | success or wait | 559703053 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 20 Value: 4C 01 04 00 7D F2 00 4D 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 559714331 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 D0 07 00 00 3C 03 00 00 00 00 00 F8 20 01 00 00 10 00 00 00 90 07 00 00 00 90 7C 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 0A 00 00 00 00 00 00 20 0B 00 00 04 00 00 30 FD 0A 00 03 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 34 00 00 | success or wait | 559722505 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1267610 | success or wait | 559749588 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 DA CE 07 00 00 10 00 00 00 D0 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 20 4A 00 00 00 E0 07 00 00 32 00 00 00 D4 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 78 BE 02 00 00 30 08 00 00 C0 02 00 | success or wait | 559758625 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@112c9f | success or wait | 559777120 |
Section loaded | Path: C:\WINDOWS\system32\ntdll.dll Access: query and read Type: commit Baseaddress: B80000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 559787984 |
Memory attributes changed | PID: 1092 Path: C:\WINDOWS\system32\svchost.exe Base: 7C90DF1E Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 559918462 |
Memory attributes changed | PID: 1092 Path: C:\WINDOWS\system32\svchost.exe Base: BB17110 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 559924538 |
Memory attributes changed | PID: 1092 Path: C:\WINDOWS\system32\svchost.exe Base: 7C90D2EE Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 559932544 |
File opened | Path: C:\WINDOWS\system32\ntdll.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: null | success or wait | 563806403 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1626c6d | success or wait | 563837041 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 4 Value: D0 00 00 00 | success or wait | 563848089 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@bc8690 | success or wait | 563851376 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 20 Value: 4C 01 04 00 7D F2 00 4D 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 563853669 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 D0 07 00 00 3C 03 00 00 00 00 00 F8 20 01 00 00 10 00 00 00 90 07 00 00 00 90 7C 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 0A 00 00 00 00 00 00 20 0B 00 00 04 00 00 30 FD 0A 00 03 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 34 00 00 | success or wait | 563856976 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1267610 | success or wait | 563859946 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 DA CE 07 00 00 10 00 00 00 D0 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 20 4A 00 00 00 E0 07 00 00 32 00 00 00 D4 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 78 BE 02 00 00 30 08 00 00 C0 02 00 | success or wait | 563878562 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@112c9f | success or wait | 563884275 |
Section loaded | Path: C:\WINDOWS\system32\ntdll.dll Access: query and read Type: commit Baseaddress: B80000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 563898905 |
Memory attributes changed | PID: 1092 Path: C:\WINDOWS\system32\svchost.exe Base: 7C90D2EE Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 564059072 |
Memory attributes changed | PID: 1092 Path: C:\WINDOWS\system32\svchost.exe Base: BB02A80 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 564069632 |
Memory attributes changed | PID: 1092 Path: C:\WINDOWS\system32\svchost.exe Base: 7C90DB3E Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 564073328 |
File opened | Path: C:\WINDOWS\system32\ntdll.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: null | success or wait | 564149809 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1626c6d | success or wait | 564164093 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 4 Value: D0 00 00 00 | success or wait | 564167278 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@bc8690 | success or wait | 564181487 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 20 Value: 4C 01 04 00 7D F2 00 4D 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 564185773 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 D0 07 00 00 3C 03 00 00 00 00 00 F8 20 01 00 00 10 00 00 00 90 07 00 00 00 90 7C 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 0A 00 00 00 00 00 00 20 0B 00 00 04 00 00 30 FD 0A 00 03 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 34 00 00 | success or wait | 564201422 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1267610 | success or wait | 564205882 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 DA CE 07 00 00 10 00 00 00 D0 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 20 4A 00 00 00 E0 07 00 00 32 00 00 00 D4 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 78 BE 02 00 00 30 08 00 00 C0 02 00 | success or wait | 564209849 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@112c9f | success or wait | 564214687 |
Section loaded | Path: C:\WINDOWS\system32\ntdll.dll Access: query and read Type: commit Baseaddress: B80000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 564229345 |
Memory attributes changed | PID: 1092 Path: C:\WINDOWS\system32\svchost.exe Base: 7C90DB3E Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 564308194 |
Memory attributes changed | PID: 1092 Path: C:\WINDOWS\system32\svchost.exe Base: BB169A8 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 564322460 |
Memory attributes changed | PID: 1092 Path: C:\WINDOWS\system32\svchost.exe Base: 7C91632D Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 564348016 |
File opened | Path: C:\WINDOWS\system32\ntdll.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: null | success or wait | 564448603 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1626c6d | success or wait | 564495248 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 4 Value: D0 00 00 00 | success or wait | 564543569 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@bc8690 | success or wait | 564560874 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 20 Value: 4C 01 04 00 7D F2 00 4D 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 564582528 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 D0 07 00 00 3C 03 00 00 00 00 00 F8 20 01 00 00 10 00 00 00 90 07 00 00 00 90 7C 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 0A 00 00 00 00 00 00 20 0B 00 00 04 00 00 30 FD 0A 00 03 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 34 00 00 | success or wait | 564594964 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1267610 | success or wait | 564680383 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 DA CE 07 00 00 10 00 00 00 D0 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 20 4A 00 00 00 E0 07 00 00 32 00 00 00 D4 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 78 BE 02 00 00 30 08 00 00 C0 02 00 | success or wait | 564691492 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@112c9f | success or wait | 564701630 |
Section loaded | Path: C:\WINDOWS\system32\ntdll.dll Access: query and read Type: commit Baseaddress: B80000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 564717202 |
Memory attributes changed | PID: 1092 Path: C:\WINDOWS\system32\svchost.exe Base: 7C91632D Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 564802621 |
Memory attributes changed | PID: 1092 Path: C:\WINDOWS\system32\svchost.exe Base: BB031F0 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 564811268 |
Memory attributes changed | PID: 1092 Path: C:\WINDOWS\system32\svchost.exe Base: 7E418BF6 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 564839735 |
File opened | Path: C:\WINDOWS\system32\USER32.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: null | success or wait | 564889073 |
File other op | Path: C:\WINDOWS\system32\user32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1887dd5 | success or wait | 565735135 |
File read | Path: C:\WINDOWS\system32\user32.dll Offset: unknown Length: 4 Value: D8 00 00 00 | success or wait | 565752165 |
File other op | Path: C:\WINDOWS\system32\user32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1fd54c4 | success or wait | 565763678 |
File read | Path: C:\WINDOWS\system32\user32.dll Offset: unknown Length: 20 Value: 4C 01 04 00 1B A1 02 48 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 565772917 |
File read | Path: C:\WINDOWS\system32\user32.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 F4 05 00 00 E2 02 00 00 00 00 00 17 B2 00 00 00 10 00 00 00 B0 05 00 00 00 41 7E 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 00 00 00 00 00 00 00 10 09 00 00 04 00 00 76 FC 08 00 02 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 39 00 00 | success or wait | 565781075 |
File other op | Path: C:\WINDOWS\system32\user32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@c83cfd | success or wait | 565788747 |
File read | Path: C:\WINDOWS\system32\user32.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 83 F2 05 00 00 10 00 00 00 F4 05 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 80 11 00 00 00 10 06 00 00 0C 00 00 00 F8 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 88 A0 02 00 00 30 06 00 00 A2 02 00 | success or wait | 565801981 |
File other op | Path: C:\WINDOWS\system32\user32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1c232a | success or wait | 565810636 |
Section loaded | Path: C:\WINDOWS\system32\user32.dll Access: query and read Type: commit Baseaddress: B80000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 565921678 |
Memory attributes changed | PID: 1092 Path: C:\WINDOWS\system32\svchost.exe Base: 7E418BF6 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 566054239 |
Memory attributes changed | PID: 1092 Path: C:\WINDOWS\system32\svchost.exe Base: BB02140 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 566062455 |
File read | Path: C:\skhfushjflw\config.bin Offset: unknown Length: 74019 Value: 50 5F A6 6E 46 82 4F 8B 57 93 A9 9E 12 94 50 94 50 94 50 94 50 94 65 A2 66 A2 68 AC 79 BD E4 97 C1 E3 88 2B 9D C5 E2 92 23 B3 04 C0 03 7C B1 2A B3 BE CE AD 37 FD 39 FD 3B 6B 1F 81 21 06 02 04 95 44 7B 58 4F 33 E4 CF A8 3F D4 7E 21 05 7D B3 67 3E 96 B1 22 34 C2 F2 16 A5 36 26 B2 39 84 48 E5 22 EE 43 | success or wait | 566528109 |
Memory attributes changed | PID: 1092 Path: C:\WINDOWS\system32\svchost.exe Base: 3D949088 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 566759774 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: null | success or wait | 567739059 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@148ccb8 | success or wait | 567777223 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 567786294 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@785727 | success or wait | 567833680 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 567844960 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 567862057 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@a1e9b0 | success or wait | 567871486 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 567882604 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1f541ef | success or wait | 567926796 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: B80000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 568046826 |
Memory attributes changed | PID: 1092 Path: C:\WINDOWS\system32\svchost.exe Base: 3D949088 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 568146928 |
Memory attributes changed | PID: 1092 Path: C:\WINDOWS\system32\svchost.exe Base: BB17598 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 568160284 |
Memory attributes changed | PID: 1092 Path: C:\WINDOWS\system32\svchost.exe Base: 3D95EE89 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 568179152 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: null | success or wait | 568351674 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@148ccb8 | success or wait | 568365082 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 568373674 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@785727 | success or wait | 568619342 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 568628802 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 568636772 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@a1e9b0 | success or wait | 568647586 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 568657638 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1f541ef | success or wait | 568670573 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: B80000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 568685277 |
Memory attributes changed | PID: 1092 Path: C:\WINDOWS\system32\svchost.exe Base: 3D95EE89 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 568790160 |
Memory attributes changed | PID: 1092 Path: C:\WINDOWS\system32\svchost.exe Base: BB16B68 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 568800179 |
Memory attributes changed | PID: 1092 Path: C:\WINDOWS\system32\svchost.exe Base: 3D94FABE Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 568841771 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: null | success or wait | 568889263 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@148ccb8 | success or wait | 568943939 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 568952505 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@785727 | success or wait | 569014538 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 569043527 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 569157309 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@a1e9b0 | success or wait | 569167873 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 569177428 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1f541ef | success or wait | 569187797 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: B80000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 569195614 |
Memory attributes changed | PID: 1092 Path: C:\WINDOWS\system32\svchost.exe Base: 3D94FABE Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 569288097 |
Memory attributes changed | PID: 1092 Path: C:\WINDOWS\system32\svchost.exe Base: BAFC6D0 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 569298525 |
Memory attributes changed | PID: 1092 Path: C:\WINDOWS\system32\svchost.exe Base: 3D9A608E Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 569307276 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: null | success or wait | 569343917 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@148ccb8 | success or wait | 569446832 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 569609304 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@785727 | success or wait | 569734432 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 569787335 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 569798232 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@a1e9b0 | success or wait | 570236591 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 570248975 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1f541ef | success or wait | 570260141 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: B80000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 570269712 |
Memory attributes changed | PID: 1092 Path: C:\WINDOWS\system32\svchost.exe Base: 3D9A608E Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 570411109 |
Memory attributes changed | PID: 1092 Path: C:\WINDOWS\system32\svchost.exe Base: BB05EA0 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 570419965 |
File read | Path: C:\skhfushjflw\config.bin Offset: unknown Length: 74019 Value: 50 5F A6 6E 46 82 4F 8B 57 93 A9 9E 12 94 50 94 50 94 50 94 50 94 65 A2 66 A2 68 AC 79 BD E4 97 C1 E3 88 2B 9D C5 E2 92 23 B3 04 C0 03 7C B1 2A B3 BE CE AD 37 FD 39 FD 3B 6B 1F 81 21 06 02 04 95 44 7B 58 4F 33 E4 CF A8 3F D4 7E 21 05 7D B3 67 3E 96 B1 22 34 C2 F2 16 A5 36 26 B2 39 84 48 E5 22 EE 43 | success or wait | 570674467 |
Memory attributes changed | PID: 1092 Path: C:\WINDOWS\system32\svchost.exe Base: 3D94D508 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 571062509 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: null | success or wait | 571074619 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@148ccb8 | success or wait | 571089030 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 571102902 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@785727 | success or wait | 571107129 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 571110367 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 571114514 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@a1e9b0 | success or wait | 571117674 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 571120709 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1f541ef | success or wait | 571123716 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: B80000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 571127174 |
Memory attributes changed | PID: 1092 Path: C:\WINDOWS\system32\svchost.exe Base: 3D94D508 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 571178095 |
Memory attributes changed | PID: 1092 Path: C:\WINDOWS\system32\svchost.exe Base: BB06620 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 571185663 |
Memory attributes changed | PID: 1092 Path: C:\WINDOWS\system32\svchost.exe Base: 3D94CF4E Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 571193782 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: null | success or wait | 571216735 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@148ccb8 | success or wait | 571274869 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 571286925 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@785727 | success or wait | 571882891 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 571891400 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 571896805 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@a1e9b0 | success or wait | 571902772 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 571907338 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1f541ef | success or wait | 571911928 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: B80000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 571916215 |
Memory attributes changed | PID: 1092 Path: C:\WINDOWS\system32\svchost.exe Base: 3D94CF4E Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 571988053 |
Memory attributes changed | PID: 1092 Path: C:\WINDOWS\system32\svchost.exe Base: BB17758 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 571990649 |
Memory attributes changed | PID: 1092 Path: C:\WINDOWS\system32\svchost.exe Base: 3D94878D Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 571994275 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: null | success or wait | 572015598 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@148ccb8 | success or wait | 572018845 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 572059327 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@785727 | success or wait | 572076524 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 572079251 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 572081883 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@a1e9b0 | success or wait | 572085774 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 572088467 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1f541ef | success or wait | 572091700 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: B80000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 572096439 |
Memory attributes changed | PID: 1092 Path: C:\WINDOWS\system32\svchost.exe Base: 3D94878D Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 572131875 |
Memory attributes changed | PID: 1092 Path: C:\WINDOWS\system32\svchost.exe Base: BB033B0 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 572144652 |
Memory attributes changed | PID: 1092 Path: C:\WINDOWS\system32\svchost.exe Base: 3D940049 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 572147939 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: null | success or wait | 572191648 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@148ccb8 | success or wait | 572193814 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 572196485 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@785727 | success or wait | 572199607 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 572202065 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 572206032 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@a1e9b0 | success or wait | 572211695 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 572213985 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1f541ef | success or wait | 572216142 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: B80000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 572219676 |
Memory attributes changed | PID: 1092 Path: C:\WINDOWS\system32\svchost.exe Base: 3D940049 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 572296856 |
Memory attributes changed | PID: 1092 Path: C:\WINDOWS\system32\svchost.exe Base: BB17AA8 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 572334223 |
Memory attributes changed | PID: 1092 Path: C:\WINDOWS\system32\svchost.exe Base: 3D94BF83 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 572617923 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: null | success or wait | 572626372 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@148ccb8 | success or wait | 572638069 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 572676256 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@785727 | success or wait | 572679733 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 572683755 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 572690541 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@a1e9b0 | success or wait | 572696091 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 572698860 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1f541ef | success or wait | 572701669 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: B80000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 572714479 |
Memory attributes changed | PID: 1092 Path: C:\WINDOWS\system32\svchost.exe Base: 3D94BF83 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 573054902 |
Memory attributes changed | PID: 1092 Path: C:\WINDOWS\system32\svchost.exe Base: BB02C30 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 573058668 |
Memory attributes changed | PID: 1092 Path: C:\WINDOWS\system32\svchost.exe Base: 3D94654B Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 573096602 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: null | success or wait | 573104698 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@148ccb8 | success or wait | 573107664 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 573110093 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@785727 | success or wait | 573112632 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 573128513 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 573130975 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@a1e9b0 | success or wait | 573133715 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 573136259 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1f541ef | success or wait | 573138466 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: B80000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 573153922 |
Memory attributes changed | PID: 1092 Path: C:\WINDOWS\system32\svchost.exe Base: 3D94654B Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 573209209 |
Memory attributes changed | PID: 1092 Path: C:\WINDOWS\system32\svchost.exe Base: BB035C0 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 573213584 |
Memory attributes changed | PID: 1092 Path: C:\WINDOWS\system32\svchost.exe Base: 3D963381 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 573216172 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: null | success or wait | 573260197 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@148ccb8 | success or wait | 573268800 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 573272085 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@785727 | success or wait | 573275188 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 573278852 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 573281133 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@a1e9b0 | success or wait | 573285321 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 573302032 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1f541ef | success or wait | 573304011 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: B80000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 573305862 |
Memory attributes changed | PID: 1092 Path: C:\WINDOWS\system32\svchost.exe Base: 3D963381 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 573399829 |
Memory attributes changed | PID: 1092 Path: C:\WINDOWS\system32\svchost.exe Base: BAFCB48 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 573406012 |
Memory attributes changed | PID: 1092 Path: C:\WINDOWS\system32\svchost.exe Base: 71AB4C27 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 573413383 |
File opened | Path: c:\windows\system32\WS2_32.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 573432943 |
File other op | Path: C:\WINDOWS\system32\ws2_32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@bbef70 | success or wait | 573442817 |
File read | Path: C:\WINDOWS\system32\ws2_32.dll Offset: unknown Length: 4 Value: F0 00 00 00 | success or wait | 573469960 |
File other op | Path: C:\WINDOWS\system32\ws2_32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@64a584 | success or wait | 573476565 |
File read | Path: C:\WINDOWS\system32\ws2_32.dll Offset: unknown Length: 20 Value: 4C 01 04 00 63 A1 02 48 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 573482916 |
File read | Path: C:\WINDOWS\system32\ws2_32.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 22 01 00 00 1C 00 00 00 00 00 00 73 12 00 00 00 10 00 00 00 20 01 00 00 00 AB 71 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 0A 00 00 00 00 00 00 70 01 00 00 04 00 00 20 F0 01 00 03 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 04 14 00 00 | success or wait | 573489018 |
File other op | Path: C:\WINDOWS\system32\ws2_32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1ae8bac | success or wait | 573495222 |
File read | Path: C:\WINDOWS\system32\ws2_32.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 53 21 01 00 00 10 00 00 00 22 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 14 09 00 00 00 40 01 00 00 0A 00 00 00 26 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 F8 03 00 00 00 50 01 00 00 04 00 00 | success or wait | 573541885 |
File other op | Path: C:\WINDOWS\system32\ws2_32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@53d34c | success or wait | 573550173 |
Section loaded | Path: C:\WINDOWS\system32\ws2_32.dll Access: query and read Type: commit Baseaddress: B80000 Size: 20480 Protection: readonly Mapped to pid: own pid | success or wait | 573557323 |
Memory attributes changed | PID: 1092 Path: C:\WINDOWS\system32\svchost.exe Base: 71AB4C27 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 573624649 |
File opened | Path: C:\WINDOWS\system32\ADVAPI32.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 574478776 |
File other op | Path: C:\WINDOWS\system32\advapi32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1553743 | success or wait | 574488164 |
File read | Path: C:\WINDOWS\system32\advapi32.dll Offset: unknown Length: 4 Value: F0 00 00 00 | success or wait | 574493904 |
File other op | Path: C:\WINDOWS\system32\advapi32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@19f1bac | success or wait | 574502619 |
File read | Path: C:\WINDOWS\system32\advapi32.dll Offset: unknown Length: 20 Value: 4C 01 04 00 48 1D 90 49 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 574509057 |
File read | Path: C:\WINDOWS\system32\advapi32.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 46 07 00 00 3E 02 00 00 00 00 00 0B 71 00 00 00 10 00 00 00 20 07 00 00 00 DD 77 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 00 00 00 00 00 00 00 B0 09 00 00 04 00 00 B8 5B 0A 00 03 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 A4 16 00 00 | success or wait | 574515129 |
File other op | Path: C:\WINDOWS\system32\advapi32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@d1e832 | success or wait | 574520774 |
File read | Path: C:\WINDOWS\system32\advapi32.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 C9 45 07 00 00 10 00 00 00 46 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 28 46 00 00 00 60 07 00 00 2C 00 00 00 4A 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 80 A9 01 00 00 B0 07 00 00 AA 01 00 | success or wait | 574551491 |
File other op | Path: C:\WINDOWS\system32\advapi32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@e34094 | success or wait | 574565313 |
Section loaded | Path: C:\WINDOWS\system32\advapi32.dll Access: query and read Type: commit Baseaddress: B80000 Size: 28672 Protection: readonly Mapped to pid: own pid | success or wait | 574571198 |
File other op | Path: C:\WINDOWS\system32\crypt32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1a4d2c0 | success or wait | 574806205 |
File read | Path: C:\WINDOWS\system32\crypt32.dll Offset: unknown Length: 4 Value: F0 00 00 00 | success or wait | 574813235 |
File other op | Path: C:\WINDOWS\system32\crypt32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@84a74 | success or wait | 574832354 |
File read | Path: C:\WINDOWS\system32\crypt32.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D7 A0 02 48 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 574838063 |
File read | Path: C:\WINDOWS\system32\crypt32.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 44 08 00 00 DC 00 00 00 00 00 00 32 16 00 00 00 10 00 00 00 20 08 00 00 00 A8 77 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 00 00 00 00 00 00 00 50 09 00 00 04 00 00 30 C5 09 00 02 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 9C 1A 00 00 | success or wait | 574843551 |
File other op | Path: C:\WINDOWS\system32\crypt32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@501e4e | success or wait | 574850732 |
File read | Path: C:\WINDOWS\system32\crypt32.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 C4 43 08 00 00 10 00 00 00 44 08 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 E8 23 00 00 00 60 08 00 00 24 00 00 00 48 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 50 67 00 00 00 90 08 00 00 68 00 00 | success or wait | 574897159 |
File other op | Path: C:\WINDOWS\system32\crypt32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1f5cc7d | success or wait | 574906146 |
Section loaded | Path: C:\WINDOWS\system32\crypt32.dll Access: query and read Type: commit Baseaddress: B80000 Size: 77824 Protection: readonly Mapped to pid: own pid | success or wait | 574912513 |
Mutant created | Name: \BaseNamedObjects\WTFGQ7AIWawyMYWWRAk3SWXkgj39MdG | access denied | 574988887 |
Thread created | PID: 1092 TID: 3912 EIP: 7C8106F9 Imagepath: C:\WINDOWS\system32\svchost.exe | success or wait | 575009557 |
Thread resumed | TID: 3912 PID: 1092 Path: C:\WINDOWS\system32\svchost.exe | success or wait | 575015535 |
File opened | Path: \pipe\globpluginspipe Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: none Content Overwritten: true | object name not found | 575024251 |
Thread created | PID: 1092 TID: 3932 EIP: 7C8106F9 Imagepath: C:\WINDOWS\system32\svchost.exe | success or wait | 575065064 |
Thread resumed | TID: 3932 PID: 1092 Path: C:\WINDOWS\system32\svchost.exe | success or wait | 575074353 |
Thread delayed | Time: 0 TID: 3932 | success or wait | 575077607 |
Thread delayed | Time: 0 TID: 3932 | success or wait | 576717032 |
Thread delayed | Time: 0 TID: 3932 | success or wait | 578410909 |
Thread delayed | Time: 0 TID: 3932 | success or wait | 580084214 |
Thread delayed | Time: 0 TID: 3932 | success or wait | 582418222 |
Thread delayed | Time: 0 TID: 3932 | success or wait | 583829598 |
Thread delayed | Time: 0 TID: 3932 | success or wait | 585036347 |
Thread delayed | Time: 0 TID: 3932 | success or wait | 586635828 |
Thread delayed | Time: 0 TID: 3932 | success or wait | 587746237 |
Thread delayed | Time: 0 TID: 3932 | success or wait | 588865498 |
Thread delayed | Time: 0 TID: 3932 | success or wait | 589984082 |
Thread delayed | Time: 0 TID: 3932 | success or wait | 591102768 |
Thread delayed | Time: 0 TID: 3932 | success or wait | 592221127 |
Thread delayed | Time: 0 TID: 3932 | success or wait | 593339660 |
Thread delayed | Time: 0 TID: 3932 | success or wait | 594646456 |
Thread delayed | Time: 0 TID: 3932 | success or wait | 596040543 |
Thread delayed | Time: 0 TID: 3932 | success or wait | 597143411 |
Thread delayed | Time: 0 TID: 3932 | success or wait | 598274241 |
Thread delayed | Time: 0 TID: 3932 | success or wait | 599577864 |
Thread delayed | Time: 0 TID: 3932 | success or wait | 600672089 |
Thread delayed | Time: 0 TID: 3932 | success or wait | 601793481 |
Thread delayed | Time: 0 TID: 3932 | success or wait | 602914130 |
Thread delayed | Time: 0 TID: 3932 | success or wait | 604210420 |
Thread delayed | Time: 0 TID: 3932 | success or wait | 605417591 |
Thread delayed | Time: 0 TID: 3932 | success or wait | 606486372 |
Thread delayed | Time: 0 TID: 3932 | success or wait | 607604546 |
Thread delayed | Time: 0 TID: 3932 | success or wait | 608743333 |
Thread delayed | Time: 0 TID: 3932 | success or wait | 609841687 |
Thread delayed | Time: 0 TID: 3932 | success or wait | 610958033 |
Thread delayed | Time: 0 TID: 3932 | success or wait | 612076788 |
Thread delayed | Time: 0 TID: 3932 | success or wait | 613195722 |
Thread delayed | Time: 0 TID: 3932 | success or wait | 614316876 |
Thread delayed | Time: 0 TID: 3932 | success or wait | 615432757 |
Thread delayed | Time: 0 TID: 3932 | success or wait | 616551334 |
Thread delayed | Time: 0 TID: 3932 | success or wait | 617672931 |
Thread delayed | Time: 0 TID: 3932 | success or wait | 618788531 |
Thread delayed | Time: 0 TID: 3932 | success or wait | 619914591 |
Thread delayed | Time: 0 TID: 3932 | success or wait | 621025699 |
Thread delayed | Time: 0 TID: 3932 | success or wait | 622144613 |
Thread delayed | Time: 0 TID: 3932 | success or wait | 623262939 |
Thread delayed | Time: 0 TID: 3932 | success or wait | 624384244 |
Thread delayed | Time: 0 TID: 3932 | success or wait | 625500167 |
Thread delayed | Time: 0 TID: 3932 | success or wait | 626620985 |
Thread delayed | Time: 0 TID: 3932 | success or wait | 627737429 |
Thread delayed | Time: 0 TID: 3932 | success or wait | 628860347 |
Thread delayed | Time: 0 TID: 3932 | success or wait | 629975325 |
Thread delayed | Time: 0 TID: 3932 | success or wait | 631093518 |
Thread delayed | Time: 0 TID: 3932 | success or wait | 632211774 |
Thread delayed | Time: 0 TID: 3932 | success or wait | 633330435 |
Thread delayed | Time: 0 TID: 3932 | success or wait | 634457424 |
Mutant created | Name: \BaseNamedObjects\ofjwkwufhdjfgki | access denied | 697685581 |
File opened | Path: \pipe\globpluginspipe Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: none Content Overwritten: true | pipe not available | 697751186 |
File opened | Path: \pipe\globpluginspipe Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: none Content Overwritten: true | pipe not available | 697894210 |
File read | Path: \globpluginspipe Offset: unknown Length: 4 Value: 41 0C 02 00 | success or wait | 698394880 |
File read | Path: \globpluginspipe Offset: unknown Length: 134209 Value: 67 6C 6F 62 70 6C 75 67 69 6E 73 00 04 00 00 00 72 73 74 5F 31 5F 31 00 00 0C 02 00 4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF 00 00 B8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 E8 00 00 00 0E 1F BA 0E 00 B4 09 CD | success or wait | 698983065 |
Memory allocated | PID: 1092 Path: C:\WINDOWS\system32\svchost.exe Base: 990000 Length: BFFF08 Allocation Type: unknown Protection: page execute and read and write | success or wait | 699053865 |
Memory allocated | PID: 1092 Path: C:\WINDOWS\system32\svchost.exe Base: B80000 Length: BFFE54 Allocation Type: unknown Protection: page read and write | success or wait | 699061835 |
Memory allocated | PID: 1092 Path: C:\WINDOWS\system32\svchost.exe Base: B80000 Length: BFFE58 Allocation Type: unknown Protection: page read and write | success or wait | 699063778 |
Memory allocated | PID: 1092 Path: C:\WINDOWS\system32\svchost.exe Base: B81000 Length: BFFB34 Allocation Type: unknown Protection: page read and write | success or wait | 699064617 |
Process information queried | PID: 1092 Info Class: Cookie | success or wait | 699066249 |
Process information queried | PID: 1092 Info Class: Cookie | success or wait | 699069694 |
Process information queried | PID: 1092 Info Class: Cookie | success or wait | 699070612 |
Process information queried | PID: 1092 Info Class: Cookie | success or wait | 699071825 |
Process information queried | PID: 1092 Info Class: Cookie | success or wait | 699072438 |
Process information queried | PID: 1092 Info Class: Cookie | success or wait | 699074118 |
Process information queried | PID: 1092 Info Class: Cookie | success or wait | 699075803 |
Process information queried | PID: 1092 Info Class: Cookie | success or wait | 699076485 |
Process information queried | PID: 1092 Info Class: Cookie | success or wait | 699096286 |
Process information queried | PID: 1092 Info Class: Cookie | success or wait | 699120302 |
Process information queried | PID: 1092 Info Class: Cookie | success or wait | 699120397 |
Process information queried | PID: 1092 Info Class: Cookie | success or wait | 699120490 |
Process information queried | PID: 1092 Info Class: Cookie | success or wait | 699120582 |
Process information queried | PID: 1092 Info Class: Cookie | success or wait | 699120675 |
Process information queried | PID: 1092 Info Class: Cookie | success or wait | 699120767 |
Process information queried | PID: 1092 Info Class: Cookie | success or wait | 699120860 |
Process information queried | PID: 1092 Info Class: Cookie | success or wait | 699120952 |
Process information queried | PID: 1092 Info Class: Cookie | success or wait | 699121044 |
Process information queried | PID: 1092 Info Class: Cookie | success or wait | 699121137 |
Process information queried | PID: 1092 Info Class: Cookie | success or wait | 699121233 |
Process information queried | PID: 1092 Info Class: Cookie | success or wait | 699121371 |
Process information queried | PID: 1092 Info Class: Cookie | success or wait | 699121470 |
Process information queried | PID: 1092 Info Class: Cookie | success or wait | 699121570 |
Process information queried | PID: 1092 Info Class: Cookie | success or wait | 699121668 |
Process information queried | PID: 1092 Info Class: Cookie | success or wait | 699121794 |
Process information queried | PID: 1092 Info Class: Cookie | success or wait | 699121898 |
Process information queried | PID: 1092 Info Class: Cookie | success or wait | 699122001 |
Process information queried | PID: 1092 Info Class: Cookie | success or wait | 699122105 |
Process information queried | PID: 1092 Info Class: Cookie | success or wait | 699122213 |
Process information queried | PID: 1092 Info Class: Cookie | success or wait | 699122317 |
Process information queried | PID: 1092 Info Class: Cookie | success or wait | 699122420 |
Process information queried | PID: 1092 Info Class: Cookie | success or wait | 699122524 |
Process information queried | PID: 1092 Info Class: Cookie | success or wait | 699122629 |
Process information queried | PID: 1092 Info Class: Cookie | success or wait | 699122733 |
Process information queried | PID: 1092 Info Class: Cookie | success or wait | 699122837 |
Process information queried | PID: 1092 Info Class: Cookie | success or wait | 699122940 |
Process information queried | PID: 1092 Info Class: Cookie | success or wait | 699123045 |
Process information queried | PID: 1092 Info Class: Cookie | success or wait | 699123148 |
Process information queried | PID: 1092 Info Class: Cookie | success or wait | 699123251 |
Process information queried | PID: 1092 Info Class: Cookie | success or wait | 699123354 |
Process information queried | PID: 1092 Info Class: Cookie | success or wait | 699123459 |
Process information queried | PID: 1092 Info Class: Cookie | success or wait | 699123563 |
Process information queried | PID: 1092 Info Class: Cookie | success or wait | 699123667 |
Process information queried | PID: 1092 Info Class: Cookie | success or wait | 699123770 |
Process information queried | PID: 1092 Info Class: Cookie | success or wait | 699123874 |
Process information queried | PID: 1092 Info Class: Cookie | success or wait | 699123978 |
Process information queried | PID: 1092 Info Class: Cookie | success or wait | 699124082 |
Process information queried | PID: 1092 Info Class: Cookie | success or wait | 699124185 |
Process information queried | PID: 1092 Info Class: Cookie | success or wait | 699124289 |
Process information queried | PID: 1092 Info Class: Cookie | success or wait | 699124394 |
Thread created | PID: 1092 TID: 3064 EIP: 7C8106F9 Imagepath: C:\WINDOWS\system32\svchost.exe | success or wait | 699158939 |
Thread resumed | TID: 3064 PID: 1092 Path: C:\WINDOWS\system32\svchost.exe | success or wait | 699159219 |
Thread created | PID: 1092 TID: 3068 EIP: 7C8106F9 Imagepath: C:\WINDOWS\system32\svchost.exe | success or wait | 699159835 |
Thread resumed | TID: 3068 PID: 1092 Path: C:\WINDOWS\system32\svchost.exe | success or wait | 699160076 |
Mutant created | Name: \BaseNamedObjects\ofjwkwufhdjfgki | access denied | 817794291 |
File opened | Path: \pipe\globpluginspipe Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: none Content Overwritten: true | pipe not available | 817794837 |
File opened | Path: \pipe\globpluginspipe Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: none Content Overwritten: true | pipe not available | 817807333 |
File read | Path: \globpluginspipe Offset: unknown Length: 4 Value: 41 0C 02 00 | success or wait | 819598888 |
File read | Path: \globpluginspipe Offset: unknown Length: 134209 Value: 67 6C 6F 62 70 6C 75 67 69 6E 73 00 04 00 00 00 72 73 74 5F 31 5F 31 00 00 0C 02 00 4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF 00 00 B8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 E8 00 00 00 0E 1F BA 0E 00 B4 09 CD | success or wait | 820768236 |
Sections | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
File Activities:
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Section Activities:
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Mutant Activities:
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Process Activities:
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Thread Activities:
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Memory Activities:
|
Chronological sections | |||
Operation | Data | Completion | Time |
Section loaded | Path: \KnownDlls\WININET.dll Access: write and read and execute Type: unknown Baseaddress: 3D930000 Size: 942080 Protection: read write Mapped to pid: own pid | success or wait | 550522934 |
Section loaded | Path: \KnownDlls\Normaliz.dll Access: write and read and execute Type: unknown Baseaddress: 9F0000 Size: 36864 Protection: read write Mapped to pid: own pid | conflicting addresses | 550631034 |
Section loaded | Path: \KnownDlls\urlmon.dll Access: write and read and execute Type: unknown Baseaddress: 78130000 Size: 1257472 Protection: read write Mapped to pid: own pid | success or wait | 553182713 |
Section loaded | Path: \KnownDlls\iertutil.dll Access: write and read and execute Type: unknown Baseaddress: 3DFD0000 Size: 2002944 Protection: read write Mapped to pid: own pid | success or wait | 554584810 |
Memory attributes changed | PID: 1412 Path: C:\WINDOWS\system32\spoolsv.exe Base: 7C90D76E Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 558167501 |
File opened | Path: C:\WINDOWS\system32\ntdll.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 558194913 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@e5590e | success or wait | 558208729 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 4 Value: D0 00 00 00 | success or wait | 558213081 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@139ca7e | success or wait | 558216636 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 20 Value: 4C 01 04 00 7D F2 00 4D 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 558226625 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 D0 07 00 00 3C 03 00 00 00 00 00 F8 20 01 00 00 10 00 00 00 90 07 00 00 00 90 7C 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 0A 00 00 00 00 00 00 20 0B 00 00 04 00 00 30 FD 0A 00 03 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 34 00 00 | success or wait | 558229078 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@11d5566 | success or wait | 558240113 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 DA CE 07 00 00 10 00 00 00 D0 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 20 4A 00 00 00 E0 07 00 00 32 00 00 00 D4 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 78 BE 02 00 00 30 08 00 00 C0 02 00 | success or wait | 558242801 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@d1a34a | success or wait | 558245268 |
Section loaded | Path: C:\WINDOWS\system32\ntdll.dll Access: query and read Type: commit Baseaddress: A20000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 558249427 |
Memory attributes changed | PID: 1412 Path: C:\WINDOWS\system32\spoolsv.exe Base: 7C90D76E Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 559535840 |
Memory attributes changed | PID: 1412 Path: C:\WINDOWS\system32\spoolsv.exe Base: BAFCD70 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 559566406 |
Memory attributes changed | PID: 1412 Path: C:\WINDOWS\system32\spoolsv.exe Base: 7C90DF1E Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 559579681 |
File opened | Path: C:\WINDOWS\system32\ntdll.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 559647535 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@e5590e | success or wait | 559653870 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 4 Value: D0 00 00 00 | success or wait | 559663262 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@139ca7e | success or wait | 559673542 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 20 Value: 4C 01 04 00 7D F2 00 4D 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 559680749 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 D0 07 00 00 3C 03 00 00 00 00 00 F8 20 01 00 00 10 00 00 00 90 07 00 00 00 90 7C 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 0A 00 00 00 00 00 00 20 0B 00 00 04 00 00 30 FD 0A 00 03 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 34 00 00 | success or wait | 559692854 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@11d5566 | success or wait | 559701642 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 DA CE 07 00 00 10 00 00 00 D0 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 20 4A 00 00 00 E0 07 00 00 32 00 00 00 D4 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 78 BE 02 00 00 30 08 00 00 C0 02 00 | success or wait | 559712763 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@d1a34a | success or wait | 559720698 |
Section loaded | Path: C:\WINDOWS\system32\ntdll.dll Access: query and read Type: commit Baseaddress: A20000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 559747719 |
Memory attributes changed | PID: 1412 Path: C:\WINDOWS\system32\spoolsv.exe Base: 7C90DF1E Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 559867327 |
Memory attributes changed | PID: 1412 Path: C:\WINDOWS\system32\spoolsv.exe Base: BB17110 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 559898642 |
Memory attributes changed | PID: 1412 Path: C:\WINDOWS\system32\spoolsv.exe Base: 7C90D2EE Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 559909509 |
File opened | Path: C:\WINDOWS\system32\ntdll.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 559932772 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@e5590e | success or wait | 563795946 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 4 Value: D0 00 00 00 | success or wait | 563801968 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@139ca7e | success or wait | 563805456 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 20 Value: 4C 01 04 00 7D F2 00 4D 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 563835934 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 D0 07 00 00 3C 03 00 00 00 00 00 F8 20 01 00 00 10 00 00 00 90 07 00 00 00 90 7C 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 0A 00 00 00 00 00 00 20 0B 00 00 04 00 00 30 FD 0A 00 03 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 34 00 00 | success or wait | 563847472 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@11d5566 | success or wait | 563851911 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 DA CE 07 00 00 10 00 00 00 D0 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 20 4A 00 00 00 E0 07 00 00 32 00 00 00 D4 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 78 BE 02 00 00 30 08 00 00 C0 02 00 | success or wait | 563854295 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@d1a34a | success or wait | 563857343 |
Section loaded | Path: C:\WINDOWS\system32\ntdll.dll Access: query and read Type: commit Baseaddress: A20000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 563860601 |
Memory attributes changed | PID: 1412 Path: C:\WINDOWS\system32\spoolsv.exe Base: 7C90D2EE Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 563986739 |
Memory attributes changed | PID: 1412 Path: C:\WINDOWS\system32\spoolsv.exe Base: BB02A80 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 564030603 |
Memory attributes changed | PID: 1412 Path: C:\WINDOWS\system32\spoolsv.exe Base: 7C90DB3E Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 564045189 |
File opened | Path: C:\WINDOWS\system32\ntdll.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 564073656 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@e5590e | success or wait | 564105651 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 4 Value: D0 00 00 00 | success or wait | 564109101 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@139ca7e | success or wait | 564149490 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 20 Value: 4C 01 04 00 7D F2 00 4D 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 564163791 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 D0 07 00 00 3C 03 00 00 00 00 00 F8 20 01 00 00 10 00 00 00 90 07 00 00 00 90 7C 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 0A 00 00 00 00 00 00 20 0B 00 00 04 00 00 30 FD 0A 00 03 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 34 00 00 | success or wait | 564166977 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@11d5566 | success or wait | 564180996 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 DA CE 07 00 00 10 00 00 00 D0 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 20 4A 00 00 00 E0 07 00 00 32 00 00 00 D4 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 78 BE 02 00 00 30 08 00 00 C0 02 00 | success or wait | 564184710 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@d1a34a | success or wait | 564200833 |
Section loaded | Path: C:\WINDOWS\system32\ntdll.dll Access: query and read Type: commit Baseaddress: A20000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 564205431 |
Memory attributes changed | PID: 1412 Path: C:\WINDOWS\system32\spoolsv.exe Base: 7C90DB3E Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 564291623 |
Memory attributes changed | PID: 1412 Path: C:\WINDOWS\system32\spoolsv.exe Base: BB169A8 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 564294707 |
Memory attributes changed | PID: 1412 Path: C:\WINDOWS\system32\spoolsv.exe Base: 7C91632D Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 564299075 |
File opened | Path: C:\WINDOWS\system32\ntdll.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 564323694 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@e5590e | success or wait | 564349400 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 4 Value: D0 00 00 00 | success or wait | 564352879 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@139ca7e | success or wait | 564449337 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 20 Value: 4C 01 04 00 7D F2 00 4D 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 564495534 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 D0 07 00 00 3C 03 00 00 00 00 00 F8 20 01 00 00 10 00 00 00 90 07 00 00 00 90 7C 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 0A 00 00 00 00 00 00 20 0B 00 00 04 00 00 30 FD 0A 00 03 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 34 00 00 | success or wait | 564544877 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@11d5566 | success or wait | 564566047 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 DA CE 07 00 00 10 00 00 00 D0 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 20 4A 00 00 00 E0 07 00 00 32 00 00 00 D4 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 78 BE 02 00 00 30 08 00 00 C0 02 00 | success or wait | 564584840 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@d1a34a | success or wait | 564630688 |
Section loaded | Path: C:\WINDOWS\system32\ntdll.dll Access: query and read Type: commit Baseaddress: A20000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 564684509 |
Memory attributes changed | PID: 1412 Path: C:\WINDOWS\system32\spoolsv.exe Base: 7C91632D Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 564777239 |
Memory attributes changed | PID: 1412 Path: C:\WINDOWS\system32\spoolsv.exe Base: BB031F0 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 564788077 |
Memory attributes changed | PID: 1412 Path: C:\WINDOWS\system32\spoolsv.exe Base: 7E418BF6 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 564797324 |
File other op | Path: C:\WINDOWS\system32\user32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@13777b3 | success or wait | 564872722 |
File read | Path: C:\WINDOWS\system32\user32.dll Offset: unknown Length: 4 Value: D8 00 00 00 | success or wait | 564882202 |
File other op | Path: C:\WINDOWS\system32\user32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@939bdb | success or wait | 564910201 |
File read | Path: C:\WINDOWS\system32\user32.dll Offset: unknown Length: 20 Value: 4C 01 04 00 1B A1 02 48 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 565739113 |
File read | Path: C:\WINDOWS\system32\user32.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 F4 05 00 00 E2 02 00 00 00 00 00 17 B2 00 00 00 10 00 00 00 B0 05 00 00 00 41 7E 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 00 00 00 00 00 00 00 10 09 00 00 04 00 00 76 FC 08 00 02 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 39 00 00 | success or wait | 565754280 |
File other op | Path: C:\WINDOWS\system32\user32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@dd7658 | success or wait | 565765214 |
File read | Path: C:\WINDOWS\system32\user32.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 83 F2 05 00 00 10 00 00 00 F4 05 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 80 11 00 00 00 10 06 00 00 0C 00 00 00 F8 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 88 A0 02 00 00 30 06 00 00 A2 02 00 | success or wait | 565772708 |
File other op | Path: C:\WINDOWS\system32\user32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@184bc10 | success or wait | 565780900 |
Section loaded | Path: C:\WINDOWS\system32\user32.dll Access: query and read Type: commit Baseaddress: A20000 Size: 57344 Protection: readonly Mapped to pid: own pid | success or wait | 565789188 |
Memory attributes changed | PID: 1412 Path: C:\WINDOWS\system32\spoolsv.exe Base: 7E418BF6 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 566001929 |
Memory attributes changed | PID: 1412 Path: C:\WINDOWS\system32\spoolsv.exe Base: BB02140 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 566013222 |
File opened | Path: C:\skhfushjflw\config.bin Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: normal Content Overwritten: true | success or wait | 566020729 |
File read | Path: C:\skhfushjflw\config.bin Offset: unknown Length: 74019 Value: 50 5F A6 6E 46 82 4F 8B 57 93 A9 9E 12 94 50 94 50 94 50 94 50 94 65 A2 66 A2 68 AC 79 BD E4 97 C1 E3 88 2B 9D C5 E2 92 23 B3 04 C0 03 7C B1 2A B3 BE CE AD 37 FD 39 FD 3B 6B 1F 81 21 06 02 04 95 44 7B 58 4F 33 E4 CF A8 3F D4 7E 21 05 7D B3 67 3E 96 B1 22 34 C2 F2 16 A5 36 26 B2 39 84 48 E5 22 EE 43 | success or wait | 566060630 |
Memory attributes changed | PID: 1412 Path: C:\WINDOWS\system32\spoolsv.exe Base: 3D949088 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 566709577 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 566757101 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@156cd93 | success or wait | 566764561 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 567670485 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1d2aa14 | success or wait | 567738340 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 567776292 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 567784351 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@19c123d | success or wait | 567832424 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 567844038 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1718057 | success or wait | 567861040 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: A20000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 567870415 |
Memory attributes changed | PID: 1412 Path: C:\WINDOWS\system32\spoolsv.exe Base: 3D949088 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 568097287 |
Memory attributes changed | PID: 1412 Path: C:\WINDOWS\system32\spoolsv.exe Base: BB17598 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 568117989 |
Memory attributes changed | PID: 1412 Path: C:\WINDOWS\system32\spoolsv.exe Base: 3D95EE89 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 568139007 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 568179522 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@156cd93 | success or wait | 568211842 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 568221533 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1d2aa14 | success or wait | 568355904 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 568365839 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 568374677 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@19c123d | success or wait | 568621807 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 568631047 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1718057 | success or wait | 568639186 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: A20000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 568650160 |
Memory attributes changed | PID: 1412 Path: C:\WINDOWS\system32\spoolsv.exe Base: 3D95EE89 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 568767585 |
Memory attributes changed | PID: 1412 Path: C:\WINDOWS\system32\spoolsv.exe Base: BB16B68 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 568775263 |
Memory attributes changed | PID: 1412 Path: C:\WINDOWS\system32\spoolsv.exe Base: 3D94FABE Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 568785540 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 568857824 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@156cd93 | success or wait | 568868348 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 568884748 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1d2aa14 | success or wait | 568940501 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 568948672 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 568993756 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@19c123d | success or wait | 569021258 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 569153879 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1718057 | success or wait | 569164575 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: A20000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 569174047 |
Memory attributes changed | PID: 1412 Path: C:\WINDOWS\system32\spoolsv.exe Base: 3D94FABE Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 569259803 |
Memory attributes changed | PID: 1412 Path: C:\WINDOWS\system32\spoolsv.exe Base: BAFC6D0 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 569270608 |
Memory attributes changed | PID: 1412 Path: C:\WINDOWS\system32\spoolsv.exe Base: 3D9A608E Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 569280641 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 569308209 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@156cd93 | success or wait | 569318686 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 569329847 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1d2aa14 | success or wait | 569368960 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 569550605 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 569611597 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@19c123d | success or wait | 569766037 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 569788397 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1718057 | success or wait | 569804898 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: A20000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 570236823 |
Memory attributes changed | PID: 1412 Path: C:\WINDOWS\system32\spoolsv.exe Base: 3D9A608E Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 570320963 |
Memory attributes changed | PID: 1412 Path: C:\WINDOWS\system32\spoolsv.exe Base: BB05EA0 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 570336439 |
File opened | Path: C:\skhfushjflw\config.bin Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: normal Content Overwritten: true | success or wait | 570347668 |
File read | Path: C:\skhfushjflw\config.bin Offset: unknown Length: 74019 Value: 50 5F A6 6E 46 82 4F 8B 57 93 A9 9E 12 94 50 94 50 94 50 94 50 94 65 A2 66 A2 68 AC 79 BD E4 97 C1 E3 88 2B 9D C5 E2 92 23 B3 04 C0 03 7C B1 2A B3 BE CE AD 37 FD 39 FD 3B 6B 1F 81 21 06 02 04 95 44 7B 58 4F 33 E4 CF A8 3F D4 7E 21 05 7D B3 67 3E 96 B1 22 34 C2 F2 16 A5 36 26 B2 39 84 48 E5 22 EE 43 | success or wait | 570423221 |
Memory attributes changed | PID: 1412 Path: C:\WINDOWS\system32\spoolsv.exe Base: 3D94D508 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 571066285 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 571089946 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@156cd93 | success or wait | 571105001 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 571108201 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1d2aa14 | success or wait | 571111711 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 571115457 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 571120087 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@19c123d | success or wait | 571122965 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 571126196 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1718057 | success or wait | 571130839 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: A20000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 571133839 |
Memory attributes changed | PID: 1412 Path: C:\WINDOWS\system32\spoolsv.exe Base: 3D94D508 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 571197784 |
Memory attributes changed | PID: 1412 Path: C:\WINDOWS\system32\spoolsv.exe Base: BB06620 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 571205626 |
Memory attributes changed | PID: 1412 Path: C:\WINDOWS\system32\spoolsv.exe Base: 3D94CF4E Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 571212582 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 571289440 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@156cd93 | success or wait | 571885997 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 571893277 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1d2aa14 | success or wait | 571898155 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 571903519 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 571907949 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@19c123d | success or wait | 571913023 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 571917174 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1718057 | success or wait | 571932433 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: A20000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 571935392 |
Memory attributes changed | PID: 1412 Path: C:\WINDOWS\system32\spoolsv.exe Base: 3D94CF4E Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 571995116 |
Memory attributes changed | PID: 1412 Path: C:\WINDOWS\system32\spoolsv.exe Base: BB17758 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 571997744 |
Memory attributes changed | PID: 1412 Path: C:\WINDOWS\system32\spoolsv.exe Base: 3D94878D Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 572013411 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 572061258 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@156cd93 | success or wait | 572077614 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 572080423 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1d2aa14 | success or wait | 572083272 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 572087283 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 572090484 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@19c123d | success or wait | 572095165 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 572100904 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1718057 | success or wait | 572105049 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: A20000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 572107520 |
Memory attributes changed | PID: 1412 Path: C:\WINDOWS\system32\spoolsv.exe Base: 3D94878D Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 572149015 |
Memory attributes changed | PID: 1412 Path: C:\WINDOWS\system32\spoolsv.exe Base: BB033B0 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 572187423 |
Memory attributes changed | PID: 1412 Path: C:\WINDOWS\system32\spoolsv.exe Base: 3D940049 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 572189756 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 572198392 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@156cd93 | success or wait | 572201209 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 572203537 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1d2aa14 | success or wait | 572207763 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 572213345 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 572215347 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@19c123d | success or wait | 572217605 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 572220349 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1718057 | success or wait | 572223983 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: A20000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 572226215 |
Memory attributes changed | PID: 1412 Path: C:\WINDOWS\system32\spoolsv.exe Base: 3D940049 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 572618210 |
Memory attributes changed | PID: 1412 Path: C:\WINDOWS\system32\spoolsv.exe Base: BB17AA8 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 572620896 |
Memory attributes changed | PID: 1412 Path: C:\WINDOWS\system32\spoolsv.exe Base: 3D94BF83 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 572623440 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 572677017 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@156cd93 | success or wait | 572680340 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 572684563 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1d2aa14 | success or wait | 572691308 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 572697100 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 572699412 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@19c123d | success or wait | 572702177 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 572715163 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1718057 | success or wait | 572718384 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: A20000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 572720639 |
Memory attributes changed | PID: 1412 Path: C:\WINDOWS\system32\spoolsv.exe Base: 3D94BF83 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 573098732 |
Memory attributes changed | PID: 1412 Path: C:\WINDOWS\system32\spoolsv.exe Base: BB02C30 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 573100928 |
Memory attributes changed | PID: 1412 Path: C:\WINDOWS\system32\spoolsv.exe Base: 3D94654B Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 573103353 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 573112055 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@156cd93 | success or wait | 573128448 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 573130556 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1d2aa14 | success or wait | 573133551 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 573136387 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 573138249 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@19c123d | success or wait | 573153769 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 573156370 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1718057 | success or wait | 573159649 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: A20000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 573161836 |
Memory attributes changed | PID: 1412 Path: C:\WINDOWS\system32\spoolsv.exe Base: 3D94654B Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 573216988 |
Memory attributes changed | PID: 1412 Path: C:\WINDOWS\system32\spoolsv.exe Base: BB035C0 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 573220038 |
Memory attributes changed | PID: 1412 Path: C:\WINDOWS\system32\spoolsv.exe Base: 3D963381 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 573257895 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 573271464 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@156cd93 | success or wait | 573275341 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 573277820 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1d2aa14 | success or wait | 573279931 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 573284334 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 573289181 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@19c123d | success or wait | 573302689 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 573304802 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1718057 | success or wait | 573307185 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: A20000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 573309336 |
Memory attributes changed | PID: 1412 Path: C:\WINDOWS\system32\spoolsv.exe Base: 3D963381 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 573407392 |
Memory attributes changed | PID: 1412 Path: C:\WINDOWS\system32\spoolsv.exe Base: BAFCB48 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 573414551 |
Memory attributes changed | PID: 1412 Path: C:\WINDOWS\system32\spoolsv.exe Base: 71AB4C27 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 573420562 |
File other op | Path: C:\WINDOWS\system32\ws2_32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@a0eb2a | success or wait | 573470889 |
File read | Path: C:\WINDOWS\system32\ws2_32.dll Offset: unknown Length: 4 Value: F0 00 00 00 | success or wait | 573477265 |
File other op | Path: C:\WINDOWS\system32\ws2_32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@af2a50 | success or wait | 573482793 |
File read | Path: C:\WINDOWS\system32\ws2_32.dll Offset: unknown Length: 20 Value: 4C 01 04 00 63 A1 02 48 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 573489360 |
File read | Path: C:\WINDOWS\system32\ws2_32.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 22 01 00 00 1C 00 00 00 00 00 00 73 12 00 00 00 10 00 00 00 20 01 00 00 00 AB 71 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 0A 00 00 00 00 00 00 70 01 00 00 04 00 00 20 F0 01 00 03 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 04 14 00 00 | success or wait | 573494678 |
File other op | Path: C:\WINDOWS\system32\ws2_32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@30e71 | success or wait | 573540786 |
File read | Path: C:\WINDOWS\system32\ws2_32.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 53 21 01 00 00 10 00 00 00 22 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 14 09 00 00 00 40 01 00 00 0A 00 00 00 26 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 F8 03 00 00 00 50 01 00 00 04 00 00 | success or wait | 573550727 |
File other op | Path: C:\WINDOWS\system32\ws2_32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@a92801 | success or wait | 573556869 |
Section loaded | Path: C:\WINDOWS\system32\ws2_32.dll Access: query and read Type: commit Baseaddress: A20000 Size: 20480 Protection: readonly Mapped to pid: own pid | success or wait | 573581883 |
Memory attributes changed | PID: 1412 Path: C:\WINDOWS\system32\spoolsv.exe Base: 71AB4C27 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 573629547 |
File opened | Path: C:\WINDOWS\system32\ADVAPI32.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 574489663 |
File other op | Path: C:\WINDOWS\system32\advapi32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1816b6e | success or wait | 574495670 |
File read | Path: C:\WINDOWS\system32\advapi32.dll Offset: unknown Length: 4 Value: F0 00 00 00 | success or wait | 574502968 |
File other op | Path: C:\WINDOWS\system32\advapi32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1b40ab5 | success or wait | 574509701 |
File read | Path: C:\WINDOWS\system32\advapi32.dll Offset: unknown Length: 20 Value: 4C 01 04 00 48 1D 90 49 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 574516576 |
File read | Path: C:\WINDOWS\system32\advapi32.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 46 07 00 00 3E 02 00 00 00 00 00 0B 71 00 00 00 10 00 00 00 20 07 00 00 00 DD 77 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 00 00 00 00 00 00 00 B0 09 00 00 04 00 00 B8 5B 0A 00 03 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 A4 16 00 00 | success or wait | 574521727 |
File other op | Path: C:\WINDOWS\system32\advapi32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@12b2f7f | success or wait | 574552601 |
File read | Path: C:\WINDOWS\system32\advapi32.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 C9 45 07 00 00 10 00 00 00 46 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 28 46 00 00 00 60 07 00 00 2C 00 00 00 4A 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 80 A9 01 00 00 B0 07 00 00 AA 01 00 | success or wait | 574566955 |
File other op | Path: C:\WINDOWS\system32\advapi32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@3b48c8 | success or wait | 574572056 |
Section loaded | Path: C:\WINDOWS\system32\advapi32.dll Access: query and read Type: commit Baseaddress: A20000 Size: 28672 Protection: readonly Mapped to pid: own pid | success or wait | 574577161 |
File opened | Path: C:\WINDOWS\system32\CRYPT32.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 574672993 |
File other op | Path: C:\WINDOWS\system32\crypt32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@275b35 | success or wait | 574805470 |
File read | Path: C:\WINDOWS\system32\crypt32.dll Offset: unknown Length: 4 Value: F0 00 00 00 | success or wait | 574811232 |
File other op | Path: C:\WINDOWS\system32\crypt32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1d4f6b4 | success or wait | 574831250 |
File read | Path: C:\WINDOWS\system32\crypt32.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D7 A0 02 48 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 574837302 |
File read | Path: C:\WINDOWS\system32\crypt32.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 44 08 00 00 DC 00 00 00 00 00 00 32 16 00 00 00 10 00 00 00 20 08 00 00 00 A8 77 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 00 00 00 00 00 00 00 50 09 00 00 04 00 00 30 C5 09 00 02 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 9C 1A 00 00 | success or wait | 574843004 |
File other op | Path: C:\WINDOWS\system32\crypt32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@90be01 | success or wait | 574848979 |
File read | Path: C:\WINDOWS\system32\crypt32.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 C4 43 08 00 00 10 00 00 00 44 08 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 E8 23 00 00 00 60 08 00 00 24 00 00 00 48 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 50 67 00 00 00 90 08 00 00 68 00 00 | success or wait | 574895911 |
File other op | Path: C:\WINDOWS\system32\crypt32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@aa6635 | success or wait | 574905476 |
Section loaded | Path: C:\WINDOWS\system32\crypt32.dll Access: query and read Type: commit Baseaddress: DE0000 Size: 77824 Protection: readonly Mapped to pid: own pid | success or wait | 574911601 |
Mutant created | Name: \BaseNamedObjects\WTFGQ7AIWawyMYWWRAk3SWXkgj39MdG | object name exists | 574989866 |
Thread created | PID: 1412 TID: 3916 EIP: 7C8106F9 Imagepath: C:\WINDOWS\system32\spoolsv.exe | success or wait | 575017892 |
Thread resumed | TID: 3916 PID: 1412 Path: C:\WINDOWS\system32\spoolsv.exe | success or wait | 575024731 |
File opened | Path: \pipe\globpluginspipe Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: none Content Overwritten: true | object name not found | 575028706 |
Thread created | PID: 1412 TID: 3936 EIP: 7C8106F9 Imagepath: C:\WINDOWS\system32\spoolsv.exe | success or wait | 575073694 |
Thread resumed | TID: 3936 PID: 1412 Path: C:\WINDOWS\system32\spoolsv.exe | success or wait | 575081202 |
Thread delayed | Time: 0 TID: 3936 | success or wait | 575086546 |
Thread delayed | Time: 0 TID: 3936 | success or wait | 576717183 |
Thread delayed | Time: 0 TID: 3936 | success or wait | 578411056 |
Thread delayed | Time: 0 TID: 3936 | success or wait | 580084362 |
Thread delayed | Time: 0 TID: 3936 | success or wait | 582418371 |
Thread delayed | Time: 0 TID: 3936 | success or wait | 583829746 |
Thread delayed | Time: 0 TID: 3936 | success or wait | 585036495 |
Thread delayed | Time: 0 TID: 3936 | success or wait | 586635883 |
Thread delayed | Time: 0 TID: 3936 | success or wait | 587746347 |
Thread delayed | Time: 0 TID: 3936 | success or wait | 588865768 |
Thread delayed | Time: 0 TID: 3936 | success or wait | 589984366 |
Thread delayed | Time: 0 TID: 3936 | success or wait | 591103054 |
Thread delayed | Time: 0 TID: 3936 | success or wait | 592221493 |
Thread delayed | Time: 0 TID: 3936 | success or wait | 593339950 |
Thread delayed | Time: 0 TID: 3936 | success or wait | 594646604 |
Thread delayed | Time: 0 TID: 3936 | success or wait | 596040692 |
Thread delayed | Time: 0 TID: 3936 | success or wait | 597143464 |
Thread delayed | Time: 0 TID: 3936 | success or wait | 598274293 |
Thread delayed | Time: 0 TID: 3936 | success or wait | 599577918 |
Thread delayed | Time: 0 TID: 3936 | success or wait | 600672160 |
Thread delayed | Time: 0 TID: 3936 | success or wait | 601793559 |
Thread delayed | Time: 0 TID: 3936 | success or wait | 602914209 |
Thread delayed | Time: 0 TID: 3936 | success or wait | 604210474 |
Thread delayed | Time: 0 TID: 3936 | success or wait | 605417643 |
Thread delayed | Time: 0 TID: 3936 | success or wait | 606486522 |
Thread delayed | Time: 0 TID: 3936 | success or wait | 607604679 |
Thread delayed | Time: 0 TID: 3936 | success or wait | 608743469 |
Thread delayed | Time: 0 TID: 3936 | success or wait | 609841788 |
Thread delayed | Time: 0 TID: 3936 | success or wait | 610958129 |
Thread delayed | Time: 0 TID: 3936 | success or wait | 612077036 |
Thread delayed | Time: 0 TID: 3936 | success or wait | 613196085 |
Thread delayed | Time: 0 TID: 3936 | success or wait | 614317147 |
Thread delayed | Time: 0 TID: 3936 | success or wait | 615433045 |
Thread delayed | Time: 0 TID: 3936 | success or wait | 616551605 |
Thread delayed | Time: 0 TID: 3936 | success or wait | 617673204 |
Thread delayed | Time: 0 TID: 3936 | success or wait | 618788806 |
Thread delayed | Time: 0 TID: 3936 | success or wait | 619914992 |
Thread delayed | Time: 0 TID: 3936 | success or wait | 621025971 |
Thread delayed | Time: 0 TID: 3936 | success or wait | 622144895 |
Thread delayed | Time: 0 TID: 3936 | success or wait | 623263210 |
Thread delayed | Time: 0 TID: 3936 | success or wait | 624384514 |
Thread delayed | Time: 0 TID: 3936 | success or wait | 625500449 |
Thread delayed | Time: 0 TID: 3936 | success or wait | 626621373 |
Thread delayed | Time: 0 TID: 3936 | success or wait | 627737713 |
Thread delayed | Time: 0 TID: 3936 | success or wait | 628860620 |
Thread delayed | Time: 0 TID: 3936 | success or wait | 629975604 |
Thread delayed | Time: 0 TID: 3936 | success or wait | 631093828 |
Thread delayed | Time: 0 TID: 3936 | success or wait | 632212046 |
Thread delayed | Time: 0 TID: 3936 | success or wait | 633330709 |
Thread delayed | Time: 0 TID: 3936 | success or wait | 634457937 |
Mutant created | Name: \BaseNamedObjects\ofjwkwufhdjfgki | object name exists | 697685668 |
File opened | Path: \pipe\globpluginspipe Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: none Content Overwritten: true | pipe not available | 697806292 |
File opened | Path: \pipe\globpluginspipe Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: none Content Overwritten: true | pipe not available | 697894488 |
File opened | Path: \pipe\globpluginspipe Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: none Content Overwritten: true | pipe not available | 698367920 |
File opened | Path: \pipe\globpluginspipe Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: none Content Overwritten: true | pipe not available | 698867767 |
File read | Path: \globpluginspipe Offset: unknown Length: 4 Value: 41 0C 02 00 | success or wait | 699106905 |
File read | Path: \globpluginspipe Offset: unknown Length: 134209 Value: 67 6C 6F 62 70 6C 75 67 69 6E 73 00 04 00 00 00 72 73 74 5F 31 5F 31 00 00 0C 02 00 4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF 00 00 B8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 E8 00 00 00 0E 1F BA 0E 00 B4 09 CD | success or wait | 699870977 |
Memory allocated | PID: 1412 Path: C:\WINDOWS\system32\spoolsv.exe Base: 930000 Length: 131FF08 Allocation Type: unknown Protection: page execute and read and write | success or wait | 700933125 |
Memory allocated | PID: 1412 Path: C:\WINDOWS\system32\spoolsv.exe Base: A20000 Length: 131FE54 Allocation Type: unknown Protection: page read and write | success or wait | 701061861 |
Memory allocated | PID: 1412 Path: C:\WINDOWS\system32\spoolsv.exe Base: A20000 Length: 131FE58 Allocation Type: unknown Protection: page read and write | success or wait | 701066840 |
Memory allocated | PID: 1412 Path: C:\WINDOWS\system32\spoolsv.exe Base: A21000 Length: 131FB34 Allocation Type: unknown Protection: page read and write | success or wait | 701070596 |
Process information queried | PID: 1412 Info Class: Cookie | success or wait | 701074577 |
Process information queried | PID: 1412 Info Class: Cookie | success or wait | 701078655 |
Process information queried | PID: 1412 Info Class: Cookie | success or wait | 701083182 |
Process information queried | PID: 1412 Info Class: Cookie | success or wait | 701085097 |
Process information queried | PID: 1412 Info Class: Cookie | success or wait | 701086348 |
Process information queried | PID: 1412 Info Class: Cookie | success or wait | 701086889 |
Process information queried | PID: 1412 Info Class: Cookie | success or wait | 701088466 |
Process information queried | PID: 1412 Info Class: Cookie | success or wait | 701089332 |
Process information queried | PID: 1412 Info Class: Cookie | success or wait | 701093149 |
Process information queried | PID: 1412 Info Class: Cookie | success or wait | 701098796 |
Process information queried | PID: 1412 Info Class: Cookie | success or wait | 701327662 |
Process information queried | PID: 1412 Info Class: Cookie | success or wait | 701359808 |
Process information queried | PID: 1412 Info Class: Cookie | success or wait | 701360629 |
Process information queried | PID: 1412 Info Class: Cookie | success or wait | 701361419 |
Process information queried | PID: 1412 Info Class: Cookie | success or wait | 701361879 |
Process information queried | PID: 1412 Info Class: Cookie | success or wait | 701362471 |
Process information queried | PID: 1412 Info Class: Cookie | success or wait | 701362566 |
Process information queried | PID: 1412 Info Class: Cookie | success or wait | 701362659 |
Process information queried | PID: 1412 Info Class: Cookie | success or wait | 701362752 |
Process information queried | PID: 1412 Info Class: Cookie | success or wait | 701362854 |
Process information queried | PID: 1412 Info Class: Cookie | success or wait | 701362995 |
Process information queried | PID: 1412 Info Class: Cookie | success or wait | 701363094 |
Process information queried | PID: 1412 Info Class: Cookie | success or wait | 701363195 |
Process information queried | PID: 1412 Info Class: Cookie | success or wait | 701363293 |
Process information queried | PID: 1412 Info Class: Cookie | success or wait | 701363415 |
Process information queried | PID: 1412 Info Class: Cookie | success or wait | 701363519 |
Process information queried | PID: 1412 Info Class: Cookie | success or wait | 701363622 |
Process information queried | PID: 1412 Info Class: Cookie | success or wait | 701363726 |
Process information queried | PID: 1412 Info Class: Cookie | success or wait | 701363835 |
Process information queried | PID: 1412 Info Class: Cookie | success or wait | 701363939 |
Process information queried | PID: 1412 Info Class: Cookie | success or wait | 701364042 |
Process information queried | PID: 1412 Info Class: Cookie | success or wait | 701364145 |
Process information queried | PID: 1412 Info Class: Cookie | success or wait | 701364251 |
Process information queried | PID: 1412 Info Class: Cookie | success or wait | 701364354 |
Process information queried | PID: 1412 Info Class: Cookie | success or wait | 701364458 |
Process information queried | PID: 1412 Info Class: Cookie | success or wait | 701364561 |
Process information queried | PID: 1412 Info Class: Cookie | success or wait | 701364665 |
Process information queried | PID: 1412 Info Class: Cookie | success or wait | 701364768 |
Process information queried | PID: 1412 Info Class: Cookie | success or wait | 701364871 |
Process information queried | PID: 1412 Info Class: Cookie | success or wait | 701364975 |
Process information queried | PID: 1412 Info Class: Cookie | success or wait | 701365079 |
Process information queried | PID: 1412 Info Class: Cookie | success or wait | 701365182 |
Process information queried | PID: 1412 Info Class: Cookie | success or wait | 701365285 |
Process information queried | PID: 1412 Info Class: Cookie | success or wait | 701365388 |
Process information queried | PID: 1412 Info Class: Cookie | success or wait | 701365492 |
Process information queried | PID: 1412 Info Class: Cookie | success or wait | 701365596 |
Process information queried | PID: 1412 Info Class: Cookie | success or wait | 701365699 |
Process information queried | PID: 1412 Info Class: Cookie | success or wait | 701365802 |
Process information queried | PID: 1412 Info Class: Cookie | success or wait | 701365906 |
Process information queried | PID: 1412 Info Class: Cookie | success or wait | 701366009 |
Thread created | PID: 1412 TID: 3284 EIP: 7C8106F9 Imagepath: C:\WINDOWS\system32\spoolsv.exe | success or wait | 701401146 |
Thread resumed | TID: 3284 PID: 1412 Path: C:\WINDOWS\system32\spoolsv.exe | success or wait | 701401454 |
Thread created | PID: 1412 TID: 3288 EIP: 7C8106F9 Imagepath: C:\WINDOWS\system32\spoolsv.exe | success or wait | 701402092 |
Thread resumed | TID: 3288 PID: 1412 Path: C:\WINDOWS\system32\spoolsv.exe | success or wait | 701402339 |
Mutant created | Name: \BaseNamedObjects\ofjwkwufhdjfgki | object name exists | 819556527 |
File opened | Path: \pipe\globpluginspipe Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: none Content Overwritten: true | pipe not available | 819599548 |
File opened | Path: \pipe\globpluginspipe Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: none Content Overwritten: true | pipe not available | 820565390 |
File opened | Path: \pipe\globpluginspipe Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: none Content Overwritten: true | pipe not available | 821149343 |
File read | Path: \globpluginspipe Offset: unknown Length: 4 Value: 41 0C 02 00 | success or wait | 822235238 |
File read | Path: \globpluginspipe Offset: unknown Length: 134209 Value: 67 6C 6F 62 70 6C 75 67 69 6E 73 00 04 00 00 00 72 73 74 5F 31 5F 31 00 00 0C 02 00 4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF 00 00 B8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 E8 00 00 00 0E 1F BA 0E 00 B4 09 CD | success or wait | 823115312 |
Sections | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
File Activities:
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Section Activities:
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Mutant Activities:
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Process Activities:
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Thread Activities:
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Memory Activities:
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
User Activities:
|
Chronological sections | |||
Operation | Data | Completion | Time |
Section loaded | Path: \KnownDlls\CRYPT32.dll Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 551796214 |
Section loaded | Path: C:\WINDOWS\system32\crypt32.dll Access: query and write and read and execute Type: image Baseaddress: 77A80000 Size: 610304 Protection: read write Mapped to pid: own pid | success or wait | 551813935 |
Section loaded | Path: \KnownDlls\MSASN1.dll Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 553176369 |
Section loaded | Path: C:\WINDOWS\system32\msasn1.dll Access: query and write and read and execute Type: image Baseaddress: 77B20000 Size: 73728 Protection: read write Mapped to pid: own pid | success or wait | 553183040 |
Section loaded | Path: \KnownDlls\WS2_32.dll Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 554561034 |
Section loaded | Path: C:\WINDOWS\system32\ws2_32.dll Access: query and write and read and execute Type: image Baseaddress: 71AB0000 Size: 94208 Protection: read write Mapped to pid: own pid | success or wait | 554571985 |
Section loaded | Path: \KnownDlls\WS2HELP.dll Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 555075205 |
Section loaded | Path: C:\WINDOWS\system32\ws2help.dll Access: query and write and read and execute Type: image Baseaddress: 71AA0000 Size: 32768 Protection: read write Mapped to pid: own pid | success or wait | 555091346 |
Section loaded | Path: \KnownDlls\WININET.dll Access: write and read and execute Type: unknown Baseaddress: 3D930000 Size: 942080 Protection: read write Mapped to pid: own pid | success or wait | 555473120 |
Section loaded | Path: \KnownDlls\Normaliz.dll Access: write and read and execute Type: unknown Baseaddress: A30000 Size: 36864 Protection: read write Mapped to pid: own pid | conflicting addresses | 556751063 |
Section loaded | Path: \KnownDlls\urlmon.dll Access: write and read and execute Type: unknown Baseaddress: 78130000 Size: 1257472 Protection: read write Mapped to pid: own pid | success or wait | 556893460 |
Section loaded | Path: \KnownDlls\iertutil.dll Access: write and read and execute Type: unknown Baseaddress: 3DFD0000 Size: 2002944 Protection: read write Mapped to pid: own pid | success or wait | 558163057 |
Memory attributes changed | PID: 1728 Path: C:\WINDOWS\system32\ctfmon.exe Base: 7C90D76E Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 563900036 |
File opened | Path: C:\WINDOWS\system32\ntdll.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 563985208 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@91384d | success or wait | 564023587 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 4 Value: D0 00 00 00 | success or wait | 564042370 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@7612a | success or wait | 564051305 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 20 Value: 4C 01 04 00 7D F2 00 4D 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 564059191 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 D0 07 00 00 3C 03 00 00 00 00 00 F8 20 01 00 00 10 00 00 00 90 07 00 00 00 90 7C 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 0A 00 00 00 00 00 00 20 0B 00 00 04 00 00 30 FD 0A 00 03 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 34 00 00 | success or wait | 564069781 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@7c3b99 | success or wait | 564073560 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 DA CE 07 00 00 10 00 00 00 D0 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 20 4A 00 00 00 E0 07 00 00 32 00 00 00 D4 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 78 BE 02 00 00 30 08 00 00 C0 02 00 | success or wait | 564105186 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@2cef66 | success or wait | 564108066 |
Section loaded | Path: C:\WINDOWS\system32\ntdll.dll Access: query and read Type: commit Baseaddress: A70000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 564112308 |
Memory attributes changed | PID: 1728 Path: C:\WINDOWS\system32\ctfmon.exe Base: 7C90D76E Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 564210208 |
Memory attributes changed | PID: 1728 Path: C:\WINDOWS\system32\ctfmon.exe Base: BAFCD70 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 564224677 |
Memory attributes changed | PID: 1728 Path: C:\WINDOWS\system32\ctfmon.exe Base: 7C90DF1E Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 564265882 |
File opened | Path: C:\WINDOWS\system32\ntdll.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 564289330 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@91384d | success or wait | 564291978 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 4 Value: D0 00 00 00 | success or wait | 564295091 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@7612a | success or wait | 564300464 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 20 Value: 4C 01 04 00 7D F2 00 4D 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 564305243 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 D0 07 00 00 3C 03 00 00 00 00 00 F8 20 01 00 00 10 00 00 00 90 07 00 00 00 90 7C 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 0A 00 00 00 00 00 00 20 0B 00 00 04 00 00 30 FD 0A 00 03 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 34 00 00 | success or wait | 564308895 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@7c3b99 | success or wait | 564323401 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 DA CE 07 00 00 10 00 00 00 D0 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 20 4A 00 00 00 E0 07 00 00 32 00 00 00 D4 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 78 BE 02 00 00 30 08 00 00 C0 02 00 | success or wait | 564348905 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@2cef66 | success or wait | 564352386 |
Section loaded | Path: C:\WINDOWS\system32\ntdll.dll Access: query and read Type: commit Baseaddress: A70000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 564360962 |
Memory attributes changed | PID: 1728 Path: C:\WINDOWS\system32\ctfmon.exe Base: 7C90DF1E Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 564685260 |
Memory attributes changed | PID: 1728 Path: C:\WINDOWS\system32\ctfmon.exe Base: BB17110 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 564695614 |
Memory attributes changed | PID: 1728 Path: C:\WINDOWS\system32\ctfmon.exe Base: 7C90D2EE Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 564716224 |
File opened | Path: C:\WINDOWS\system32\ntdll.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 564762334 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@91384d | success or wait | 564770590 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 4 Value: D0 00 00 00 | success or wait | 564779231 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@7612a | success or wait | 564797147 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 20 Value: 4C 01 04 00 7D F2 00 4D 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 564806244 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 D0 07 00 00 3C 03 00 00 00 00 00 F8 20 01 00 00 10 00 00 00 90 07 00 00 00 90 7C 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 0A 00 00 00 00 00 00 20 0B 00 00 04 00 00 30 FD 0A 00 03 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 34 00 00 | success or wait | 564813705 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@7c3b99 | success or wait | 564842964 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 DA CE 07 00 00 10 00 00 00 D0 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 20 4A 00 00 00 E0 07 00 00 32 00 00 00 D4 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 78 BE 02 00 00 30 08 00 00 C0 02 00 | success or wait | 564872099 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@2cef66 | success or wait | 564881674 |
Section loaded | Path: C:\WINDOWS\system32\ntdll.dll Access: query and read Type: commit Baseaddress: A70000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 564909347 |
Memory attributes changed | PID: 1728 Path: C:\WINDOWS\system32\ctfmon.exe Base: 7C90D2EE Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 565803877 |
Memory attributes changed | PID: 1728 Path: C:\WINDOWS\system32\ctfmon.exe Base: BB02A80 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 565812840 |
Memory attributes changed | PID: 1728 Path: C:\WINDOWS\system32\ctfmon.exe Base: 7C90DB3E Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 565924974 |
File opened | Path: C:\WINDOWS\system32\ntdll.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 565975565 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@91384d | success or wait | 566008272 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 4 Value: D0 00 00 00 | success or wait | 566015807 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@7612a | success or wait | 566046028 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 20 Value: 4C 01 04 00 7D F2 00 4D 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 566055780 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 D0 07 00 00 3C 03 00 00 00 00 00 F8 20 01 00 00 10 00 00 00 90 07 00 00 00 90 7C 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 0A 00 00 00 00 00 00 20 0B 00 00 04 00 00 30 FD 0A 00 03 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 34 00 00 | success or wait | 566098513 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@7c3b99 | success or wait | 566213205 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 DA CE 07 00 00 10 00 00 00 D0 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 20 4A 00 00 00 E0 07 00 00 32 00 00 00 D4 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 78 BE 02 00 00 30 08 00 00 C0 02 00 | success or wait | 566270968 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@2cef66 | success or wait | 566527620 |
Section loaded | Path: C:\WINDOWS\system32\ntdll.dll Access: query and read Type: commit Baseaddress: A70000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 566652954 |
Memory attributes changed | PID: 1728 Path: C:\WINDOWS\system32\ctfmon.exe Base: 7C90DB3E Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 567730528 |
Memory attributes changed | PID: 1728 Path: C:\WINDOWS\system32\ctfmon.exe Base: BB169A8 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 567771177 |
Memory attributes changed | PID: 1728 Path: C:\WINDOWS\system32\ctfmon.exe Base: 7C91632D Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 567780288 |
File opened | Path: C:\WINDOWS\system32\ntdll.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 567856689 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@91384d | success or wait | 567866467 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 4 Value: D0 00 00 00 | success or wait | 567874709 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@7612a | success or wait | 567921238 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 20 Value: 4C 01 04 00 7D F2 00 4D 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 567932930 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 D0 07 00 00 3C 03 00 00 00 00 00 F8 20 01 00 00 10 00 00 00 90 07 00 00 00 90 7C 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 0A 00 00 00 00 00 00 20 0B 00 00 04 00 00 30 FD 0A 00 03 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 34 00 00 | success or wait | 568051192 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@7c3b99 | success or wait | 568062034 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 DA CE 07 00 00 10 00 00 00 D0 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 20 4A 00 00 00 E0 07 00 00 32 00 00 00 D4 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 78 BE 02 00 00 30 08 00 00 C0 02 00 | success or wait | 568071473 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@2cef66 | success or wait | 568090595 |
Section loaded | Path: C:\WINDOWS\system32\ntdll.dll Access: query and read Type: commit Baseaddress: A70000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 568100471 |
Memory attributes changed | PID: 1728 Path: C:\WINDOWS\system32\ctfmon.exe Base: 7C91632D Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 568224182 |
Memory attributes changed | PID: 1728 Path: C:\WINDOWS\system32\ctfmon.exe Base: BB031F0 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 568356236 |
Memory attributes changed | PID: 1728 Path: C:\WINDOWS\system32\ctfmon.exe Base: 7E418BF6 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 568366160 |
File opened | Path: C:\WINDOWS\system32\USER32.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 568632874 |
File other op | Path: C:\WINDOWS\system32\user32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@192c4c | success or wait | 568641258 |
File read | Path: C:\WINDOWS\system32\user32.dll Offset: unknown Length: 4 Value: D8 00 00 00 | success or wait | 568651750 |
File other op | Path: C:\WINDOWS\system32\user32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@ab6c19 | success or wait | 568660683 |
File read | Path: C:\WINDOWS\system32\user32.dll Offset: unknown Length: 20 Value: 4C 01 04 00 1B A1 02 48 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 568675414 |
File read | Path: C:\WINDOWS\system32\user32.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 F4 05 00 00 E2 02 00 00 00 00 00 17 B2 00 00 00 10 00 00 00 B0 05 00 00 00 41 7E 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 00 00 00 00 00 00 00 10 09 00 00 04 00 00 76 FC 08 00 02 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 39 00 00 | success or wait | 568689719 |
File other op | Path: C:\WINDOWS\system32\user32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@4607b5 | success or wait | 568702471 |
File read | Path: C:\WINDOWS\system32\user32.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 83 F2 05 00 00 10 00 00 00 F4 05 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 80 11 00 00 00 10 06 00 00 0C 00 00 00 F8 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 88 A0 02 00 00 30 06 00 00 A2 02 00 | success or wait | 568715177 |
File other op | Path: C:\WINDOWS\system32\user32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1a437b6 | success or wait | 568757870 |
Section loaded | Path: C:\WINDOWS\system32\user32.dll Access: query and read Type: commit Baseaddress: A70000 Size: 57344 Protection: readonly Mapped to pid: own pid | success or wait | 568768489 |
Memory attributes changed | PID: 1728 Path: C:\WINDOWS\system32\ctfmon.exe Base: 7E418BF6 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 568886456 |
Memory attributes changed | PID: 1728 Path: C:\WINDOWS\system32\ctfmon.exe Base: BB02140 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 568941568 |
File read | Path: C:\skhfushjflw\config.bin Offset: unknown Length: 74019 Value: 50 5F A6 6E 46 82 4F 8B 57 93 A9 9E 12 94 50 94 50 94 50 94 50 94 65 A2 66 A2 68 AC 79 BD E4 97 C1 E3 88 2B 9D C5 E2 92 23 B3 04 C0 03 7C B1 2A B3 BE CE AD 37 FD 39 FD 3B 6B 1F 81 21 06 02 04 95 44 7B 58 4F 33 E4 CF A8 3F D4 7E 21 05 7D B3 67 3E 96 B1 22 34 C2 F2 16 A5 36 26 B2 39 84 48 E5 22 EE 43 | success or wait | 569042614 |
Memory attributes changed | PID: 1728 Path: C:\WINDOWS\system32\ctfmon.exe Base: 3D949088 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 569203386 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 569228663 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@459efb | success or wait | 569264937 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 569272746 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@c88357 | success or wait | 569282379 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 569292778 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 569302252 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@26f144 | success or wait | 569313581 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 569320798 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@a9aa83 | success or wait | 569334123 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: A70000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 569367124 |
Memory attributes changed | PID: 1728 Path: C:\WINDOWS\system32\ctfmon.exe Base: 3D949088 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 570250980 |
Memory attributes changed | PID: 1728 Path: C:\WINDOWS\system32\ctfmon.exe Base: BB17598 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 570261990 |
Memory attributes changed | PID: 1728 Path: C:\WINDOWS\system32\ctfmon.exe Base: 3D95EE89 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 570270728 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 570312961 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@459efb | success or wait | 570321756 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 570337068 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@c88357 | success or wait | 570391051 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 570412248 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 570422179 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@26f144 | success or wait | 570528966 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 570663496 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@a9aa83 | success or wait | 570674812 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: A70000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 570887768 |
Memory attributes changed | PID: 1728 Path: C:\WINDOWS\system32\ctfmon.exe Base: 3D95EE89 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 571051984 |
Memory attributes changed | PID: 1728 Path: C:\WINDOWS\system32\ctfmon.exe Base: BB16B68 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 571063011 |
Memory attributes changed | PID: 1728 Path: C:\WINDOWS\system32\ctfmon.exe Base: 3D94FABE Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 571067672 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 571089589 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@459efb | success or wait | 571104902 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 571108079 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@c88357 | success or wait | 571111792 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 571115527 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 571118578 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@26f144 | success or wait | 571121138 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 571124265 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@a9aa83 | success or wait | 571127807 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: A70000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 571131959 |
Memory attributes changed | PID: 1728 Path: C:\WINDOWS\system32\ctfmon.exe Base: 3D94FABE Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 571186501 |
Memory attributes changed | PID: 1728 Path: C:\WINDOWS\system32\ctfmon.exe Base: BAFC6D0 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 571194583 |
Memory attributes changed | PID: 1728 Path: C:\WINDOWS\system32\ctfmon.exe Base: 3D9A608E Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 571205272 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 571276770 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@459efb | success or wait | 571288614 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 571883582 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@c88357 | success or wait | 571892870 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 571897561 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 571903144 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@26f144 | success or wait | 571908143 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 571913570 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@a9aa83 | success or wait | 571917309 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: A70000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 571933219 |
Memory attributes changed | PID: 1728 Path: C:\WINDOWS\system32\ctfmon.exe Base: 3D9A608E Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 571991838 |
Memory attributes changed | PID: 1728 Path: C:\WINDOWS\system32\ctfmon.exe Base: BB05EA0 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 571995277 |
File read | Path: C:\skhfushjflw\config.bin Offset: unknown Length: 74019 Value: 50 5F A6 6E 46 82 4F 8B 57 93 A9 9E 12 94 50 94 50 94 50 94 50 94 65 A2 66 A2 68 AC 79 BD E4 97 C1 E3 88 2B 9D C5 E2 92 23 B3 04 C0 03 7C B1 2A B3 BE CE AD 37 FD 39 FD 3B 6B 1F 81 21 06 02 04 95 44 7B 58 4F 33 E4 CF A8 3F D4 7E 21 05 7D B3 67 3E 96 B1 22 34 C2 F2 16 A5 36 26 B2 39 84 48 E5 22 EE 43 | success or wait | 572017854 |
Memory attributes changed | PID: 1728 Path: C:\WINDOWS\system32\ctfmon.exe Base: 3D94D508 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 572105566 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 572125764 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@459efb | success or wait | 572128569 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 572130705 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@c88357 | success or wait | 572133038 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 572147297 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 572149695 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@26f144 | success or wait | 572188197 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 572190773 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@a9aa83 | success or wait | 572193306 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: A70000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 572195500 |
Memory attributes changed | PID: 1728 Path: C:\WINDOWS\system32\ctfmon.exe Base: 3D94D508 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 572218581 |
Memory attributes changed | PID: 1728 Path: C:\WINDOWS\system32\ctfmon.exe Base: BB06620 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 572221490 |
Memory attributes changed | PID: 1728 Path: C:\WINDOWS\system32\ctfmon.exe Base: 3D94CF4E Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 572224794 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 572268260 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@459efb | success or wait | 572293617 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 572296197 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@c88357 | success or wait | 572333317 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 572616540 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 572619284 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@26f144 | success or wait | 572621980 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 572624570 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@a9aa83 | success or wait | 572636949 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: A70000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 572674208 |
Memory attributes changed | PID: 1728 Path: C:\WINDOWS\system32\ctfmon.exe Base: 3D94CF4E Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 572713693 |
Memory attributes changed | PID: 1728 Path: C:\WINDOWS\system32\ctfmon.exe Base: BB17758 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 572716092 |
Memory attributes changed | PID: 1728 Path: C:\WINDOWS\system32\ctfmon.exe Base: 3D94878D Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 572719217 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 572728272 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@459efb | success or wait | 573049156 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 573054101 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@c88357 | success or wait | 573056914 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 573096478 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 573099099 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@26f144 | success or wait | 573101267 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 573104843 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@a9aa83 | success or wait | 573107732 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: A70000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 573109898 |
Memory attributes changed | PID: 1728 Path: C:\WINDOWS\system32\ctfmon.exe Base: 3D94878D Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 573154958 |
Memory attributes changed | PID: 1728 Path: C:\WINDOWS\system32\ctfmon.exe Base: BB033B0 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 573157262 |
Memory attributes changed | PID: 1728 Path: C:\WINDOWS\system32\ctfmon.exe Base: 3D940049 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 573160529 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 573203904 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@459efb | success or wait | 573206676 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 573208715 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@c88357 | success or wait | 573211705 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 573215396 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 573218109 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@26f144 | success or wait | 573220917 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 573258794 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@a9aa83 | success or wait | 573264831 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: A70000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 573269624 |
Memory attributes changed | PID: 1728 Path: C:\WINDOWS\system32\ctfmon.exe Base: 3D940049 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 573303654 |
Memory attributes changed | PID: 1728 Path: C:\WINDOWS\system32\ctfmon.exe Base: BB17AA8 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 573305509 |
Memory attributes changed | PID: 1728 Path: C:\WINDOWS\system32\ctfmon.exe Base: 3D94BF83 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 573308118 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 573373517 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@459efb | success or wait | 573382573 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 573387944 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@c88357 | success or wait | 573397090 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 573403253 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 573409992 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@26f144 | success or wait | 573416825 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 573423028 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@a9aa83 | success or wait | 573431182 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: A70000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 573437451 |
Memory attributes changed | PID: 1728 Path: C:\WINDOWS\system32\ctfmon.exe Base: 3D94BF83 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 573544227 |
Memory attributes changed | PID: 1728 Path: C:\WINDOWS\system32\ctfmon.exe Base: BB02C30 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 573550928 |
Memory attributes changed | PID: 1728 Path: C:\WINDOWS\system32\ctfmon.exe Base: 3D94654B Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 573557709 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 573599463 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@459efb | success or wait | 573606131 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 573612361 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@c88357 | success or wait | 573617745 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 573624874 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 573630070 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@26f144 | success or wait | 573635855 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 573684889 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@a9aa83 | success or wait | 573699937 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: A70000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 574480497 |
Memory attributes changed | PID: 1728 Path: C:\WINDOWS\system32\ctfmon.exe Base: 3D94654B Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 574552804 |
Memory attributes changed | PID: 1728 Path: C:\WINDOWS\system32\ctfmon.exe Base: BB035C0 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 574566759 |
Memory attributes changed | PID: 1728 Path: C:\WINDOWS\system32\ctfmon.exe Base: 3D963381 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 574574987 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 574613667 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@459efb | success or wait | 574619390 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 574624682 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@c88357 | success or wait | 574632171 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 574638731 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 574644615 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@26f144 | success or wait | 574653375 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 574658884 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@a9aa83 | success or wait | 574665256 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: A70000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 574672482 |
Memory attributes changed | PID: 1728 Path: C:\WINDOWS\system32\ctfmon.exe Base: 3D963381 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 574892582 |
Memory attributes changed | PID: 1728 Path: C:\WINDOWS\system32\ctfmon.exe Base: BAFCB48 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 574904365 |
Memory attributes changed | PID: 1728 Path: C:\WINDOWS\system32\ctfmon.exe Base: 71AB4C27 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 574911197 |
File opened | Path: C:\WINDOWS\system32\WS2_32.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 574952339 |
File other op | Path: C:\WINDOWS\system32\ws2_32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@f9b31d | success or wait | 574957766 |
File read | Path: C:\WINDOWS\system32\ws2_32.dll Offset: unknown Length: 4 Value: F0 00 00 00 | success or wait | 574964157 |
File other op | Path: C:\WINDOWS\system32\ws2_32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@15e3b92 | success or wait | 574970651 |
File read | Path: C:\WINDOWS\system32\ws2_32.dll Offset: unknown Length: 20 Value: 4C 01 04 00 63 A1 02 48 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 574975475 |
File read | Path: C:\WINDOWS\system32\ws2_32.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 22 01 00 00 1C 00 00 00 00 00 00 73 12 00 00 00 10 00 00 00 20 01 00 00 00 AB 71 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 0A 00 00 00 00 00 00 70 01 00 00 04 00 00 20 F0 01 00 03 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 04 14 00 00 | success or wait | 574980381 |
File other op | Path: C:\WINDOWS\system32\ws2_32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1991e21 | success or wait | 574986865 |
File read | Path: C:\WINDOWS\system32\ws2_32.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 53 21 01 00 00 10 00 00 00 22 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 14 09 00 00 00 40 01 00 00 0A 00 00 00 26 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 F8 03 00 00 00 50 01 00 00 04 00 00 | success or wait | 574990931 |
File other op | Path: C:\WINDOWS\system32\ws2_32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@189346e | success or wait | 574996546 |
Section loaded | Path: C:\WINDOWS\system32\ws2_32.dll Access: query and read Type: commit Baseaddress: A70000 Size: 20480 Protection: readonly Mapped to pid: own pid | success or wait | 575002347 |
Memory attributes changed | PID: 1728 Path: C:\WINDOWS\system32\ctfmon.exe Base: 71AB4C27 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 575039602 |
File opened | Path: C:\WINDOWS\system32\ADVAPI32.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 575089780 |
File other op | Path: C:\WINDOWS\system32\advapi32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@d13e3e | success or wait | 575095109 |
File read | Path: C:\WINDOWS\system32\advapi32.dll Offset: unknown Length: 4 Value: F0 00 00 00 | success or wait | 575099950 |
File other op | Path: C:\WINDOWS\system32\advapi32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@14d6112 | success or wait | 575103538 |
File read | Path: C:\WINDOWS\system32\advapi32.dll Offset: unknown Length: 20 Value: 4C 01 04 00 48 1D 90 49 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 575111326 |
File read | Path: C:\WINDOWS\system32\advapi32.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 46 07 00 00 3E 02 00 00 00 00 00 0B 71 00 00 00 10 00 00 00 20 07 00 00 00 DD 77 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 00 00 00 00 00 00 00 B0 09 00 00 04 00 00 B8 5B 0A 00 03 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 A4 16 00 00 | success or wait | 575116270 |
File other op | Path: C:\WINDOWS\system32\advapi32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@11ff1b8 | success or wait | 575119759 |
File read | Path: C:\WINDOWS\system32\advapi32.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 C9 45 07 00 00 10 00 00 00 46 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 28 46 00 00 00 60 07 00 00 2C 00 00 00 4A 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 80 A9 01 00 00 B0 07 00 00 AA 01 00 | success or wait | 575124013 |
File other op | Path: C:\WINDOWS\system32\advapi32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@367b19 | success or wait | 575129085 |
Section loaded | Path: C:\WINDOWS\system32\advapi32.dll Access: query and read Type: commit Baseaddress: A70000 Size: 28672 Protection: readonly Mapped to pid: own pid | success or wait | 575133226 |
File opened | Path: C:\WINDOWS\system32\CRYPT32.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 575235045 |
File other op | Path: C:\WINDOWS\system32\crypt32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@cbb7db | success or wait | 575245492 |
File read | Path: C:\WINDOWS\system32\crypt32.dll Offset: unknown Length: 4 Value: F0 00 00 00 | success or wait | 575257904 |
File other op | Path: C:\WINDOWS\system32\crypt32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@939ec3 | success or wait | 575262098 |
File read | Path: C:\WINDOWS\system32\crypt32.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D7 A0 02 48 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 575266900 |
File read | Path: C:\WINDOWS\system32\crypt32.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 44 08 00 00 DC 00 00 00 00 00 00 32 16 00 00 00 10 00 00 00 20 08 00 00 00 A8 77 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 00 00 00 00 00 00 00 50 09 00 00 04 00 00 30 C5 09 00 02 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 9C 1A 00 00 | success or wait | 575271305 |
File other op | Path: C:\WINDOWS\system32\crypt32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@19c189b | success or wait | 575277044 |
File read | Path: C:\WINDOWS\system32\crypt32.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 C4 43 08 00 00 10 00 00 00 44 08 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 E8 23 00 00 00 60 08 00 00 24 00 00 00 48 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 50 67 00 00 00 90 08 00 00 68 00 00 | success or wait | 575283436 |
File other op | Path: C:\WINDOWS\system32\crypt32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@113722b | success or wait | 575293026 |
Section loaded | Path: C:\WINDOWS\system32\crypt32.dll Access: query and read Type: commit Baseaddress: CB0000 Size: 77824 Protection: readonly Mapped to pid: own pid | success or wait | 575303181 |
Mutant created | Name: \BaseNamedObjects\WTFGQ7AIWawyMYWWRAk3SWXkgj39MdG | access denied | 575349830 |
Thread created | PID: 1728 TID: 3988 EIP: 7C8106F9 Imagepath: C:\WINDOWS\system32\ctfmon.exe | success or wait | 575392115 |
Thread resumed | TID: 3988 PID: 1728 Path: C:\WINDOWS\system32\ctfmon.exe | success or wait | 575396460 |
File opened | Path: \pipe\globpluginspipe Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: none Content Overwritten: true | success or wait | 575399846 |
File read | Path: \globpluginspipe Offset: unknown Length: 4 Value: 41 0C 02 00 | success or wait | 575407092 |
Thread created | PID: 1728 TID: 3996 EIP: 7C8106F9 Imagepath: C:\WINDOWS\system32\ctfmon.exe | success or wait | 575426450 |
Thread resumed | TID: 3996 PID: 1728 Path: C:\WINDOWS\system32\ctfmon.exe | success or wait | 575433230 |
Thread delayed | Time: 0 TID: 3996 | success or wait | 575438594 |
File read | Path: \globpluginspipe Offset: unknown Length: 134209 Value: 67 6C 6F 62 70 6C 75 67 69 6E 73 00 04 00 00 00 72 73 74 5F 31 5F 31 00 00 0C 02 00 4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF 00 00 B8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 E8 00 00 00 0E 1F BA 0E 00 B4 09 CD | success or wait | 575664763 |
Thread delayed | Time: 0 TID: 3996 | success or wait | 576718611 |
Memory allocated | PID: 1728 Path: C:\WINDOWS\system32\ctfmon.exe Base: D60000 Length: E1FF2C Allocation Type: unknown Protection: page execute and read and write | success or wait | 576720753 |
Memory allocated | PID: 1728 Path: C:\WINDOWS\system32\ctfmon.exe Base: A70000 Length: E1FE78 Allocation Type: unknown Protection: page read and write | success or wait | 576734864 |
Memory allocated | PID: 1728 Path: C:\WINDOWS\system32\ctfmon.exe Base: A70000 Length: E1FE7C Allocation Type: unknown Protection: page read and write | success or wait | 576740980 |
Memory allocated | PID: 1728 Path: C:\WINDOWS\system32\ctfmon.exe Base: A71000 Length: E1FB58 Allocation Type: unknown Protection: page read and write | success or wait | 576746745 |
Process information queried | PID: 1728 Info Class: Cookie | success or wait | 576751894 |
Process information queried | PID: 1728 Info Class: Cookie | success or wait | 576757708 |
Process information queried | PID: 1728 Info Class: Cookie | success or wait | 576761807 |
Process information queried | PID: 1728 Info Class: Cookie | success or wait | 576766020 |
Process information queried | PID: 1728 Info Class: Cookie | success or wait | 576770233 |
Process information queried | PID: 1728 Info Class: Cookie | success or wait | 576777881 |
Process information queried | PID: 1728 Info Class: Cookie | success or wait | 576782289 |
Process information queried | PID: 1728 Info Class: Cookie | success or wait | 576788531 |
Process information queried | PID: 1728 Info Class: Cookie | success or wait | 576800978 |
Process information queried | PID: 1728 Info Class: Cookie | success or wait | 576992972 |
Process information queried | PID: 1728 Info Class: Cookie | success or wait | 577179648 |
Process information queried | PID: 1728 Info Class: Cookie | success or wait | 577185844 |
Process information queried | PID: 1728 Info Class: Cookie | success or wait | 577197312 |
Process information queried | PID: 1728 Info Class: Cookie | success or wait | 577202760 |
Process information queried | PID: 1728 Info Class: Cookie | success or wait | 577209199 |
Process information queried | PID: 1728 Info Class: Cookie | success or wait | 577213506 |
Process information queried | PID: 1728 Info Class: Cookie | success or wait | 577239831 |
Process information queried | PID: 1728 Info Class: Cookie | success or wait | 577246280 |
Process information queried | PID: 1728 Info Class: Cookie | success or wait | 577249792 |
Process information queried | PID: 1728 Info Class: Cookie | success or wait | 577279087 |
Process information queried | PID: 1728 Info Class: Cookie | success or wait | 577284704 |
Process information queried | PID: 1728 Info Class: Cookie | success or wait | 577289649 |
Process information queried | PID: 1728 Info Class: Cookie | success or wait | 577300847 |
Process information queried | PID: 1728 Info Class: Cookie | success or wait | 577305177 |
Process information queried | PID: 1728 Info Class: Cookie | success or wait | 577313598 |
Process information queried | PID: 1728 Info Class: Cookie | success or wait | 577319374 |
Process information queried | PID: 1728 Info Class: Cookie | success or wait | 577323883 |
Process information queried | PID: 1728 Info Class: Cookie | success or wait | 577509007 |
Process information queried | PID: 1728 Info Class: Cookie | success or wait | 578395013 |
Thread delayed | Time: 0 TID: 3996 | success or wait | 578411352 |
Process information queried | PID: 1728 Info Class: Cookie | success or wait | 578413093 |
Process information queried | PID: 1728 Info Class: Cookie | success or wait | 578418518 |
Process information queried | PID: 1728 Info Class: Cookie | success or wait | 578439831 |
Process information queried | PID: 1728 Info Class: Cookie | success or wait | 578448678 |
Process information queried | PID: 1728 Info Class: Cookie | success or wait | 578455092 |
Process information queried | PID: 1728 Info Class: Cookie | success or wait | 578465605 |
Process information queried | PID: 1728 Info Class: Cookie | success or wait | 578474578 |
Process information queried | PID: 1728 Info Class: Cookie | success or wait | 578478660 |
Process information queried | PID: 1728 Info Class: Cookie | success or wait | 578490108 |
Process information queried | PID: 1728 Info Class: Cookie | success or wait | 578713126 |
Process information queried | PID: 1728 Info Class: Cookie | success or wait | 578728500 |
Process information queried | PID: 1728 Info Class: Cookie | success or wait | 578920632 |
Process information queried | PID: 1728 Info Class: Cookie | success or wait | 578927328 |
Process information queried | PID: 1728 Info Class: Cookie | success or wait | 578936916 |
Process information queried | PID: 1728 Info Class: Cookie | success or wait | 578944756 |
Process information queried | PID: 1728 Info Class: Cookie | success or wait | 578948755 |
Process information queried | PID: 1728 Info Class: Cookie | success or wait | 578954767 |
Process information queried | PID: 1728 Info Class: Cookie | success or wait | 578959235 |
Process information queried | PID: 1728 Info Class: Cookie | success or wait | 578962799 |
Process information queried | PID: 1728 Info Class: Cookie | success or wait | 578966734 |
Process information queried | PID: 1728 Info Class: Cookie | success or wait | 578974917 |
Thread delayed | Time: 0 TID: 3996 | success or wait | 580084661 |
Thread delayed | Time: 0 TID: 3996 | success or wait | 582418673 |
Thread delayed | Time: 0 TID: 3996 | success or wait | 583830038 |
Thread delayed | Time: 0 TID: 3996 | success or wait | 585036792 |
Thread delayed | Time: 0 TID: 3996 | success or wait | 586635991 |
Thread created | PID: 1728 TID: 1076 EIP: 7C8106F9 Imagepath: C:\WINDOWS\system32\ctfmon.exe | success or wait | 586771597 |
Thread resumed | TID: 1076 PID: 1728 Path: C:\WINDOWS\system32\ctfmon.exe | success or wait | 586773015 |
Thread created | PID: 1728 TID: 1172 EIP: 7C8106F9 Imagepath: C:\WINDOWS\system32\ctfmon.exe | success or wait | 586778899 |
Thread resumed | TID: 1172 PID: 1728 Path: C:\WINDOWS\system32\ctfmon.exe | success or wait | 586782534 |
Thread delayed | Time: 0 TID: 3996 | success or wait | 587746555 |
Thread delayed | Time: 0 TID: 3996 | success or wait | 588866304 |
Thread delayed | Time: 0 TID: 3996 | success or wait | 589984911 |
Thread delayed | Time: 0 TID: 3996 | success or wait | 591103623 |
Thread delayed | Time: 0 TID: 3996 | success or wait | 592222069 |
Thread delayed | Time: 0 TID: 3996 | success or wait | 593340520 |
Thread delayed | Time: 0 TID: 3996 | success or wait | 594646902 |
Thread delayed | Time: 0 TID: 3996 | success or wait | 596040992 |
Thread delayed | Time: 0 TID: 3996 | success or wait | 597143573 |
Thread delayed | Time: 0 TID: 3996 | success or wait | 598274397 |
Thread delayed | Time: 0 TID: 3996 | success or wait | 599578026 |
Thread delayed | Time: 0 TID: 3996 | success or wait | 600672301 |
Thread delayed | Time: 0 TID: 3996 | success or wait | 601793710 |
Thread delayed | Time: 0 TID: 3996 | success or wait | 602914358 |
Thread delayed | Time: 0 TID: 3996 | success or wait | 604210583 |
Thread delayed | Time: 0 TID: 3996 | success or wait | 605417748 |
Thread delayed | Time: 0 TID: 3996 | success or wait | 606486822 |
Thread delayed | Time: 0 TID: 3996 | success or wait | 607604946 |
Thread delayed | Time: 0 TID: 3996 | success or wait | 608743738 |
Thread delayed | Time: 0 TID: 3996 | success or wait | 609841989 |
Thread delayed | Time: 0 TID: 3996 | success or wait | 610958320 |
Thread delayed | Time: 0 TID: 3996 | success or wait | 612077529 |
Thread delayed | Time: 0 TID: 3996 | success or wait | 613196653 |
Thread delayed | Time: 0 TID: 3996 | success or wait | 614317682 |
Thread delayed | Time: 0 TID: 3996 | success or wait | 615433605 |
Thread delayed | Time: 0 TID: 3996 | success or wait | 616552139 |
Thread delayed | Time: 0 TID: 3996 | success or wait | 617673741 |
Thread delayed | Time: 0 TID: 3996 | success or wait | 618789348 |
Thread delayed | Time: 0 TID: 3996 | success or wait | 619915733 |
Thread delayed | Time: 0 TID: 3996 | success or wait | 621026505 |
Thread delayed | Time: 0 TID: 3996 | success or wait | 622145592 |
Thread delayed | Time: 0 TID: 3996 | success or wait | 623263745 |
Thread delayed | Time: 0 TID: 3996 | success or wait | 624385050 |
Thread delayed | Time: 0 TID: 3996 | success or wait | 625500993 |
Thread delayed | Time: 0 TID: 3996 | success or wait | 626622111 |
Thread delayed | Time: 0 TID: 3996 | success or wait | 627738269 |
Thread delayed | Time: 0 TID: 3996 | success or wait | 628861156 |
Thread delayed | Time: 0 TID: 3996 | success or wait | 629976153 |
Thread delayed | Time: 0 TID: 3996 | success or wait | 631094370 |
Thread delayed | Time: 0 TID: 3996 | success or wait | 632212585 |
Thread delayed | Time: 0 TID: 3996 | success or wait | 633331257 |
Thread delayed | Time: 0 TID: 3996 | success or wait | 634458795 |
Section loaded | Path: \BaseNamedObjects\CTF.AsmListCache.FMPDefaultS-1-5-21-507921405-1960408961-839522115-500 Access: query and write and read and execute and extend size Type: unknown Baseaddress: B10000 Size: 4096 Protection: read write Mapped to pid: own pid | success or wait | 648849874 |
Section loaded | Path: \BaseNamedObjects\CTF.AsmListCache.FMPDefaultS-1-5-21-507921405-1960408961-839522115-500 Access: query and write and read and execute and extend size Type: unknown Baseaddress: B10000 Size: 4096 Protection: read write Mapped to pid: own pid | success or wait | 648869317 |
Process information queried | PID: 1728 Info Class: DefaultHardErrorMode | success or wait | 649089129 |
Process information queried | PID: 1728 Info Class: DefaultHardErrorMode | success or wait | 649098336 |
Section loaded | Path: C:\WINDOWS\ime\sptip.dll Access: write and read and execute Type: commit Baseaddress: DE0000 Size: 253952 Protection: execute Mapped to pid: own pid | success or wait | 649100526 |
Section loaded | Path: C:\WINDOWS\ime\sptip.dll Access: query and read Type: commit Baseaddress: DE0000 Size: 253952 Protection: readonly Mapped to pid: own pid | success or wait | 649117664 |
Section loaded | Path: \BaseNamedObjects\CTF.AsmListCache.FMPDefaultS-1-5-21-507921405-1960408961-839522115-500 Access: query and write and read Type: commit Baseaddress: 3A0000 Size: 4096 Protection: read write Mapped to pid: own pid | success or wait | 649232286 |
Section loaded | Path: \BaseNamedObjects\MSCTF.MarshalInterface.FileMap.MKJ..CLLAFB Access: query and write and read and execute and extend size Type: unknown Baseaddress: B10000 Size: 4096 Protection: read write Mapped to pid: own pid | success or wait | 663888329 |
Windows enumerated | Desktop: 0 Parent: 0 Enum Children: false TID: 9AC HWNDs: 201C6, 201C8, 201C4, 201C0, 201CA, 14014E, 1F0150, 1E010E, 1C014C, 120118, 201CC, 301D0, D0100, 1200DC, E0146 | success or wait | 664325949 |
Section loaded | Path: \BaseNamedObjects\MSCTF.MarshalInterface.FileMap.MKJ.B.PCMAFB Access: query and write and read and execute and extend size Type: unknown Baseaddress: B10000 Size: 4096 Protection: read write Mapped to pid: own pid | success or wait | 664339159 |
Section loaded | Path: \BaseNamedObjects\MSCTF.MarshalInterface.FileMap.MKJ.C.PCMAFB Access: query and write and read and execute and extend size Type: unknown Baseaddress: B10000 Size: 4096 Protection: read write Mapped to pid: own pid | success or wait | 664341459 |
Section loaded | Path: \BaseNamedObjects\MSCTF.MarshalInterface.FileMap.MKJ.D.PCMAFB Access: query and write and read and execute and extend size Type: unknown Baseaddress: B10000 Size: 4096 Protection: read write Mapped to pid: own pid | success or wait | 664341929 |
Section loaded | Path: \BaseNamedObjects\MSCTF.MarshalInterface.FileMap.MKJ.E.PCMAFB Access: query and write and read and execute and extend size Type: unknown Baseaddress: B10000 Size: 4096 Protection: read write Mapped to pid: own pid | success or wait | 664344171 |
Section loaded | Path: \BaseNamedObjects\MSCTF.MarshalInterface.FileMap.MKJ.F.PCMAFB Access: query and write and read and execute and extend size Type: unknown Baseaddress: B10000 Size: 4096 Protection: read write Mapped to pid: own pid | success or wait | 664344636 |
Section loaded | Path: \BaseNamedObjects\MSCTF.MarshalInterface.FileMap.MKJ.G.PCMAFB Access: query and write and read and execute and extend size Type: unknown Baseaddress: B10000 Size: 4096 Protection: read write Mapped to pid: own pid | success or wait | 664346328 |
Section loaded | Path: \BaseNamedObjects\MSCTF.MarshalInterface.FileMap.MKJ.H.PCMAFB Access: query and write and read and execute and extend size Type: unknown Baseaddress: B10000 Size: 4096 Protection: read write Mapped to pid: own pid | success or wait | 664348980 |
Section loaded | Path: \BaseNamedObjects\MSCTF.MarshalInterface.FileMap.MKJ.I.PCMAFB Access: query and write and read and execute and extend size Type: unknown Baseaddress: B10000 Size: 4096 Protection: read write Mapped to pid: own pid | success or wait | 664352016 |
Section loaded | Path: \BaseNamedObjects\MSCTF.MarshalInterface.FileMap.MKJ.J.PCMAFB Access: query and write and read and execute and extend size Type: unknown Baseaddress: B10000 Size: 4096 Protection: read write Mapped to pid: own pid | success or wait | 664352499 |
Section loaded | Path: \BaseNamedObjects\MSCTF.MarshalInterface.FileMap.MKJ.K.PCMAFB Access: query and write and read and execute and extend size Type: unknown Baseaddress: B10000 Size: 4096 Protection: read write Mapped to pid: own pid | success or wait | 664356859 |
Section loaded | Path: \BaseNamedObjects\MSCTF.MarshalInterface.FileMap.MKJ.L.ODMAFB Access: query and write and read and execute and extend size Type: unknown Baseaddress: B10000 Size: 4096 Protection: read write Mapped to pid: own pid | success or wait | 664381481 |
Section loaded | Path: \BaseNamedObjects\MSCTF.MarshalInterface.FileMap.MKJ.M.ODMAFB Access: query and write and read and execute and extend size Type: unknown Baseaddress: B10000 Size: 4096 Protection: read write Mapped to pid: own pid | success or wait | 664395177 |
Section loaded | Path: \BaseNamedObjects\MSCTF.MarshalInterface.FileMap.MKJ.N.ODMAFB Access: query and write and read and execute and extend size Type: unknown Baseaddress: B10000 Size: 4096 Protection: read write Mapped to pid: own pid | success or wait | 664403624 |
Section loaded | Path: \BaseNamedObjects\MSCTF.MarshalInterface.FileMap.MKJ.O.ODMAFB Access: query and write and read and execute and extend size Type: unknown Baseaddress: B10000 Size: 4096 Protection: read write Mapped to pid: own pid | success or wait | 664411956 |
Section loaded | Path: \BaseNamedObjects\MSCTF.MarshalInterface.FileMap.MKJ.P.ODMAFB Access: query and write and read and execute and extend size Type: unknown Baseaddress: B10000 Size: 4096 Protection: read write Mapped to pid: own pid | success or wait | 664428318 |
Section loaded | Path: \BaseNamedObjects\MSCTF.MarshalInterface.FileMap.MKJ.AB.OEMAFB Access: query and write and read and execute and extend size Type: unknown Baseaddress: B10000 Size: 4096 Protection: read write Mapped to pid: own pid | success or wait | 664439792 |
Section loaded | Path: \BaseNamedObjects\MSCTF.MarshalInterface.FileMap.MKJ.BB.OEMAFB Access: query and write and read and execute and extend size Type: unknown Baseaddress: B10000 Size: 4096 Protection: read write Mapped to pid: own pid | success or wait | 664450409 |
Section loaded | Path: \BaseNamedObjects\MSCTF.MarshalInterface.FileMap.MKJ.CB.OEMAFB Access: query and write and read and execute and extend size Type: unknown Baseaddress: B10000 Size: 4096 Protection: read write Mapped to pid: own pid | success or wait | 664462689 |
Section loaded | Path: \BaseNamedObjects\MSCTF.MarshalInterface.FileMap.EMG.HC.OEMAFB Access: query and write and read Type: commit Baseaddress: B10000 Size: 4096 Protection: read write Mapped to pid: own pid | success or wait | 664477413 |
Section loaded | Path: \BaseNamedObjects\MSCTF.MarshalInterface.FileMap.EMG.IC.OEMAFB Access: query and write and read Type: commit Baseaddress: C20000 Size: 4096 Protection: read write Mapped to pid: own pid | success or wait | 664479439 |
Section loaded | Path: \BaseNamedObjects\MSCTF.MarshalInterface.FileMap.EMG.JC.OEMAFB Access: query and write and read Type: commit Baseaddress: CB0000 Size: 4096 Protection: read write Mapped to pid: own pid | success or wait | 664479937 |
Section loaded | Path: \BaseNamedObjects\MSCTF.MarshalInterface.FileMap.EMG.KC.NFMAFB Access: query and write and read Type: commit Baseaddress: CC0000 Size: 4096 Protection: read write Mapped to pid: own pid | success or wait | 664482523 |
Section loaded | Path: \BaseNamedObjects\MSCTF.MarshalInterface.FileMap.EMG.LC.NFMAFB Access: query and write and read Type: commit Baseaddress: CD0000 Size: 4096 Protection: read write Mapped to pid: own pid | success or wait | 664482910 |
Section loaded | Path: \BaseNamedObjects\MSCTF.MarshalInterface.FileMap.EMG.MC.NFMAFB Access: query and write and read Type: commit Baseaddress: DE0000 Size: 4096 Protection: read write Mapped to pid: own pid | success or wait | 664483312 |
Section loaded | Path: \BaseNamedObjects\MSCTF.MarshalInterface.FileMap.EMG.NC.NFMAFB Access: query and write and read Type: commit Baseaddress: DF0000 Size: 4096 Protection: read write Mapped to pid: own pid | success or wait | 664485131 |
Section loaded | Path: \BaseNamedObjects\MSCTF.MarshalInterface.FileMap.EMG.OC.NFMAFB Access: query and write and read Type: commit Baseaddress: E00000 Size: 4096 Protection: read write Mapped to pid: own pid | success or wait | 664485513 |
Section loaded | Path: \BaseNamedObjects\MSCTF.MarshalInterface.FileMap.EMG.PC.NFMAFB Access: query and write and read Type: commit Baseaddress: E10000 Size: 4096 Protection: read write Mapped to pid: own pid | success or wait | 664485931 |
Mutant created | Name: \BaseNamedObjects\ofjwkwufhdjfgki | object name exists | 697685810 |
File opened | Path: \pipe\globpluginspipe Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: none Content Overwritten: true | pipe not available | 697802769 |
File opened | Path: \pipe\globpluginspipe Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: none Content Overwritten: true | pipe not available | 697894350 |
File opened | Path: \pipe\globpluginspipe Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: none Content Overwritten: true | pipe not available | 698367778 |
File opened | Path: \pipe\globpluginspipe Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: none Content Overwritten: true | success or wait | 698867373 |
File read | Path: \globpluginspipe Offset: unknown Length: 4 Value: 41 0C 02 00 | success or wait | 698897983 |
File read | Path: \globpluginspipe Offset: unknown Length: 134209 Value: 67 6C 6F 62 70 6C 75 67 69 6E 73 00 04 00 00 00 72 73 74 5F 31 5F 31 00 00 0C 02 00 4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF 00 00 B8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 E8 00 00 00 0E 1F BA 0E 00 B4 09 CD | success or wait | 699171616 |
Section loaded | Path: \BaseNamedObjects\MSCTF.MarshalInterface.FileMap.AKM..KALFFB Access: query and write and read and execute and extend size Type: unknown Baseaddress: E60000 Size: 4096 Protection: read write Mapped to pid: own pid | success or wait | 736615497 |
Section loaded | Path: \BaseNamedObjects\MSCTF.Shared.SFM.MKJ Access: query and write and read and execute and extend size Type: unknown Baseaddress: 14F0000 Size: 524288 Protection: read write Mapped to pid: own pid | success or wait | 736735473 |
Windows enumerated | Desktop: 0 Parent: 0 Enum Children: false TID: CA0 HWNDs: 201D8, 4018A, A017A, 4018C, 30182, A0158, 301B0, 201CE, 201D2, 201D4, 4016C, 601DC, 1, 1200DC, E0146 | success or wait | 736755532 |
Section loaded | Path: \BaseNamedObjects\MSCTF.MarshalInterface.FileMap.AKM.B.JCLFFB Access: query and write and read and execute and extend size Type: unknown Baseaddress: E10000 Size: 4096 Protection: read write Mapped to pid: own pid | success or wait | 736768903 |
Section loaded | Path: \BaseNamedObjects\MSCTF.MarshalInterface.FileMap.AKM.C.JCLFFB Access: query and write and read and execute and extend size Type: unknown Baseaddress: E10000 Size: 4096 Protection: read write Mapped to pid: own pid | success or wait | 736790106 |
Section loaded | Path: \BaseNamedObjects\MSCTF.MarshalInterface.FileMap.AKM.D.JCLFFB Access: query and write and read and execute and extend size Type: unknown Baseaddress: E10000 Size: 4096 Protection: read write Mapped to pid: own pid | success or wait | 736850802 |
Section loaded | Path: \BaseNamedObjects\MSCTF.MarshalInterface.FileMap.AKM.E.JCLFFB Access: query and write and read and execute and extend size Type: unknown Baseaddress: E10000 Size: 4096 Protection: read write Mapped to pid: own pid | success or wait | 736874067 |
Section loaded | Path: \BaseNamedObjects\MSCTF.MarshalInterface.FileMap.AKM.F.JCLFFB Access: query and write and read and execute and extend size Type: unknown Baseaddress: E10000 Size: 4096 Protection: read write Mapped to pid: own pid | success or wait | 736882907 |
Section loaded | Path: \BaseNamedObjects\MSCTF.MarshalInterface.FileMap.AKM.G.JCLFFB Access: query and write and read and execute and extend size Type: unknown Baseaddress: E10000 Size: 4096 Protection: read write Mapped to pid: own pid | success or wait | 736885924 |
Section loaded | Path: \BaseNamedObjects\MSCTF.MarshalInterface.FileMap.AKM.H.JCLFFB Access: query and write and read and execute and extend size Type: unknown Baseaddress: E10000 Size: 4096 Protection: read write Mapped to pid: own pid | success or wait | 736910745 |
Section loaded | Path: \BaseNamedObjects\MSCTF.MarshalInterface.FileMap.AKM.I.JDLFFB Access: query and write and read and execute and extend size Type: unknown Baseaddress: E10000 Size: 4096 Protection: read write Mapped to pid: own pid | success or wait | 736913066 |
Section loaded | Path: \BaseNamedObjects\MSCTF.MarshalInterface.FileMap.AKM.J.JDLFFB Access: query and write and read and execute and extend size Type: unknown Baseaddress: E10000 Size: 4096 Protection: read write Mapped to pid: own pid | success or wait | 736925707 |
Section loaded | Path: \BaseNamedObjects\MSCTF.MarshalInterface.FileMap.AKM.K.IGLFFB Access: query and write and read and execute and extend size Type: unknown Baseaddress: E10000 Size: 4096 Protection: read write Mapped to pid: own pid | success or wait | 736954529 |
Windows enumerated | Desktop: 0 Parent: 0 Enum Children: false TID: CA0 HWNDs: 201D8, 4018A, A017A, 201CE, 4018C, 30182, A0158, 301B0, 201D2, 201D4, 4016C, 601DC, 1, 1200DC, E0146 | success or wait | 736990506 |
Section loaded | Path: \BaseNamedObjects\MSCTF.MarshalInterface.FileMap.AKM.L.HJLFFB Access: query and write and read and execute and extend size Type: unknown Baseaddress: E10000 Size: 4096 Protection: read write Mapped to pid: own pid | success or wait | 737090950 |
Section loaded | Path: \BaseNamedObjects\MSCTF.MarshalInterface.FileMap.AKM.M.HJLFFB Access: query and write and read and execute and extend size Type: unknown Baseaddress: E10000 Size: 4096 Protection: read write Mapped to pid: own pid | success or wait | 737132536 |
Section loaded | Path: \BaseNamedObjects\MSCTF.MarshalInterface.FileMap.AKM.N.GKLFFB Access: query and write and read and execute and extend size Type: unknown Baseaddress: E10000 Size: 4096 Protection: read write Mapped to pid: own pid | success or wait | 737157634 |
Section loaded | Path: \BaseNamedObjects\MSCTF.MarshalInterface.FileMap.AKM.O.GKLFFB Access: query and write and read and execute and extend size Type: unknown Baseaddress: E10000 Size: 4096 Protection: read write Mapped to pid: own pid | success or wait | 737190381 |
Section loaded | Path: \BaseNamedObjects\MSCTF.MarshalInterface.FileMap.AKM.P.GLLFFB Access: query and write and read and execute and extend size Type: unknown Baseaddress: E10000 Size: 4096 Protection: read write Mapped to pid: own pid | success or wait | 737214839 |
Section loaded | Path: \BaseNamedObjects\MSCTF.MarshalInterface.FileMap.AKM.AB.GLLFFB Access: query and write and read and execute and extend size Type: unknown Baseaddress: E10000 Size: 4096 Protection: read write Mapped to pid: own pid | success or wait | 737238295 |
Windows enumerated | Desktop: 0 Parent: 0 Enum Children: false TID: CA0 HWNDs: 201D8, 4018A, A017A, 201CE, 4018C, 30182, A0158, 301B0, 201D2, 201D4, 4016C, 601DC, 1, 1200DC, E0146 | success or wait | 737638889 |
Section loaded | Path: \BaseNamedObjects\MSCTF.MarshalInterface.FileMap.AKM.BB.DDMFFB Access: query and write and read and execute and extend size Type: unknown Baseaddress: E10000 Size: 4096 Protection: read write Mapped to pid: own pid | success or wait | 737689137 |
Section loaded | Path: \BaseNamedObjects\MSCTF.MarshalInterface.FileMap.AKM.CB.DEMFFB Access: query and write and read and execute and extend size Type: unknown Baseaddress: E10000 Size: 4096 Protection: read write Mapped to pid: own pid | success or wait | 737728191 |
Section loaded | Path: \BaseNamedObjects\MSCTF.MarshalInterface.FileMap.EMG.AD.CFMFFB Access: query and write and read Type: commit Baseaddress: E10000 Size: 4096 Protection: read write Mapped to pid: own pid | success or wait | 737768585 |
Section loaded | Path: \BaseNamedObjects\MSCTF.MarshalInterface.FileMap.EMG.BD.CFMFFB Access: query and write and read Type: commit Baseaddress: E60000 Size: 4096 Protection: read write Mapped to pid: own pid | success or wait | 737769004 |
Section loaded | Path: \BaseNamedObjects\MSCTF.MarshalInterface.FileMap.EMG.CD.CFMFFB Access: query and write and read Type: commit Baseaddress: EF0000 Size: 4096 Protection: read write Mapped to pid: own pid | success or wait | 737774479 |
Section loaded | Path: \BaseNamedObjects\MSCTF.MarshalInterface.FileMap.EMG.DD.CFMFFB Access: query and write and read Type: commit Baseaddress: F00000 Size: 4096 Protection: read write Mapped to pid: own pid | success or wait | 737775261 |
Section loaded | Path: \BaseNamedObjects\MSCTF.MarshalInterface.FileMap.EMG.ED.CFMFFB Access: query and write and read Type: commit Baseaddress: F10000 Size: 4096 Protection: read write Mapped to pid: own pid | success or wait | 737775644 |
Section loaded | Path: \BaseNamedObjects\MSCTF.MarshalInterface.FileMap.EMG.FD.CFMFFB Access: query and write and read Type: commit Baseaddress: F20000 Size: 4096 Protection: read write Mapped to pid: own pid | success or wait | 737779484 |
Section loaded | Path: \BaseNamedObjects\MSCTF.MarshalInterface.FileMap.EMG.GD.CFMFFB Access: query and write and read Type: commit Baseaddress: F30000 Size: 4096 Protection: read write Mapped to pid: own pid | success or wait | 737780204 |
Section loaded | Path: \BaseNamedObjects\MSCTF.MarshalInterface.FileMap.EMG.HD.CFMFFB Access: query and write and read Type: commit Baseaddress: F40000 Size: 4096 Protection: read write Mapped to pid: own pid | success or wait | 737780590 |
Section loaded | Path: \BaseNamedObjects\MSCTF.MarshalInterface.FileMap.EMG.ID.CFMFFB Access: query and write and read Type: commit Baseaddress: F50000 Size: 4096 Protection: read write Mapped to pid: own pid | success or wait | 737780989 |
Section loaded | Path: \BaseNamedObjects\MSCTF.Shared.SFM.AKM Access: query and write and read and execute and extend size Type: unknown Baseaddress: 1570000 Size: 524288 Protection: read write Mapped to pid: own pid | success or wait | 760678105 |
Mutant created | Name: \BaseNamedObjects\ofjwkwufhdjfgki | object name exists | 817796257 |
File opened | Path: \pipe\globpluginspipe Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: none Content Overwritten: true | pipe not available | 817796890 |
File opened | Path: \pipe\globpluginspipe Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: none Content Overwritten: true | pipe not available | 817809090 |
File opened | Path: \pipe\globpluginspipe Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: none Content Overwritten: true | pipe not available | 819560501 |
File opened | Path: \pipe\globpluginspipe Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: none Content Overwritten: true | success or wait | 820564589 |
File read | Path: \globpluginspipe Offset: unknown Length: 4 Value: 41 0C 02 00 | success or wait | 820634855 |
File read | Path: \globpluginspipe Offset: unknown Length: 134209 Value: 67 6C 6F 62 70 6C 75 67 69 6E 73 00 04 00 00 00 72 73 74 5F 31 5F 31 00 00 0C 02 00 4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF 00 00 B8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 E8 00 00 00 0E 1F BA 0E 00 B4 09 CD | success or wait | 821159165 |
Sections | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
File Activities:
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Section Activities:
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Mutant Activities:
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Process Activities:
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Thread Activities:
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Memory Activities:
|
Chronological sections | |||
Operation | Data | Completion | Time |
Section loaded | Path: \KnownDlls\CRYPT32.dll Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 553177204 |
Section loaded | Path: C:\WINDOWS\system32\crypt32.dll Access: query and write and read and execute Type: image Baseaddress: 77A80000 Size: 610304 Protection: read write Mapped to pid: own pid | success or wait | 553181722 |
Section loaded | Path: \KnownDlls\MSASN1.dll Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 554180477 |
Section loaded | Path: C:\WINDOWS\system32\msasn1.dll Access: query and write and read and execute Type: image Baseaddress: 77B20000 Size: 73728 Protection: read write Mapped to pid: own pid | success or wait | 554184157 |
Memory attributes changed | PID: 340 Path: C:\WINDOWS\system32\svchost.exe Base: 7C90D76E Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 555060623 |
File opened | Path: C:\WINDOWS\system32\ntdll.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 555075737 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@177357d | success or wait | 555089621 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 4 Value: D0 00 00 00 | success or wait | 555092177 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@158c52c | success or wait | 555094015 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 20 Value: 4C 01 04 00 7D F2 00 4D 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 555095950 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 D0 07 00 00 3C 03 00 00 00 00 00 F8 20 01 00 00 10 00 00 00 90 07 00 00 00 90 7C 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 0A 00 00 00 00 00 00 20 0B 00 00 04 00 00 30 FD 0A 00 03 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 34 00 00 | success or wait | 555381752 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@f8d6a6 | success or wait | 555397882 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 DA CE 07 00 00 10 00 00 00 D0 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 20 4A 00 00 00 E0 07 00 00 32 00 00 00 D4 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 78 BE 02 00 00 30 08 00 00 C0 02 00 | success or wait | 555436688 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@d4694f | success or wait | 555439802 |
Section loaded | Path: C:\WINDOWS\system32\ntdll.dll Access: query and read Type: commit Baseaddress: B60000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 555451828 |
Memory attributes changed | PID: 340 Path: C:\WINDOWS\system32\svchost.exe Base: 7C90D76E Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 556143980 |
Memory attributes changed | PID: 340 Path: C:\WINDOWS\system32\svchost.exe Base: BAFCD70 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 556147157 |
Memory attributes changed | PID: 340 Path: C:\WINDOWS\system32\svchost.exe Base: 7C90DF1E Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 556149447 |
File opened | Path: C:\WINDOWS\system32\ntdll.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 556169977 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@177357d | success or wait | 556174311 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 4 Value: D0 00 00 00 | success or wait | 556177708 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@158c52c | success or wait | 556190394 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 20 Value: 4C 01 04 00 7D F2 00 4D 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 556193283 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 D0 07 00 00 3C 03 00 00 00 00 00 F8 20 01 00 00 10 00 00 00 90 07 00 00 00 90 7C 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 0A 00 00 00 00 00 00 20 0B 00 00 04 00 00 30 FD 0A 00 03 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 34 00 00 | success or wait | 556744173 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@f8d6a6 | success or wait | 556747833 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 DA CE 07 00 00 10 00 00 00 D0 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 20 4A 00 00 00 E0 07 00 00 32 00 00 00 D4 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 78 BE 02 00 00 30 08 00 00 C0 02 00 | success or wait | 556750561 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@d4694f | success or wait | 556753497 |
Section loaded | Path: C:\WINDOWS\system32\ntdll.dll Access: query and read Type: commit Baseaddress: B60000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 556763206 |
Memory attributes changed | PID: 340 Path: C:\WINDOWS\system32\svchost.exe Base: 7C90DF1E Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 556809723 |
Memory attributes changed | PID: 340 Path: C:\WINDOWS\system32\svchost.exe Base: BB17110 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 556812655 |
Memory attributes changed | PID: 340 Path: C:\WINDOWS\system32\svchost.exe Base: 7C90D2EE Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 556814911 |
File opened | Path: C:\WINDOWS\system32\ntdll.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 556824538 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@177357d | success or wait | 556872762 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 4 Value: D0 00 00 00 | success or wait | 556878732 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@158c52c | success or wait | 556881661 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 20 Value: 4C 01 04 00 7D F2 00 4D 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 556892329 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 D0 07 00 00 3C 03 00 00 00 00 00 F8 20 01 00 00 10 00 00 00 90 07 00 00 00 90 7C 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 0A 00 00 00 00 00 00 20 0B 00 00 04 00 00 30 FD 0A 00 03 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 34 00 00 | success or wait | 556914240 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@f8d6a6 | success or wait | 556919487 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 DA CE 07 00 00 10 00 00 00 D0 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 20 4A 00 00 00 E0 07 00 00 32 00 00 00 D4 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 78 BE 02 00 00 30 08 00 00 C0 02 00 | success or wait | 556922882 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@d4694f | success or wait | 556927833 |
Section loaded | Path: C:\WINDOWS\system32\ntdll.dll Access: query and read Type: commit Baseaddress: B60000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 556932340 |
Memory attributes changed | PID: 340 Path: C:\WINDOWS\system32\svchost.exe Base: 7C90D2EE Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 558075108 |
Memory attributes changed | PID: 340 Path: C:\WINDOWS\system32\svchost.exe Base: BB02A80 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 558089714 |
Memory attributes changed | PID: 340 Path: C:\WINDOWS\system32\svchost.exe Base: 7C90DB3E Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 558129965 |
File opened | Path: C:\WINDOWS\system32\ntdll.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 558138454 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@177357d | success or wait | 558152185 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 4 Value: D0 00 00 00 | success or wait | 558156943 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@158c52c | success or wait | 558160557 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 20 Value: 4C 01 04 00 7D F2 00 4D 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 558165267 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 D0 07 00 00 3C 03 00 00 00 00 00 F8 20 01 00 00 10 00 00 00 90 07 00 00 00 90 7C 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 0A 00 00 00 00 00 00 20 0B 00 00 04 00 00 30 FD 0A 00 03 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 34 00 00 | success or wait | 558172456 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@f8d6a6 | success or wait | 558189443 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 DA CE 07 00 00 10 00 00 00 D0 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 20 4A 00 00 00 E0 07 00 00 32 00 00 00 D4 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 78 BE 02 00 00 30 08 00 00 C0 02 00 | success or wait | 558193093 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@d4694f | success or wait | 558206357 |
Section loaded | Path: C:\WINDOWS\system32\ntdll.dll Access: query and read Type: commit Baseaddress: B60000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 558211722 |
Memory attributes changed | PID: 340 Path: C:\WINDOWS\system32\svchost.exe Base: 7C90DB3E Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 558246741 |
Memory attributes changed | PID: 340 Path: C:\WINDOWS\system32\svchost.exe Base: BB169A8 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 558250018 |
Memory attributes changed | PID: 340 Path: C:\WINDOWS\system32\svchost.exe Base: 7C91632D Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 558253372 |
File opened | Path: C:\WINDOWS\system32\ntdll.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 559403735 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@177357d | success or wait | 559432668 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 4 Value: D0 00 00 00 | success or wait | 559440702 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@158c52c | success or wait | 559543269 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 20 Value: 4C 01 04 00 7D F2 00 4D 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 559573790 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 D0 07 00 00 3C 03 00 00 00 00 00 F8 20 01 00 00 10 00 00 00 90 07 00 00 00 90 7C 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 0A 00 00 00 00 00 00 20 0B 00 00 04 00 00 30 FD 0A 00 03 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 34 00 00 | success or wait | 559598764 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@f8d6a6 | success or wait | 559606125 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 DA CE 07 00 00 10 00 00 00 D0 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 20 4A 00 00 00 E0 07 00 00 32 00 00 00 D4 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 78 BE 02 00 00 30 08 00 00 C0 02 00 | success or wait | 559640869 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@d4694f | success or wait | 559650031 |
Section loaded | Path: C:\WINDOWS\system32\ntdll.dll Access: query and read Type: commit Baseaddress: B60000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 559656953 |
Memory attributes changed | PID: 340 Path: C:\WINDOWS\system32\svchost.exe Base: 7C91632D Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 559744800 |
Memory attributes changed | PID: 340 Path: C:\WINDOWS\system32\svchost.exe Base: BB031F0 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 559752506 |
Memory attributes changed | PID: 340 Path: C:\WINDOWS\system32\svchost.exe Base: 7E418BF6 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 559759985 |
File opened | Path: C:\WINDOWS\system32\USER32.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 559817364 |
File other op | Path: C:\WINDOWS\system32\user32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@14de7ea | success or wait | 559853018 |
File read | Path: C:\WINDOWS\system32\user32.dll Offset: unknown Length: 4 Value: D8 00 00 00 | success or wait | 559863065 |
File other op | Path: C:\WINDOWS\system32\user32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1b4d41e | success or wait | 559894179 |
File read | Path: C:\WINDOWS\system32\user32.dll Offset: unknown Length: 20 Value: 4C 01 04 00 1B A1 02 48 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 559901326 |
File read | Path: C:\WINDOWS\system32\user32.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 F4 05 00 00 E2 02 00 00 00 00 00 17 B2 00 00 00 10 00 00 00 B0 05 00 00 00 41 7E 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 00 00 00 00 00 00 00 10 09 00 00 04 00 00 76 FC 08 00 02 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 39 00 00 | success or wait | 559911379 |
File other op | Path: C:\WINDOWS\system32\user32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@d207ad | success or wait | 559918670 |
File read | Path: C:\WINDOWS\system32\user32.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 83 F2 05 00 00 10 00 00 00 F4 05 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 80 11 00 00 00 10 06 00 00 0C 00 00 00 F8 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 88 A0 02 00 00 30 06 00 00 A2 02 00 | success or wait | 559924737 |
File other op | Path: C:\WINDOWS\system32\user32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@f61227 | success or wait | 559933142 |
Section loaded | Path: C:\WINDOWS\system32\user32.dll Access: query and read Type: commit Baseaddress: B60000 Size: 57344 Protection: readonly Mapped to pid: own pid | success or wait | 563796129 |
Memory attributes changed | PID: 340 Path: C:\WINDOWS\system32\svchost.exe Base: 7E418BF6 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 563857603 |
Memory attributes changed | PID: 340 Path: C:\WINDOWS\system32\svchost.exe Base: BB02140 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 563860827 |
File opened | Path: C:\skhfushjflw\config.bin Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: normal Content Overwritten: true | success or wait | 563877029 |
File read | Path: C:\skhfushjflw\config.bin Offset: unknown Length: 74019 Value: 50 5F A6 6E 46 82 4F 8B 57 93 A9 9E 12 94 50 94 50 94 50 94 50 94 65 A2 66 A2 68 AC 79 BD E4 97 C1 E3 88 2B 9D C5 E2 92 23 B3 04 C0 03 7C B1 2A B3 BE CE AD 37 FD 39 FD 3B 6B 1F 81 21 06 02 04 95 44 7B 58 4F 33 E4 CF A8 3F D4 7E 21 05 7D B3 67 3E 96 B1 22 34 C2 F2 16 A5 36 26 B2 39 84 48 E5 22 EE 43 | success or wait | 563898964 |
Memory attributes changed | PID: 340 Path: C:\WINDOWS\system32\svchost.exe Base: 3D949088 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 564041397 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 564069956 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@121dba8 | success or wait | 564074471 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 564106060 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1dc049d | success or wait | 564109690 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 564149633 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 564163939 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1b2e165 | success or wait | 564167133 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 564181548 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@ebdfff | success or wait | 564185707 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: B60000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 564201323 |
Memory attributes changed | PID: 340 Path: C:\WINDOWS\system32\svchost.exe Base: 3D949088 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 564291798 |
Memory attributes changed | PID: 340 Path: C:\WINDOWS\system32\svchost.exe Base: BB17598 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 564294877 |
Memory attributes changed | PID: 340 Path: C:\WINDOWS\system32\svchost.exe Base: 3D95EE89 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 564299147 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 564322880 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@121dba8 | success or wait | 564349108 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 564352599 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1dc049d | success or wait | 564360737 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 564471083 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 564534906 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1b2e165 | success or wait | 564549039 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 564567795 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@ebdfff | success or wait | 564586707 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: B60000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 564667750 |
Memory attributes changed | PID: 340 Path: C:\WINDOWS\system32\svchost.exe Base: 3D95EE89 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 564767337 |
Memory attributes changed | PID: 340 Path: C:\WINDOWS\system32\svchost.exe Base: BB16B68 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 564775216 |
Memory attributes changed | PID: 340 Path: C:\WINDOWS\system32\svchost.exe Base: 3D94FABE Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 564786467 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 564812524 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@121dba8 | success or wait | 564844523 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 564873315 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1dc049d | success or wait | 564882636 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 564914008 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 565741832 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1b2e165 | success or wait | 565757588 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 565767817 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@ebdfff | success or wait | 565775353 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: B60000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 565783411 |
Memory attributes changed | PID: 340 Path: C:\WINDOWS\system32\svchost.exe Base: 3D94FABE Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 565978690 |
Memory attributes changed | PID: 340 Path: C:\WINDOWS\system32\svchost.exe Base: BAFC6D0 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 566008505 |
Memory attributes changed | PID: 340 Path: C:\WINDOWS\system32\svchost.exe Base: 3D9A608E Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 566015962 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 566203507 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@121dba8 | success or wait | 566217685 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 566274240 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1dc049d | success or wait | 566541341 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 566660174 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 566670893 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1b2e165 | success or wait | 566714364 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 566743460 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@ebdfff | success or wait | 566751964 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: B60000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 566761944 |
Memory attributes changed | PID: 340 Path: C:\WINDOWS\system32\svchost.exe Base: 3D9A608E Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 567851679 |
Memory attributes changed | PID: 340 Path: C:\WINDOWS\system32\svchost.exe Base: BB05EA0 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 567865014 |
File opened | Path: C:\skhfushjflw\config.bin Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: normal Content Overwritten: true | success or wait | 567873109 |
File read | Path: C:\skhfushjflw\config.bin Offset: unknown Length: 74019 Value: 50 5F A6 6E 46 82 4F 8B 57 93 A9 9E 12 94 50 94 50 94 50 94 50 94 65 A2 66 A2 68 AC 79 BD E4 97 C1 E3 88 2B 9D C5 E2 92 23 B3 04 C0 03 7C B1 2A B3 BE CE AD 37 FD 39 FD 3B 6B 1F 81 21 06 02 04 95 44 7B 58 4F 33 E4 CF A8 3F D4 7E 21 05 7D B3 67 3E 96 B1 22 34 C2 F2 16 A5 36 26 B2 39 84 48 E5 22 EE 43 | success or wait | 567930856 |
Memory attributes changed | PID: 340 Path: C:\WINDOWS\system32\svchost.exe Base: 3D94D508 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 568173563 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 568223813 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@121dba8 | success or wait | 568359015 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 568367293 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1dc049d | success or wait | 568376215 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 568623240 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 568631948 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1b2e165 | success or wait | 568640203 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 568650670 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@ebdfff | success or wait | 568659175 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: B60000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 568672432 |
Memory attributes changed | PID: 340 Path: C:\WINDOWS\system32\svchost.exe Base: 3D94D508 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 568786865 |
Memory attributes changed | PID: 340 Path: C:\WINDOWS\system32\svchost.exe Base: BB06620 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 568797530 |
Memory attributes changed | PID: 340 Path: C:\WINDOWS\system32\svchost.exe Base: 3D94CF4E Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 568838851 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 568885629 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@121dba8 | success or wait | 568942337 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 568950149 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1dc049d | success or wait | 569013507 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 569041735 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 569155902 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1b2e165 | success or wait | 569167109 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 569174807 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@ebdfff | success or wait | 569184273 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: B60000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 569194145 |
Memory attributes changed | PID: 340 Path: C:\WINDOWS\system32\svchost.exe Base: 3D94CF4E Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 569280953 |
Memory attributes changed | PID: 340 Path: C:\WINDOWS\system32\svchost.exe Base: BB17758 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 569290869 |
Memory attributes changed | PID: 340 Path: C:\WINDOWS\system32\svchost.exe Base: 3D94878D Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 569305186 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 569339427 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@121dba8 | success or wait | 569407839 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 569556145 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1dc049d | success or wait | 569615627 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 569779002 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 569793170 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1b2e165 | success or wait | 570229417 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 570243536 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@ebdfff | success or wait | 570254895 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: B60000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 570263810 |
Memory attributes changed | PID: 340 Path: C:\WINDOWS\system32\svchost.exe Base: 3D94878D Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 570399269 |
Memory attributes changed | PID: 340 Path: C:\WINDOWS\system32\svchost.exe Base: BB033B0 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 570412604 |
Memory attributes changed | PID: 340 Path: C:\WINDOWS\system32\svchost.exe Base: 3D940049 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 570422594 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 570676576 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@121dba8 | success or wait | 570892636 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 570901442 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1dc049d | success or wait | 570911297 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 571026542 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 571036580 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1b2e165 | success or wait | 571040882 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 571049475 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@ebdfff | success or wait | 571059845 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: B60000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 571064812 |
Memory attributes changed | PID: 340 Path: C:\WINDOWS\system32\svchost.exe Base: 3D940049 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 571113558 |
Memory attributes changed | PID: 340 Path: C:\WINDOWS\system32\svchost.exe Base: BB17AA8 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 571116985 |
Memory attributes changed | PID: 340 Path: C:\WINDOWS\system32\svchost.exe Base: 3D94BF83 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 571119519 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 571129062 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@121dba8 | success or wait | 571132829 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 571138797 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1dc049d | success or wait | 571147477 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 571157248 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 571164363 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1b2e165 | success or wait | 571172001 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 571180063 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@ebdfff | success or wait | 571187806 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: B60000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 571195854 |
Memory attributes changed | PID: 340 Path: C:\WINDOWS\system32\svchost.exe Base: 3D94BF83 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 571891744 |
Memory attributes changed | PID: 340 Path: C:\WINDOWS\system32\svchost.exe Base: BB02C30 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 571896934 |
Memory attributes changed | PID: 340 Path: C:\WINDOWS\system32\svchost.exe Base: 3D94654B Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 571902475 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 571916052 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@121dba8 | success or wait | 571932366 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 571935270 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1dc049d | success or wait | 571974361 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 571979626 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 571982362 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1b2e165 | success or wait | 571985712 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 571988898 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@ebdfff | success or wait | 571991278 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: B60000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 571994848 |
Memory attributes changed | PID: 340 Path: C:\WINDOWS\system32\svchost.exe Base: 3D94654B Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 572081424 |
Memory attributes changed | PID: 340 Path: C:\WINDOWS\system32\svchost.exe Base: BB035C0 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 572084879 |
Memory attributes changed | PID: 340 Path: C:\WINDOWS\system32\svchost.exe Base: 3D963381 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 572087698 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 572100327 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@121dba8 | success or wait | 572104701 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 572107116 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1dc049d | success or wait | 572109874 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 572122921 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 572126601 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1b2e165 | success or wait | 572129221 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 572132173 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@ebdfff | success or wait | 572145039 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: B60000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 572148166 |
Memory attributes changed | PID: 340 Path: C:\WINDOWS\system32\svchost.exe Base: 3D963381 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 572201986 |
Memory attributes changed | PID: 340 Path: C:\WINDOWS\system32\svchost.exe Base: BAFCB48 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 572205938 |
Memory attributes changed | PID: 340 Path: C:\WINDOWS\system32\svchost.exe Base: 71AB4C27 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 572211567 |
File opened | Path: c:\windows\system32\WS2_32.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 572218200 |
File other op | Path: C:\WINDOWS\system32\ws2_32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1bef24f | success or wait | 572220823 |
File read | Path: C:\WINDOWS\system32\ws2_32.dll Offset: unknown Length: 4 Value: F0 00 00 00 | success or wait | 572224271 |
File other op | Path: C:\WINDOWS\system32\ws2_32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1164555 | success or wait | 572226814 |
File read | Path: C:\WINDOWS\system32\ws2_32.dll Offset: unknown Length: 20 Value: 4C 01 04 00 63 A1 02 48 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 572264397 |
File read | Path: C:\WINDOWS\system32\ws2_32.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 22 01 00 00 1C 00 00 00 00 00 00 73 12 00 00 00 10 00 00 00 20 01 00 00 00 AB 71 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 0A 00 00 00 00 00 00 70 01 00 00 04 00 00 20 F0 01 00 03 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 04 14 00 00 | success or wait | 572267340 |
File other op | Path: C:\WINDOWS\system32\ws2_32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@121f4ef | success or wait | 572293772 |
File read | Path: C:\WINDOWS\system32\ws2_32.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 53 21 01 00 00 10 00 00 00 22 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 14 09 00 00 00 40 01 00 00 0A 00 00 00 26 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 F8 03 00 00 00 50 01 00 00 04 00 00 | success or wait | 572296678 |
File other op | Path: C:\WINDOWS\system32\ws2_32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@57a293 | success or wait | 572333856 |
Section loaded | Path: C:\WINDOWS\system32\ws2_32.dll Access: query and read Type: commit Baseaddress: B60000 Size: 20480 Protection: readonly Mapped to pid: own pid | success or wait | 572617397 |
Memory attributes changed | PID: 340 Path: C:\WINDOWS\system32\svchost.exe Base: 71AB4C27 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 572683581 |
File opened | Path: C:\WINDOWS\system32\ADVAPI32.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 572714796 |
File other op | Path: C:\WINDOWS\system32\advapi32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1727596 | success or wait | 572717869 |
File read | Path: C:\WINDOWS\system32\advapi32.dll Offset: unknown Length: 4 Value: F0 00 00 00 | success or wait | 572720228 |
File other op | Path: C:\WINDOWS\system32\advapi32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@185d3cc | success or wait | 572722854 |
File read | Path: C:\WINDOWS\system32\advapi32.dll Offset: unknown Length: 20 Value: 4C 01 04 00 48 1D 90 49 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 572726630 |
File read | Path: C:\WINDOWS\system32\advapi32.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 46 07 00 00 3E 02 00 00 00 00 00 0B 71 00 00 00 10 00 00 00 20 07 00 00 00 DD 77 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 00 00 00 00 00 00 00 B0 09 00 00 04 00 00 B8 5B 0A 00 03 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 A4 16 00 00 | success or wait | 573046782 |
File other op | Path: C:\WINDOWS\system32\advapi32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@114304e | success or wait | 573050223 |
File read | Path: C:\WINDOWS\system32\advapi32.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 C9 45 07 00 00 10 00 00 00 46 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 28 46 00 00 00 60 07 00 00 2C 00 00 00 4A 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 80 A9 01 00 00 B0 07 00 00 AA 01 00 | success or wait | 573054992 |
File other op | Path: C:\WINDOWS\system32\advapi32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@6f558a | success or wait | 573058520 |
Section loaded | Path: C:\WINDOWS\system32\advapi32.dll Access: query and read Type: commit Baseaddress: B60000 Size: 28672 Protection: readonly Mapped to pid: own pid | success or wait | 573096702 |
File opened | Path: C:\WINDOWS\system32\CRYPT32.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 573155403 |
File other op | Path: C:\WINDOWS\system32\crypt32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@158dd66 | success or wait | 573157838 |
File read | Path: C:\WINDOWS\system32\crypt32.dll Offset: unknown Length: 4 Value: F0 00 00 00 | success or wait | 573160928 |
File other op | Path: C:\WINDOWS\system32\crypt32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@12f8578 | success or wait | 573164327 |
File read | Path: C:\WINDOWS\system32\crypt32.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D7 A0 02 48 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 573201848 |
File read | Path: C:\WINDOWS\system32\crypt32.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 44 08 00 00 DC 00 00 00 00 00 00 32 16 00 00 00 10 00 00 00 20 08 00 00 00 A8 77 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 00 00 00 00 00 00 00 50 09 00 00 04 00 00 30 C5 09 00 02 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 9C 1A 00 00 | success or wait | 573205028 |
File other op | Path: C:\WINDOWS\system32\crypt32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@e39218 | success or wait | 573207417 |
File read | Path: C:\WINDOWS\system32\crypt32.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 C4 43 08 00 00 10 00 00 00 44 08 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 E8 23 00 00 00 60 08 00 00 24 00 00 00 48 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 50 67 00 00 00 90 08 00 00 68 00 00 | success or wait | 573209501 |
File other op | Path: C:\WINDOWS\system32\crypt32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@8c8a04 | success or wait | 573212597 |
Section loaded | Path: C:\WINDOWS\system32\crypt32.dll Access: query and read Type: commit Baseaddress: B60000 Size: 77824 Protection: readonly Mapped to pid: own pid | success or wait | 573215594 |
Mutant created | Name: \BaseNamedObjects\WTFGQ7AIWawyMYWWRAk3SWXkgj39MdG | access denied | 573283629 |
Thread created | PID: 340 TID: 3760 EIP: 7C8106F9 Imagepath: C:\WINDOWS\system32\svchost.exe | success or wait | 573306477 |
Thread resumed | TID: 3760 PID: 340 Path: C:\WINDOWS\system32\svchost.exe | success or wait | 573309773 |
File opened | Path: \pipe\globpluginspipe Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: none Content Overwritten: true | object name not found | 573311551 |
Thread created | PID: 340 TID: 3764 EIP: 7C8106F9 Imagepath: C:\WINDOWS\system32\svchost.exe | success or wait | 573394184 |
Thread resumed | TID: 3764 PID: 340 Path: C:\WINDOWS\system32\svchost.exe | success or wait | 573402831 |
Thread delayed | Time: 0 TID: 3764 | success or wait | 573407759 |
Thread delayed | Time: 0 TID: 3764 | success or wait | 574495332 |
Thread delayed | Time: 0 TID: 3764 | success or wait | 575660602 |
Thread delayed | Time: 0 TID: 3764 | success or wait | 576732901 |
Thread delayed | Time: 0 TID: 3764 | success or wait | 578412368 |
Thread delayed | Time: 0 TID: 3764 | success or wait | 580085770 |
Thread delayed | Time: 0 TID: 3764 | success or wait | 582419701 |
Thread delayed | Time: 0 TID: 3764 | success or wait | 583831332 |
Thread delayed | Time: 0 TID: 3764 | success or wait | 585037812 |
Thread delayed | Time: 0 TID: 3764 | success or wait | 586636363 |
Thread delayed | Time: 0 TID: 3764 | success or wait | 587747287 |
Thread delayed | Time: 0 TID: 3764 | success or wait | 588868149 |
Thread delayed | Time: 0 TID: 3764 | success or wait | 589986789 |
Thread delayed | Time: 0 TID: 3764 | success or wait | 591105556 |
Thread delayed | Time: 0 TID: 3764 | success or wait | 592223995 |
Thread delayed | Time: 0 TID: 3764 | success or wait | 593342483 |
Thread delayed | Time: 0 TID: 3764 | success or wait | 594647923 |
Thread delayed | Time: 0 TID: 3764 | success or wait | 596042015 |
Thread delayed | Time: 0 TID: 3764 | success or wait | 597143942 |
Thread delayed | Time: 0 TID: 3764 | success or wait | 598274754 |
Thread delayed | Time: 0 TID: 3764 | success or wait | 599578395 |
Thread delayed | Time: 0 TID: 3764 | success or wait | 600672760 |
Thread delayed | Time: 0 TID: 3764 | success or wait | 601794168 |
Thread delayed | Time: 0 TID: 3764 | success or wait | 602914814 |
Thread delayed | Time: 0 TID: 3764 | success or wait | 604210954 |
Thread delayed | Time: 0 TID: 3764 | success or wait | 605418105 |
Thread delayed | Time: 0 TID: 3764 | success or wait | 606487847 |
Thread delayed | Time: 0 TID: 3764 | success or wait | 607605863 |
Thread delayed | Time: 0 TID: 3764 | success or wait | 608744661 |
Thread delayed | Time: 0 TID: 3764 | success or wait | 609842656 |
Thread delayed | Time: 0 TID: 3764 | success or wait | 610958971 |
Thread delayed | Time: 0 TID: 3764 | success or wait | 612079222 |
Thread delayed | Time: 0 TID: 3764 | success or wait | 613198573 |
Thread delayed | Time: 0 TID: 3764 | success or wait | 614319533 |
Thread delayed | Time: 0 TID: 3764 | success or wait | 615435522 |
Thread delayed | Time: 0 TID: 3764 | success or wait | 616553983 |
Thread delayed | Time: 0 TID: 3764 | success or wait | 617675594 |
Thread delayed | Time: 0 TID: 3764 | success or wait | 618791242 |
Thread delayed | Time: 0 TID: 3764 | success or wait | 619917834 |
Thread delayed | Time: 0 TID: 3764 | success or wait | 621028361 |
Thread delayed | Time: 0 TID: 3764 | success or wait | 622147591 |
Thread delayed | Time: 0 TID: 3764 | success or wait | 623265600 |
Thread delayed | Time: 0 TID: 3764 | success or wait | 624386902 |
Thread delayed | Time: 0 TID: 3764 | success or wait | 625502862 |
Thread delayed | Time: 0 TID: 3764 | success or wait | 626624413 |
Thread delayed | Time: 0 TID: 3764 | success or wait | 627740185 |
Thread delayed | Time: 0 TID: 3764 | success or wait | 628863003 |
Thread delayed | Time: 0 TID: 3764 | success or wait | 629978032 |
Thread delayed | Time: 0 TID: 3764 | success or wait | 631096316 |
Thread delayed | Time: 0 TID: 3764 | success or wait | 632214433 |
Mutant created | Name: \BaseNamedObjects\ofjwkwufhdjfgki | access denied | 695413070 |
File opened | Path: \pipe\globpluginspipe Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: none Content Overwritten: true | success or wait | 695423437 |
File read | Path: \globpluginspipe Offset: unknown Length: 4 Value: 41 0C 02 00 | success or wait | 695431420 |
File read | Path: \globpluginspipe Offset: unknown Length: 134209 Value: 67 6C 6F 62 70 6C 75 67 69 6E 73 00 04 00 00 00 72 73 74 5F 31 5F 31 00 00 0C 02 00 4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF 00 00 B8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 E8 00 00 00 0E 1F BA 0E 00 B4 09 CD | success or wait | 696293130 |
Memory allocated | PID: 340 Path: C:\WINDOWS\system32\svchost.exe Base: A60000 Length: C9FF08 Allocation Type: unknown Protection: page execute and read and write | success or wait | 696421935 |
Memory allocated | PID: 340 Path: C:\WINDOWS\system32\svchost.exe Base: B60000 Length: C9FE54 Allocation Type: unknown Protection: page read and write | success or wait | 696448974 |
Memory allocated | PID: 340 Path: C:\WINDOWS\system32\svchost.exe Base: B60000 Length: C9FE58 Allocation Type: unknown Protection: page read and write | success or wait | 696449280 |
Memory allocated | PID: 340 Path: C:\WINDOWS\system32\svchost.exe Base: B61000 Length: C9FB34 Allocation Type: unknown Protection: page read and write | success or wait | 696449687 |
Process information queried | PID: 340 Info Class: Cookie | success or wait | 696450170 |
Process information queried | PID: 340 Info Class: Cookie | success or wait | 696450512 |
Process information queried | PID: 340 Info Class: Cookie | success or wait | 696450794 |
Process information queried | PID: 340 Info Class: Cookie | success or wait | 696451074 |
Process information queried | PID: 340 Info Class: Cookie | success or wait | 696451351 |
Process information queried | PID: 340 Info Class: Cookie | success or wait | 696451628 |
Process information queried | PID: 340 Info Class: Cookie | success or wait | 696451906 |
Process information queried | PID: 340 Info Class: Cookie | success or wait | 696452259 |
Process information queried | PID: 340 Info Class: Cookie | success or wait | 696452591 |
Process information queried | PID: 340 Info Class: Cookie | success or wait | 696453890 |
Process information queried | PID: 340 Info Class: Cookie | success or wait | 696454163 |
Process information queried | PID: 340 Info Class: Cookie | success or wait | 696454432 |
Process information queried | PID: 340 Info Class: Cookie | success or wait | 696454701 |
Process information queried | PID: 340 Info Class: Cookie | success or wait | 696454969 |
Process information queried | PID: 340 Info Class: Cookie | success or wait | 696455159 |
Process information queried | PID: 340 Info Class: Cookie | success or wait | 696455427 |
Process information queried | PID: 340 Info Class: Cookie | success or wait | 696455696 |
Process information queried | PID: 340 Info Class: Cookie | success or wait | 696455965 |
Process information queried | PID: 340 Info Class: Cookie | success or wait | 696456251 |
Process information queried | PID: 340 Info Class: Cookie | success or wait | 696456545 |
Process information queried | PID: 340 Info Class: Cookie | success or wait | 696456872 |
Process information queried | PID: 340 Info Class: Cookie | success or wait | 696457235 |
Process information queried | PID: 340 Info Class: Cookie | success or wait | 696457523 |
Process information queried | PID: 340 Info Class: Cookie | success or wait | 696457808 |
Process information queried | PID: 340 Info Class: Cookie | success or wait | 696458204 |
Process information queried | PID: 340 Info Class: Cookie | success or wait | 696458575 |
Process information queried | PID: 340 Info Class: Cookie | success or wait | 696458877 |
Process information queried | PID: 340 Info Class: Cookie | success or wait | 696459175 |
Process information queried | PID: 340 Info Class: Cookie | success or wait | 696459486 |
Process information queried | PID: 340 Info Class: Cookie | success or wait | 696459784 |
Process information queried | PID: 340 Info Class: Cookie | success or wait | 696460083 |
Process information queried | PID: 340 Info Class: Cookie | success or wait | 696460380 |
Process information queried | PID: 340 Info Class: Cookie | success or wait | 696460683 |
Process information queried | PID: 340 Info Class: Cookie | success or wait | 696460980 |
Process information queried | PID: 340 Info Class: Cookie | success or wait | 696461279 |
Process information queried | PID: 340 Info Class: Cookie | success or wait | 696461576 |
Process information queried | PID: 340 Info Class: Cookie | success or wait | 696461877 |
Process information queried | PID: 340 Info Class: Cookie | success or wait | 696462174 |
Process information queried | PID: 340 Info Class: Cookie | success or wait | 696462473 |
Process information queried | PID: 340 Info Class: Cookie | success or wait | 696462770 |
Process information queried | PID: 340 Info Class: Cookie | success or wait | 696463072 |
Process information queried | PID: 340 Info Class: Cookie | success or wait | 696463369 |
Process information queried | PID: 340 Info Class: Cookie | success or wait | 696463668 |
Process information queried | PID: 340 Info Class: Cookie | success or wait | 696463966 |
Process information queried | PID: 340 Info Class: Cookie | success or wait | 696464266 |
Process information queried | PID: 340 Info Class: Cookie | success or wait | 696464564 |
Process information queried | PID: 340 Info Class: Cookie | success or wait | 696464862 |
Process information queried | PID: 340 Info Class: Cookie | success or wait | 696465159 |
Process information queried | PID: 340 Info Class: Cookie | success or wait | 696465460 |
Process information queried | PID: 340 Info Class: Cookie | success or wait | 696465757 |
Thread created | PID: 340 TID: 2536 EIP: 7C8106F9 Imagepath: C:\WINDOWS\system32\svchost.exe | success or wait | 696571795 |
Thread resumed | TID: 2536 PID: 340 Path: C:\WINDOWS\system32\svchost.exe | success or wait | 696572645 |
Thread created | PID: 340 TID: 2544 EIP: 7C8106F9 Imagepath: C:\WINDOWS\system32\svchost.exe | success or wait | 696574449 |
Thread resumed | TID: 2544 PID: 340 Path: C:\WINDOWS\system32\svchost.exe | success or wait | 696575160 |
Mutant created | Name: \BaseNamedObjects\ofjwkwufhdjfgki | access denied | 815568040 |
File opened | Path: \pipe\globpluginspipe Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: none Content Overwritten: true | success or wait | 815738040 |
File read | Path: \globpluginspipe Offset: unknown Length: 4 Value: 41 0C 02 00 | success or wait | 815744545 |
File read | Path: \globpluginspipe Offset: unknown Length: 134209 Value: 67 6C 6F 62 70 6C 75 67 69 6E 73 00 04 00 00 00 72 73 74 5F 31 5F 31 00 00 0C 02 00 4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF 00 00 B8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 E8 00 00 00 0E 1F BA 0E 00 B4 09 CD | success or wait | 815765532 |
Sections | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
File Activities:
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Section Activities:
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Mutant Activities:
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Process Activities:
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Thread Activities:
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Memory Activities:
|
Chronological sections | |||
Operation | Data | Completion | Time |
Section loaded | Path: \KnownDlls\WININET.dll Access: write and read and execute Type: unknown Baseaddress: 3D930000 Size: 942080 Protection: read write Mapped to pid: own pid | success or wait | 554555782 |
Section loaded | Path: \KnownDlls\Normaliz.dll Access: write and read and execute Type: unknown Baseaddress: 10E0000 Size: 36864 Protection: read write Mapped to pid: own pid | conflicting addresses | 563835486 |
Section loaded | Path: \KnownDlls\urlmon.dll Access: write and read and execute Type: unknown Baseaddress: 78130000 Size: 1257472 Protection: read write Mapped to pid: own pid | success or wait | 570253376 |
Section loaded | Path: \KnownDlls\iertutil.dll Access: write and read and execute Type: unknown Baseaddress: 3DFD0000 Size: 2002944 Protection: read write Mapped to pid: own pid | success or wait | 575068006 |
Memory attributes changed | PID: 400 Path: C:\Program Files\Java\jre6\bin\jqs.exe Base: 7C90D76E Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 587008116 |
File opened | Path: C:\WINDOWS\system32\ntdll.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 587008456 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1858aa4 | success or wait | 587008755 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 4 Value: D0 00 00 00 | success or wait | 587008841 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@5138a4 | success or wait | 587009049 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 20 Value: 4C 01 04 00 7D F2 00 4D 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 587009134 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 D0 07 00 00 3C 03 00 00 00 00 00 F8 20 01 00 00 10 00 00 00 90 07 00 00 00 90 7C 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 0A 00 00 00 00 00 00 20 0B 00 00 04 00 00 30 FD 0A 00 03 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 34 00 00 | success or wait | 587009237 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@5db8ff | success or wait | 587009438 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 DA CE 07 00 00 10 00 00 00 D0 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 20 4A 00 00 00 E0 07 00 00 32 00 00 00 D4 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 78 BE 02 00 00 30 08 00 00 C0 02 00 | success or wait | 587009522 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@11c9fcc | success or wait | 587009777 |
Section loaded | Path: C:\WINDOWS\system32\ntdll.dll Access: query and read Type: commit Baseaddress: 1210000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 587009892 |
Memory attributes changed | PID: 400 Path: C:\Program Files\Java\jre6\bin\jqs.exe Base: 7C90D76E Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 587010819 |
Memory attributes changed | PID: 400 Path: C:\Program Files\Java\jre6\bin\jqs.exe Base: BAFCD70 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 587010919 |
Memory attributes changed | PID: 400 Path: C:\Program Files\Java\jre6\bin\jqs.exe Base: 7C90DF1E Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 587011022 |
File opened | Path: C:\WINDOWS\system32\ntdll.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 587011351 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1858aa4 | success or wait | 587011640 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 4 Value: D0 00 00 00 | success or wait | 587011726 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@5138a4 | success or wait | 587011854 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 20 Value: 4C 01 04 00 7D F2 00 4D 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 587011938 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 D0 07 00 00 3C 03 00 00 00 00 00 F8 20 01 00 00 10 00 00 00 90 07 00 00 00 90 7C 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 0A 00 00 00 00 00 00 20 0B 00 00 04 00 00 30 FD 0A 00 03 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 34 00 00 | success or wait | 587012039 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@5db8ff | success or wait | 587012239 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 DA CE 07 00 00 10 00 00 00 D0 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 20 4A 00 00 00 E0 07 00 00 32 00 00 00 D4 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 78 BE 02 00 00 30 08 00 00 C0 02 00 | success or wait | 587012323 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@11c9fcc | success or wait | 587012497 |
Section loaded | Path: C:\WINDOWS\system32\ntdll.dll Access: query and read Type: commit Baseaddress: 1210000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 587012609 |
Memory attributes changed | PID: 400 Path: C:\Program Files\Java\jre6\bin\jqs.exe Base: 7C90DF1E Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 587014355 |
Memory attributes changed | PID: 400 Path: C:\Program Files\Java\jre6\bin\jqs.exe Base: BB17110 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 587014454 |
Memory attributes changed | PID: 400 Path: C:\Program Files\Java\jre6\bin\jqs.exe Base: 7C90D2EE Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 587014556 |
File opened | Path: C:\WINDOWS\system32\ntdll.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 587014885 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1858aa4 | success or wait | 587015174 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 4 Value: D0 00 00 00 | success or wait | 587015260 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@5138a4 | success or wait | 587015388 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 20 Value: 4C 01 04 00 7D F2 00 4D 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 587015472 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 D0 07 00 00 3C 03 00 00 00 00 00 F8 20 01 00 00 10 00 00 00 90 07 00 00 00 90 7C 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 0A 00 00 00 00 00 00 20 0B 00 00 04 00 00 30 FD 0A 00 03 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 34 00 00 | success or wait | 587015574 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@5db8ff | success or wait | 587015774 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 DA CE 07 00 00 10 00 00 00 D0 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 20 4A 00 00 00 E0 07 00 00 32 00 00 00 D4 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 78 BE 02 00 00 30 08 00 00 C0 02 00 | success or wait | 587015858 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@11c9fcc | success or wait | 587016033 |
Section loaded | Path: C:\WINDOWS\system32\ntdll.dll Access: query and read Type: commit Baseaddress: 1210000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 587016144 |
Memory attributes changed | PID: 400 Path: C:\Program Files\Java\jre6\bin\jqs.exe Base: 7C90D2EE Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 587017069 |
Memory attributes changed | PID: 400 Path: C:\Program Files\Java\jre6\bin\jqs.exe Base: BB02A80 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 587017168 |
Memory attributes changed | PID: 400 Path: C:\Program Files\Java\jre6\bin\jqs.exe Base: 7C90DB3E Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 587017269 |
File opened | Path: C:\WINDOWS\system32\ntdll.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 587017597 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1858aa4 | success or wait | 587017883 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 4 Value: D0 00 00 00 | success or wait | 587017968 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@5138a4 | success or wait | 587018070 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 20 Value: 4C 01 04 00 7D F2 00 4D 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 587018490 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 D0 07 00 00 3C 03 00 00 00 00 00 F8 20 01 00 00 10 00 00 00 90 07 00 00 00 90 7C 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 0A 00 00 00 00 00 00 20 0B 00 00 04 00 00 30 FD 0A 00 03 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 34 00 00 | success or wait | 587018593 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@5db8ff | success or wait | 587018795 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 DA CE 07 00 00 10 00 00 00 D0 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 20 4A 00 00 00 E0 07 00 00 32 00 00 00 D4 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 78 BE 02 00 00 30 08 00 00 C0 02 00 | success or wait | 587018879 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@11c9fcc | success or wait | 587019053 |
Section loaded | Path: C:\WINDOWS\system32\ntdll.dll Access: query and read Type: commit Baseaddress: 1210000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 587019166 |
Memory attributes changed | PID: 400 Path: C:\Program Files\Java\jre6\bin\jqs.exe Base: 7C90DB3E Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 587020093 |
Memory attributes changed | PID: 400 Path: C:\Program Files\Java\jre6\bin\jqs.exe Base: BB169A8 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 587020192 |
Memory attributes changed | PID: 400 Path: C:\Program Files\Java\jre6\bin\jqs.exe Base: 7C91632D Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 587020713 |
File opened | Path: C:\WINDOWS\system32\ntdll.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 587021069 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1858aa4 | success or wait | 587021356 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 4 Value: D0 00 00 00 | success or wait | 587021442 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@5138a4 | success or wait | 587021570 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 20 Value: 4C 01 04 00 7D F2 00 4D 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 587021654 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 D0 07 00 00 3C 03 00 00 00 00 00 F8 20 01 00 00 10 00 00 00 90 07 00 00 00 90 7C 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 0A 00 00 00 00 00 00 20 0B 00 00 04 00 00 30 FD 0A 00 03 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 34 00 00 | success or wait | 587021756 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@5db8ff | success or wait | 587021956 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 DA CE 07 00 00 10 00 00 00 D0 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 20 4A 00 00 00 E0 07 00 00 32 00 00 00 D4 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 78 BE 02 00 00 30 08 00 00 C0 02 00 | success or wait | 587022040 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@11c9fcc | success or wait | 587022214 |
Section loaded | Path: C:\WINDOWS\system32\ntdll.dll Access: query and read Type: commit Baseaddress: 1210000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 587022325 |
Memory attributes changed | PID: 400 Path: C:\Program Files\Java\jre6\bin\jqs.exe Base: 7C91632D Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 587023265 |
Memory attributes changed | PID: 400 Path: C:\Program Files\Java\jre6\bin\jqs.exe Base: BB031F0 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 587023364 |
Memory attributes changed | PID: 400 Path: C:\Program Files\Java\jre6\bin\jqs.exe Base: 7E418BF6 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 587023625 |
File opened | Path: C:\WINDOWS\system32\USER32.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 587023973 |
File other op | Path: C:\WINDOWS\system32\user32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@3f472b | success or wait | 587024271 |
File read | Path: C:\WINDOWS\system32\user32.dll Offset: unknown Length: 4 Value: D8 00 00 00 | success or wait | 587024362 |
File other op | Path: C:\WINDOWS\system32\user32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@5995ba | success or wait | 587024576 |
File read | Path: C:\WINDOWS\system32\user32.dll Offset: unknown Length: 20 Value: 4C 01 04 00 1B A1 02 48 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 587024666 |
File read | Path: C:\WINDOWS\system32\user32.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 F4 05 00 00 E2 02 00 00 00 00 00 17 B2 00 00 00 10 00 00 00 B0 05 00 00 00 41 7E 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 00 00 00 00 00 00 00 10 09 00 00 04 00 00 76 FC 08 00 02 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 39 00 00 | success or wait | 587024774 |
File other op | Path: C:\WINDOWS\system32\user32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@174e78a | success or wait | 587024981 |
File read | Path: C:\WINDOWS\system32\user32.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 83 F2 05 00 00 10 00 00 00 F4 05 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 80 11 00 00 00 10 06 00 00 0C 00 00 00 F8 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 88 A0 02 00 00 30 06 00 00 A2 02 00 | success or wait | 587025071 |
File other op | Path: C:\WINDOWS\system32\user32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@d39ac | success or wait | 587025251 |
Section loaded | Path: C:\WINDOWS\system32\user32.dll Access: query and read Type: commit Baseaddress: 1210000 Size: 57344 Protection: readonly Mapped to pid: own pid | success or wait | 587025369 |
Memory attributes changed | PID: 400 Path: C:\Program Files\Java\jre6\bin\jqs.exe Base: 7E418BF6 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 587026338 |
Memory attributes changed | PID: 400 Path: C:\Program Files\Java\jre6\bin\jqs.exe Base: BB02140 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 587026443 |
File opened | Path: C:\skhfushjflw\config.bin Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: normal Content Overwritten: true | success or wait | 587026637 |
File read | Path: C:\skhfushjflw\config.bin Offset: unknown Length: 74019 Value: 50 5F A6 6E 46 82 4F 8B 57 93 A9 9E 12 94 50 94 50 94 50 94 50 94 65 A2 66 A2 68 AC 79 BD E4 97 C1 E3 88 2B 9D C5 E2 92 23 B3 04 C0 03 7C B1 2A B3 BE CE AD 37 FD 39 FD 3B 6B 1F 81 21 06 02 04 95 44 7B 58 4F 33 E4 CF A8 3F D4 7E 21 05 7D B3 67 3E 96 B1 22 34 C2 F2 16 A5 36 26 B2 39 84 48 E5 22 EE 43 | success or wait | 587027617 |
Memory attributes changed | PID: 400 Path: C:\Program Files\Java\jre6\bin\jqs.exe Base: 3D949088 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 587064255 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 587064608 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@457235 | success or wait | 587064926 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 587065016 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@14d3343 | success or wait | 587065228 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 587065316 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 587065422 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1607fa8 | success or wait | 587065628 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 587065717 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@5d1647 | success or wait | 587065896 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: 1210000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 587066012 |
Memory attributes changed | PID: 400 Path: C:\Program Files\Java\jre6\bin\jqs.exe Base: 3D949088 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 587067142 |
Memory attributes changed | PID: 400 Path: C:\Program Files\Java\jre6\bin\jqs.exe Base: BB17598 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 587067241 |
Memory attributes changed | PID: 400 Path: C:\Program Files\Java\jre6\bin\jqs.exe Base: 3D95EE89 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 587067366 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 587067705 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@457235 | success or wait | 587068000 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 587068090 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@14d3343 | success or wait | 587068222 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 587068310 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 587068415 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1607fa8 | success or wait | 587068619 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 587068707 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@5d1647 | success or wait | 587068886 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: 1210000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 587069002 |
Memory attributes changed | PID: 400 Path: C:\Program Files\Java\jre6\bin\jqs.exe Base: 3D95EE89 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 587070109 |
Memory attributes changed | PID: 400 Path: C:\Program Files\Java\jre6\bin\jqs.exe Base: BB16B68 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 587070208 |
Memory attributes changed | PID: 400 Path: C:\Program Files\Java\jre6\bin\jqs.exe Base: 3D94FABE Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 587070333 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 587070671 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@457235 | success or wait | 587070965 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 587071054 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@14d3343 | success or wait | 587071186 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 587071274 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 587071379 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1607fa8 | success or wait | 587071584 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 587071671 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@5d1647 | success or wait | 587071851 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: 1210000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 587071966 |
Memory attributes changed | PID: 400 Path: C:\Program Files\Java\jre6\bin\jqs.exe Base: 3D94FABE Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 587073072 |
Memory attributes changed | PID: 400 Path: C:\Program Files\Java\jre6\bin\jqs.exe Base: BAFC6D0 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 587073172 |
Memory attributes changed | PID: 400 Path: C:\Program Files\Java\jre6\bin\jqs.exe Base: 3D9A608E Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 587073709 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 587074001 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@457235 | success or wait | 587074419 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 587074509 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@14d3343 | success or wait | 587074641 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 587074729 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 587074834 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1607fa8 | success or wait | 587075039 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 587075127 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@5d1647 | success or wait | 587075307 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: 1210000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 587075423 |
Memory attributes changed | PID: 400 Path: C:\Program Files\Java\jre6\bin\jqs.exe Base: 3D9A608E Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 587076523 |
Memory attributes changed | PID: 400 Path: C:\Program Files\Java\jre6\bin\jqs.exe Base: BB05EA0 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 587076622 |
File opened | Path: C:\skhfushjflw\config.bin Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: normal Content Overwritten: true | success or wait | 587076867 |
File read | Path: C:\skhfushjflw\config.bin Offset: unknown Length: 74019 Value: 50 5F A6 6E 46 82 4F 8B 57 93 A9 9E 12 94 50 94 50 94 50 94 50 94 65 A2 66 A2 68 AC 79 BD E4 97 C1 E3 88 2B 9D C5 E2 92 23 B3 04 C0 03 7C B1 2A B3 BE CE AD 37 FD 39 FD 3B 6B 1F 81 21 06 02 04 95 44 7B 58 4F 33 E4 CF A8 3F D4 7E 21 05 7D B3 67 3E 96 B1 22 34 C2 F2 16 A5 36 26 B2 39 84 48 E5 22 EE 43 | success or wait | 587077492 |
Memory attributes changed | PID: 400 Path: C:\Program Files\Java\jre6\bin\jqs.exe Base: 3D94D508 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 587120029 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 587120379 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@457235 | success or wait | 587120680 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 587120770 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@14d3343 | success or wait | 587120903 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 587120990 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 587121095 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1607fa8 | success or wait | 587121300 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 587121388 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@5d1647 | success or wait | 587121567 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: 1210000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 587121682 |
Memory attributes changed | PID: 400 Path: C:\Program Files\Java\jre6\bin\jqs.exe Base: 3D94D508 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 587122794 |
Memory attributes changed | PID: 400 Path: C:\Program Files\Java\jre6\bin\jqs.exe Base: BB06620 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 587122893 |
Memory attributes changed | PID: 400 Path: C:\Program Files\Java\jre6\bin\jqs.exe Base: 3D94CF4E Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 587123016 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 587123358 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@457235 | success or wait | 587123651 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 587123740 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@14d3343 | success or wait | 587123873 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 587123961 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 587124066 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1607fa8 | success or wait | 587124270 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 587124358 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@5d1647 | success or wait | 587124537 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: 1210000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 587124652 |
Memory attributes changed | PID: 400 Path: C:\Program Files\Java\jre6\bin\jqs.exe Base: 3D94CF4E Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 587125758 |
Memory attributes changed | PID: 400 Path: C:\Program Files\Java\jre6\bin\jqs.exe Base: BB17758 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 587125860 |
Memory attributes changed | PID: 400 Path: C:\Program Files\Java\jre6\bin\jqs.exe Base: 3D94878D Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 587125983 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 587126325 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@457235 | success or wait | 587126618 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 587126707 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@14d3343 | success or wait | 587126839 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 587126927 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 587127032 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1607fa8 | success or wait | 587127236 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 587127324 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@5d1647 | success or wait | 587127503 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: 1210000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 587127619 |
Memory attributes changed | PID: 400 Path: C:\Program Files\Java\jre6\bin\jqs.exe Base: 3D94878D Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 587128725 |
Memory attributes changed | PID: 400 Path: C:\Program Files\Java\jre6\bin\jqs.exe Base: BB033B0 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 587128827 |
Memory attributes changed | PID: 400 Path: C:\Program Files\Java\jre6\bin\jqs.exe Base: 3D940049 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 587128950 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 587129287 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@457235 | success or wait | 587129580 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 587129669 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@14d3343 | success or wait | 587129801 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 587129888 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 587130785 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1607fa8 | success or wait | 587131487 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 587131581 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@5d1647 | success or wait | 587132235 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: 1210000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 587132809 |
Memory attributes changed | PID: 400 Path: C:\Program Files\Java\jre6\bin\jqs.exe Base: 3D940049 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 587136053 |
Memory attributes changed | PID: 400 Path: C:\Program Files\Java\jre6\bin\jqs.exe Base: BB17AA8 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 587136620 |
Memory attributes changed | PID: 400 Path: C:\Program Files\Java\jre6\bin\jqs.exe Base: 3D94BF83 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 587136751 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 587138510 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@457235 | success or wait | 587139795 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 587140328 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@14d3343 | success or wait | 587140708 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 587140798 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 587140904 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1607fa8 | success or wait | 587141109 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 587141196 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@5d1647 | success or wait | 587141376 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: 1210000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 587141491 |
Memory attributes changed | PID: 400 Path: C:\Program Files\Java\jre6\bin\jqs.exe Base: 3D94BF83 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 587142602 |
Memory attributes changed | PID: 400 Path: C:\Program Files\Java\jre6\bin\jqs.exe Base: BB02C30 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 587142704 |
Memory attributes changed | PID: 400 Path: C:\Program Files\Java\jre6\bin\jqs.exe Base: 3D94654B Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 587142827 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 587143166 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@457235 | success or wait | 587143463 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 587143552 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@14d3343 | success or wait | 587143684 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 587143772 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 587143878 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1607fa8 | success or wait | 587144082 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 587144169 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@5d1647 | success or wait | 587144348 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: 1210000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 587144464 |
Memory attributes changed | PID: 400 Path: C:\Program Files\Java\jre6\bin\jqs.exe Base: 3D94654B Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 587145570 |
Memory attributes changed | PID: 400 Path: C:\Program Files\Java\jre6\bin\jqs.exe Base: BB035C0 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 587145669 |
Memory attributes changed | PID: 400 Path: C:\Program Files\Java\jre6\bin\jqs.exe Base: 3D963381 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 587145791 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 587146542 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@457235 | success or wait | 587146835 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 587146925 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@14d3343 | success or wait | 587147056 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 587147144 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 587147249 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1607fa8 | success or wait | 587147452 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 587147540 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@5d1647 | success or wait | 587147719 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: 1210000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 587147833 |
Memory attributes changed | PID: 400 Path: C:\Program Files\Java\jre6\bin\jqs.exe Base: 3D963381 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 587149312 |
Memory attributes changed | PID: 400 Path: C:\Program Files\Java\jre6\bin\jqs.exe Base: BAFCB48 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 587149431 |
Memory attributes changed | PID: 400 Path: C:\Program Files\Java\jre6\bin\jqs.exe Base: 71AB4C27 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 587149568 |
File opened | Path: C:\WINDOWS\system32\WS2_32.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 587149937 |
File other op | Path: C:\WINDOWS\system32\ws2_32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@161ce13 | success or wait | 587150242 |
File read | Path: C:\WINDOWS\system32\ws2_32.dll Offset: unknown Length: 4 Value: F0 00 00 00 | success or wait | 587150340 |
File other op | Path: C:\WINDOWS\system32\ws2_32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@207d99 | success or wait | 587150562 |
File read | Path: C:\WINDOWS\system32\ws2_32.dll Offset: unknown Length: 20 Value: 4C 01 04 00 63 A1 02 48 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 587150659 |
File read | Path: C:\WINDOWS\system32\ws2_32.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 22 01 00 00 1C 00 00 00 00 00 00 73 12 00 00 00 10 00 00 00 20 01 00 00 00 AB 71 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 0A 00 00 00 00 00 00 70 01 00 00 04 00 00 20 F0 01 00 03 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 04 14 00 00 | success or wait | 587150774 |
File other op | Path: C:\WINDOWS\system32\ws2_32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@115fd37 | success or wait | 587150988 |
File read | Path: C:\WINDOWS\system32\ws2_32.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 53 21 01 00 00 10 00 00 00 22 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 14 09 00 00 00 40 01 00 00 0A 00 00 00 26 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 F8 03 00 00 00 50 01 00 00 04 00 00 | success or wait | 587151085 |
File other op | Path: C:\WINDOWS\system32\ws2_32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@a33d00 | success or wait | 587151272 |
Section loaded | Path: C:\WINDOWS\system32\ws2_32.dll Access: query and read Type: commit Baseaddress: 1210000 Size: 20480 Protection: readonly Mapped to pid: own pid | success or wait | 587151396 |
Memory attributes changed | PID: 400 Path: C:\Program Files\Java\jre6\bin\jqs.exe Base: 71AB4C27 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 587152315 |
File opened | Path: C:\WINDOWS\system32\ADVAPI32.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 587152929 |
File other op | Path: C:\WINDOWS\system32\advapi32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@fa0bf4 | success or wait | 587153234 |
File read | Path: C:\WINDOWS\system32\advapi32.dll Offset: unknown Length: 4 Value: F0 00 00 00 | success or wait | 587153333 |
File other op | Path: C:\WINDOWS\system32\advapi32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@26c7da | success or wait | 587153553 |
File read | Path: C:\WINDOWS\system32\advapi32.dll Offset: unknown Length: 20 Value: 4C 01 04 00 48 1D 90 49 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 587153650 |
File read | Path: C:\WINDOWS\system32\advapi32.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 46 07 00 00 3E 02 00 00 00 00 00 0B 71 00 00 00 10 00 00 00 20 07 00 00 00 DD 77 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 00 00 00 00 00 00 00 B0 09 00 00 04 00 00 B8 5B 0A 00 03 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 A4 16 00 00 | success or wait | 587153764 |
File other op | Path: C:\WINDOWS\system32\advapi32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@adb24 | success or wait | 587153977 |
File read | Path: C:\WINDOWS\system32\advapi32.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 C9 45 07 00 00 10 00 00 00 46 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 28 46 00 00 00 60 07 00 00 2C 00 00 00 4A 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 80 A9 01 00 00 B0 07 00 00 AA 01 00 | success or wait | 587154074 |
File other op | Path: C:\WINDOWS\system32\advapi32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@b91881 | success or wait | 587154262 |
Section loaded | Path: C:\WINDOWS\system32\advapi32.dll Access: query and read Type: commit Baseaddress: 1210000 Size: 28672 Protection: readonly Mapped to pid: own pid | success or wait | 587154386 |
File opened | Path: C:\WINDOWS\system32\CRYPT32.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 587156092 |
File other op | Path: C:\WINDOWS\system32\crypt32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1f7e273 | success or wait | 587156390 |
File read | Path: C:\WINDOWS\system32\crypt32.dll Offset: unknown Length: 4 Value: F0 00 00 00 | success or wait | 587156480 |
File other op | Path: C:\WINDOWS\system32\crypt32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1342572 | success or wait | 587156691 |
File read | Path: C:\WINDOWS\system32\crypt32.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D7 A0 02 48 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 587156779 |
File read | Path: C:\WINDOWS\system32\crypt32.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 44 08 00 00 DC 00 00 00 00 00 00 32 16 00 00 00 10 00 00 00 20 08 00 00 00 A8 77 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 00 00 00 00 00 00 00 50 09 00 00 04 00 00 30 C5 09 00 02 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 9C 1A 00 00 | success or wait | 587156884 |
File other op | Path: C:\WINDOWS\system32\crypt32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@869e8f | success or wait | 587157089 |
File read | Path: C:\WINDOWS\system32\crypt32.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 C4 43 08 00 00 10 00 00 00 44 08 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 E8 23 00 00 00 60 08 00 00 24 00 00 00 48 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 50 67 00 00 00 90 08 00 00 68 00 00 | success or wait | 587157177 |
File other op | Path: C:\WINDOWS\system32\crypt32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@13ccea | success or wait | 587157355 |
Section loaded | Path: C:\WINDOWS\system32\crypt32.dll Access: query and read Type: commit Baseaddress: 1210000 Size: 77824 Protection: readonly Mapped to pid: own pid | success or wait | 587157471 |
Mutant created | Name: \BaseNamedObjects\WTFGQ7AIWawyMYWWRAk3SWXkgj39MdG | object name exists | 587158726 |
Thread created | PID: 400 TID: 868 EIP: 7C8106F9 Imagepath: C:\Program Files\Java\jre6\bin\jqs.exe | success or wait | 587159326 |
Thread resumed | TID: 868 PID: 400 Path: C:\Program Files\Java\jre6\bin\jqs.exe | success or wait | 587159572 |
File opened | Path: \pipe\globpluginspipe Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: none Content Overwritten: true | success or wait | 587159963 |
File read | Path: \globpluginspipe Offset: unknown Length: 4 Value: 41 0C 02 00 | success or wait | 587452591 |
Thread created | PID: 400 TID: 1700 EIP: 7C8106F9 Imagepath: C:\Program Files\Java\jre6\bin\jqs.exe | success or wait | 587453606 |
Thread resumed | TID: 1700 PID: 400 Path: C:\Program Files\Java\jre6\bin\jqs.exe | success or wait | 587453868 |
Thread delayed | Time: 0 TID: 1700 | success or wait | 587454361 |
File read | Path: \globpluginspipe Offset: unknown Length: 134209 Value: 67 6C 6F 62 70 6C 75 67 69 6E 73 00 04 00 00 00 72 73 74 5F 31 5F 31 00 00 0C 02 00 4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF 00 00 B8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 E8 00 00 00 0E 1F BA 0E 00 B4 09 CD | success or wait | 587454768 |
Memory allocated | PID: 400 Path: C:\Program Files\Java\jre6\bin\jqs.exe Base: 10A0000 Length: 130FF2C Allocation Type: unknown Protection: page execute and read and write | success or wait | 587521444 |
Memory allocated | PID: 400 Path: C:\Program Files\Java\jre6\bin\jqs.exe Base: 1410000 Length: 130FE78 Allocation Type: unknown Protection: page read and write | success or wait | 587524813 |
Memory allocated | PID: 400 Path: C:\Program Files\Java\jre6\bin\jqs.exe Base: 1410000 Length: 130FE7C Allocation Type: unknown Protection: page read and write | success or wait | 587525004 |
Memory allocated | PID: 400 Path: C:\Program Files\Java\jre6\bin\jqs.exe Base: 1411000 Length: 130FB58 Allocation Type: unknown Protection: page read and write | success or wait | 587525201 |
Process information queried | PID: 400 Info Class: Cookie | success or wait | 587525401 |
Process information queried | PID: 400 Info Class: Cookie | success or wait | 587525561 |
Process information queried | PID: 400 Info Class: Cookie | success or wait | 587525694 |
Process information queried | PID: 400 Info Class: Cookie | success or wait | 587525819 |
Process information queried | PID: 400 Info Class: Cookie | success or wait | 587525938 |
Process information queried | PID: 400 Info Class: Cookie | success or wait | 587526053 |
Process information queried | PID: 400 Info Class: Cookie | success or wait | 587526164 |
Process information queried | PID: 400 Info Class: Cookie | success or wait | 587526284 |
Process information queried | PID: 400 Info Class: Cookie | success or wait | 587526397 |
Process information queried | PID: 400 Info Class: Cookie | success or wait | 587526755 |
Process information queried | PID: 400 Info Class: Cookie | success or wait | 587526849 |
Process information queried | PID: 400 Info Class: Cookie | success or wait | 587526942 |
Process information queried | PID: 400 Info Class: Cookie | success or wait | 587527036 |
Process information queried | PID: 400 Info Class: Cookie | success or wait | 587527129 |
Process information queried | PID: 400 Info Class: Cookie | success or wait | 587527222 |
Process information queried | PID: 400 Info Class: Cookie | success or wait | 587527315 |
Process information queried | PID: 400 Info Class: Cookie | success or wait | 587527408 |
Process information queried | PID: 400 Info Class: Cookie | success or wait | 587527502 |
Process information queried | PID: 400 Info Class: Cookie | success or wait | 587527595 |
Process information queried | PID: 400 Info Class: Cookie | success or wait | 587527691 |
Process information queried | PID: 400 Info Class: Cookie | success or wait | 587527807 |
Process information queried | PID: 400 Info Class: Cookie | success or wait | 587527907 |
Process information queried | PID: 400 Info Class: Cookie | success or wait | 587528007 |
Process information queried | PID: 400 Info Class: Cookie | success or wait | 587528108 |
Process information queried | PID: 400 Info Class: Cookie | success or wait | 587528226 |
Process information queried | PID: 400 Info Class: Cookie | success or wait | 587528331 |
Process information queried | PID: 400 Info Class: Cookie | success or wait | 587528436 |
Process information queried | PID: 400 Info Class: Cookie | success or wait | 587528541 |
Process information queried | PID: 400 Info Class: Cookie | success or wait | 587528649 |
Process information queried | PID: 400 Info Class: Cookie | success or wait | 587528755 |
Process information queried | PID: 400 Info Class: Cookie | success or wait | 587528860 |
Process information queried | PID: 400 Info Class: Cookie | success or wait | 587528965 |
Process information queried | PID: 400 Info Class: Cookie | success or wait | 587529070 |
Process information queried | PID: 400 Info Class: Cookie | success or wait | 587529176 |
Process information queried | PID: 400 Info Class: Cookie | success or wait | 587529589 |
Process information queried | PID: 400 Info Class: Cookie | success or wait | 587529695 |
Process information queried | PID: 400 Info Class: Cookie | success or wait | 587529802 |
Process information queried | PID: 400 Info Class: Cookie | success or wait | 587529908 |
Process information queried | PID: 400 Info Class: Cookie | success or wait | 587530013 |
Process information queried | PID: 400 Info Class: Cookie | success or wait | 587530118 |
Process information queried | PID: 400 Info Class: Cookie | success or wait | 587530224 |
Process information queried | PID: 400 Info Class: Cookie | success or wait | 587530329 |
Process information queried | PID: 400 Info Class: Cookie | success or wait | 587530434 |
Process information queried | PID: 400 Info Class: Cookie | success or wait | 587530539 |
Process information queried | PID: 400 Info Class: Cookie | success or wait | 587530657 |
Process information queried | PID: 400 Info Class: Cookie | success or wait | 587530766 |
Process information queried | PID: 400 Info Class: Cookie | success or wait | 587530872 |
Process information queried | PID: 400 Info Class: Cookie | success or wait | 587530977 |
Process information queried | PID: 400 Info Class: Cookie | success or wait | 587531084 |
Process information queried | PID: 400 Info Class: Cookie | success or wait | 587531190 |
Thread created | PID: 400 TID: 2032 EIP: 7C8106F9 Imagepath: C:\Program Files\Java\jre6\bin\jqs.exe | success or wait | 587566323 |
Thread resumed | TID: 2032 PID: 400 Path: C:\Program Files\Java\jre6\bin\jqs.exe | success or wait | 587566596 |
Thread created | PID: 400 TID: 1540 EIP: 7C8106F9 Imagepath: C:\Program Files\Java\jre6\bin\jqs.exe | success or wait | 587568020 |
Thread resumed | TID: 1540 PID: 400 Path: C:\Program Files\Java\jre6\bin\jqs.exe | success or wait | 587570456 |
Thread delayed | Time: 0 TID: 1700 | success or wait | 588532517 |
Thread delayed | Time: 0 TID: 1700 | success or wait | 589647699 |
Thread delayed | Time: 0 TID: 1700 | success or wait | 590769200 |
Thread delayed | Time: 0 TID: 1700 | success or wait | 591884920 |
File opened | Path: C:\Program Files\Java\jre6\bin\client\classes.jsa Access: read attributes and synchronize and generic read Options: sequential only and synchronous io non alert and non directory file Attributes: normal Content Overwritten: true | success or wait | 591956688 |
Section loaded | Path: C:\Program Files\Java\jre6\bin\client\classes.jsa Access: query and read Type: commit Baseaddress: 1620000 Size: 13369344 Protection: readonly Mapped to pid: own pid | success or wait | 591959264 |
Section loaded | Path: \KnownDlls\SETUPAPI.DLL Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 591960789 |
Section loaded | Path: C:\WINDOWS\system32\setupapi.dll Access: query and write and read and execute Type: image Baseaddress: 77920000 Size: 995328 Protection: read write Mapped to pid: own pid | success or wait | 591962496 |
Process information queried | PID: 400 Info Class: Wow64Information | success or wait | 591973734 |
Thread delayed | Time: 0 TID: 1700 | success or wait | 593019840 |
Section loaded | Path: \KnownDlls\SETUPAPI.DLL Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 593452727 |
Section loaded | Path: C:\WINDOWS\system32\setupapi.dll Access: query and write and read and execute Type: image Baseaddress: 77920000 Size: 995328 Protection: read write Mapped to pid: own pid | success or wait | 593454680 |
Process information queried | PID: 400 Info Class: Wow64Information | success or wait | 593467333 |
File opened | Path: C:\Program Files\Java\jre6\lib\content-types.properties Access: read attributes and synchronize and generic read Options: sequential only and synchronous io non alert and non directory file Attributes: normal Content Overwritten: true | success or wait | 593552706 |
File other op | Path: C:\Program Files\Java\jre6\lib\content-types.propertiesNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1f23ca4 | success or wait | 593554615 |
File read | Path: C:\Program Files\Java\jre6\lib\content-types.properties Offset: unknown Length: 5501 Value: 23 73 75 6E 2E 6E 65 74 2E 77 77 77 20 4D 49 4D 45 20 63 6F 6E 74 65 6E 74 2D 74 79 70 65 73 20 74 61 62 6C 65 3B 20 76 65 72 73 69 6F 6E 20 25 49 25 2C 20 25 47 25 0A 23 0A 23 20 50 72 6F 70 65 72 74 79 20 66 69 65 6C 64 73 3A 0A 23 0A 23 20 20 20 3C 64 65 73 63 72 69 70 74 69 6F 6E 3E 20 3A 3A 3D | success or wait | 593554883 |
File opened | Path: C:\Program Files\Java\jre6\lib\deploy.jar Access: read attributes and synchronize and generic read Options: sequential only and synchronous io non alert and non directory file Attributes: normal Content Overwritten: true | success or wait | 593569847 |
File other op | Path: C:\Program Files\Java\jre6\lib\deploy.jarNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@6b611e | success or wait | 593571279 |
File read | Path: C:\Program Files\Java\jre6\lib\deploy.jar Offset: unknown Length: 4096 Value: 50 4B 03 04 0A 00 00 00 00 00 2A 99 42 3E 00 00 00 00 00 00 00 00 00 00 00 00 09 00 00 00 4D 45 54 41 2D 49 4E 46 2F 50 4B 03 04 0A 00 00 00 00 00 2A 99 42 3E 6F 39 92 05 47 00 00 00 47 00 00 00 14 00 00 00 4D 45 54 41 2D 49 4E 46 2F 4D 41 4E 49 46 45 53 54 2E 4D 46 4D 61 6E 69 66 65 73 74 2D 56 65 | success or wait | 593571546 |
File other op | Path: C:\Program Files\Java\jre6\lib\deploy.jarNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1b51061 | success or wait | 593582887 |
File read | Path: C:\Program Files\Java\jre6\lib\deploy.jar Offset: unknown Length: 65536 Value: 00 10 6A 61 76 61 2F 6C 61 6E 67 2F 53 74 72 69 6E 67 01 00 16 6A 61 76 61 2F 6C 61 6E 67 2F 53 74 72 69 6E 67 42 75 66 66 65 72 01 00 10 6A 61 76 61 2F 6C 61 6E 67 2F 53 79 73 74 65 6D 01 00 0C 6A 61 76 61 2F 6E 65 74 2F 55 52 4C 01 00 06 6C 65 6E 67 74 68 01 00 0A 6F 70 65 6E 53 74 72 65 61 6D 01 | success or wait | 593583153 |
File read | Path: C:\Program Files\Java\jre6\lib\deploy.jar Offset: unknown Length: 65536 Value: 72 73 52 65 71 07 00 07 07 00 09 07 00 0A 07 00 0B 07 00 11 07 00 12 07 00 13 07 00 14 07 00 15 07 00 16 07 00 17 07 00 18 01 00 26 4C 63 6F 6D 2F 73 75 6E 2F 64 65 70 6C 6F 79 2F 63 61 63 68 65 2F 43 61 63 68 65 64 4A 61 72 46 69 6C 65 31 34 3B 01 00 20 4C 63 6F 6D 2F 73 75 6E 2F 64 65 70 6C 6F 79 | success or wait | 593671842 |
File read | Path: C:\Program Files\Java\jre6\lib\deploy.jar Offset: unknown Length: 65536 Value: BE A2 00 5E 01 3A 09 01 3A 0A 2B 15 08 32 C1 02 D7 99 00 0C 2B 15 08 32 C0 02 D7 3A 09 15 08 04 60 2B BE A2 00 1D 2B 15 08 04 60 32 C1 02 D7 99 00 11 2B 15 08 04 60 32 C0 02 D7 3A 0A A7 00 07 19 09 3A 0A 19 07 19 09 B6 05 D8 57 19 09 19 0A B8 05 2B 9A 00 06 A7 00 09 84 08 01 A7 FF A1 15 08 2B BE A2 | success or wait | 593765068 |
Thread delayed | Time: 0 TID: 1700 | success or wait | 594645860 |
File read | Path: C:\Program Files\Java\jre6\lib\deploy.jar Offset: unknown Length: 65536 Value: 2E 73 65 63 75 72 69 74 79 2E 76 61 6C 69 64 61 74 69 6F 6E 2E 63 72 6C 2E 75 72 6C 01 00 23 64 65 70 6C 6F 79 6D 65 6E 74 2E 73 65 63 75 72 69 74 79 2E 76 61 6C 69 64 61 74 69 6F 6E 2E 6F 63 73 70 01 00 2D 64 65 70 6C 6F 79 6D 65 6E 74 2E 73 65 63 75 72 69 74 79 2E 76 61 6C 69 64 61 74 69 6F 6E 2E | success or wait | 594652213 |
File read | Path: C:\Program Files\Java\jre6\lib\deploy.jar Offset: unknown Length: 65536 Value: 0A 00 5C 00 89 0A 00 5C 00 8F 0A 00 5C 00 94 0B 00 56 00 7E 0B 00 56 00 86 0B 00 59 00 87 0B 00 59 00 90 0B 00 5A 00 7F 0B 00 5A 00 85 01 00 04 43 6F 64 65 01 00 0A 45 78 63 65 70 74 69 6F 6E 73 01 00 0C 49 6E 6E 65 72 43 6C 61 73 73 65 73 01 00 08 4A 61 72 46 69 6C 65 32 00 20 00 4C 00 52 00 00 00 | success or wait | 594748906 |
File read | Path: C:\Program Files\Java\jre6\lib\deploy.jar Offset: unknown Length: 65536 Value: 50 5F 4D 49 4D 45 5F 54 59 50 45 01 00 1E 4C 6F 6F 6B 69 6E 67 20 75 70 20 6E 61 74 69 76 65 20 6C 69 62 72 61 72 79 20 69 6E 3A 20 01 00 12 4E 41 54 49 56 45 5F 43 4F 4E 54 45 4E 54 5F 42 49 54 01 00 07 4E 45 54 57 4F 52 4B 01 00 12 4E 4F 52 4D 41 4C 5F 43 4F 4E 54 45 4E 54 5F 42 49 54 01 00 44 4E | success or wait | 594838364 |
File read | Path: C:\Program Files\Java\jre6\lib\deploy.jar Offset: unknown Length: 65536 Value: 2B C7 00 05 01 B0 2B B6 01 28 4E 2D 12 10 B6 01 1A 99 00 70 2B B6 01 29 3A 04 19 04 10 2F B6 01 19 36 05 15 05 02 A0 00 1E BB 00 94 59 BB 00 A2 59 B7 01 1F 12 08 B6 01 23 2B B6 01 22 B6 01 20 B7 01 05 BF 19 04 84 05 01 15 05 B6 01 18 10 2F A0 00 06 A7 FF F1 BB 00 A7 59 BB 00 A2 59 B7 01 1F 12 11 B6 | success or wait | 594928259 |
File read | Path: C:\Program Files\Java\jre6\lib\deploy.jar Offset: unknown Length: 36864 Value: 6E 67 2F 53 74 72 69 6E 67 3B 29 5A 01 00 18 28 4C 6A 61 76 61 2F 6C 61 6E 67 2F 54 68 72 6F 77 61 62 6C 65 3B 29 56 01 00 3E 28 4C 6A 61 76 61 2F 69 6F 2F 46 69 6C 65 3B 4C 63 6F 6D 2F 73 75 6E 2F 64 65 70 6C 6F 79 2F 6E 65 74 2F 70 72 6F 78 79 2F 42 72 6F 77 73 65 72 50 72 6F 78 79 49 6E 66 6F 3B | success or wait | 595016116 |
File other op | Path: C:\Program Files\Java\jre6\lib\deploy.jarNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@465648 | success or wait | 595075309 |
File read | Path: C:\Program Files\Java\jre6\lib\deploy.jar Offset: unknown Length: 4096 Value: 61 6E 67 2F 43 6C 61 73 73 3B 01 00 15 4C 6A 61 76 61 78 2F 73 77 69 6E 67 2F 4A 42 75 74 74 6F 6E 3B 01 00 18 4C 6A 61 76 61 78 2F 73 77 69 6E 67 2F 4A 43 6F 6D 70 6F 6E 65 6E 74 3B 01 00 14 4C 6A 61 76 61 78 2F 73 77 69 6E 67 2F 4A 4C 61 62 65 6C 3B 01 00 14 4C 6A 61 76 61 78 2F 73 77 69 6E 67 2F | success or wait | 595076345 |
File other op | Path: C:\Program Files\Java\jre6\lib\deploy.jarNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1ca9f78 | success or wait | 595088665 |
File read | Path: C:\Program Files\Java\jre6\lib\deploy.jar Offset: unknown Length: 65536 Value: 77 69 6E 67 2F 4A 42 75 74 74 6F 6E 3B 01 00 14 4C 6A 61 76 61 78 2F 73 77 69 6E 67 2F 4A 50 61 6E 65 6C 3B 01 00 18 4C 6A 61 76 61 78 2F 73 77 69 6E 67 2F 4A 54 65 78 74 46 69 65 6C 64 3B 01 00 2A 4C 6A 61 76 61 78 2F 73 77 69 6E 67 2F 74 72 65 65 2F 44 65 66 61 75 6C 74 54 72 65 65 43 65 6C 6C 52 | success or wait | 595089001 |
File read | Path: C:\Program Files\Java\jre6\lib\deploy.jar Offset: unknown Length: 65536 Value: 00 26 46 69 6E 64 20 74 68 65 20 76 61 6C 69 64 20 72 6F 6F 74 20 43 41 20 69 6E 20 63 61 63 65 72 74 73 20 66 69 6C 65 01 00 17 46 69 6E 64 69 6E 67 20 69 6E 66 6F 72 6D 61 74 69 6F 6E 20 2E 2E 2E 01 00 06 46 69 6E 69 73 68 01 00 58 46 6F 72 20 6D 6F 72 65 20 69 6E 66 6F 72 6D 61 74 69 6F 6E 20 61 | success or wait | 595171297 |
File read | Path: C:\Program Files\Java\jre6\lib\deploy.jar Offset: unknown Length: 4096 Value: 72 69 74 79 2E 70 6F 6C 69 63 69 65 73 2E 61 64 76 61 6E 63 65 64 2E 74 65 78 74 01 00 1D 73 65 63 75 72 69 74 79 2E 70 6F 6C 69 63 69 65 73 2E 62 6F 72 64 65 72 2E 74 65 78 74 01 00 1B 73 65 63 75 72 69 74 79 2E 70 6F 6C 69 63 69 65 73 2E 64 65 73 63 2E 74 65 78 74 01 00 1F 73 65 63 75 72 69 74 79 | success or wait | 595261973 |
File other op | Path: C:\Program Files\Java\jre6\lib\deploy.jarNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1aba72e | success or wait | 595268502 |
File read | Path: C:\Program Files\Java\jre6\lib\deploy.jar Offset: unknown Length: 4096 Value: 67 68 74 20 28 63 29 20 32 30 31 31 20 4F 72 61 63 6C 65 20 61 6E 64 2F 6F 72 20 69 74 73 20 61 66 66 69 6C 69 61 74 65 73 2E 2E 01 00 06 46 54 50 EF BC 9A 01 00 07 48 54 54 50 EF BC 9A 01 00 31 4A 4E 4C 50 20 E6 AA 94 E4 B8 AD E7 9A 84 20 4A 41 52 20 E8 B3 87 E6 BA 90 E6 9C AA E4 BB A5 E7 9B B8 E5 | success or wait | 595268872 |
File other op | Path: C:\Program Files\Java\jre6\lib\deploy.jarNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@6cd67b | success or wait | 595279514 |
File read | Path: C:\Program Files\Java\jre6\lib\deploy.jar Offset: unknown Length: 20480 Value: 03 13 0D 41 53 59 04 13 0A F8 53 53 59 11 03 BD 05 BD 13 89 59 03 13 0D 1D 53 59 04 13 10 BD 53 53 59 11 03 BE 05 BD 13 89 59 03 13 0D 1E 53 59 04 13 0A F7 53 53 59 11 03 BF 05 BD 13 89 59 03 13 0C FB 53 59 04 13 12 9E 53 53 59 11 03 C0 05 BD 13 89 59 03 13 0C FC 53 59 04 13 13 7C 53 53 59 11 03 C1 | success or wait | 595279778 |
Thread delayed | Time: 0 TID: 1700 | success or wait | 596039942 |
File other op | Path: C:\Program Files\Java\jre6\lib\deploy.jarNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@175650e | success or wait | 596043777 |
File read | Path: C:\Program Files\Java\jre6\lib\deploy.jar Offset: unknown Length: 45056 Value: 58 1A 26 C7 16 63 E5 58 35 56 8F 35 63 1D 58 37 76 15 1B C0 9E 61 EF 08 24 02 8B 80 13 EC 08 5E 84 10 C2 6C 82 90 90 47 58 4C 58 43 A8 25 EC 23 B4 12 BA 08 57 09 83 84 31 C2 27 22 93 A8 4F B4 25 7A 12 F9 C4 78 62 3A B1 90 58 46 AC 26 EE 21 1E 21 9E 25 5E 27 0E 13 5F 93 48 24 0E C9 92 E4 4E 0A 21 25 | success or wait | 596044042 |
File other op | Path: C:\Program Files\Java\jre6\lib\deploy.jarNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@3da1dc | success or wait | 596108908 |
File read | Path: C:\Program Files\Java\jre6\lib\deploy.jar Offset: unknown Length: 12288 Value: 25 00 00 80 83 00 00 F9 FF 00 00 80 E9 00 00 75 30 00 00 EA 60 00 00 3A 98 00 00 17 6F 92 5F C5 46 00 00 03 2F 49 44 41 54 78 DA B4 96 CF 6F 54 55 14 C7 3F 77 66 1C 4B DB 97 0E AD A5 B5 2D 0D 35 64 42 C4 95 09 2B 57 2E 31 46 5D 74 6F 58 D6 84 BF C0 B8 32 2C 65 21 46 96 98 10 5D 18 58 F8 23 26 9A 18 | success or wait | 596109281 |
File other op | Path: C:\Program Files\Java\jre6\lib\deploy.jarNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@4d9ebf | success or wait | 596130680 |
File read | Path: C:\Program Files\Java\jre6\lib\deploy.jar Offset: unknown Length: 8192 Value: 8B 0E 58 D2 76 00 40 7E F3 2D 8C 1A 0B 91 00 10 67 34 32 79 F7 00 00 93 BF F9 8F 40 2B 01 00 CD 97 A4 E3 00 00 BC E8 18 5C A8 94 17 4C C6 08 00 00 44 A0 81 2A B0 41 07 0C C1 14 AC C0 0E 9C C1 1D BC C0 17 02 61 06 44 40 0C 24 C0 3C 10 42 06 E4 80 1C 0A A1 18 96 41 19 54 C0 3A D8 04 B5 B0 03 1A A0 11 | success or wait | 596130943 |
File other op | Path: C:\Program Files\Java\jre6\lib\deploy.jarNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1f14318 | success or wait | 596138641 |
File read | Path: C:\Program Files\Java\jre6\lib\deploy.jar Offset: unknown Length: 53248 Value: 65 01 00 0C 49 6E 6E 65 72 43 6C 61 73 73 65 73 00 30 00 06 00 07 00 00 00 00 00 02 00 00 00 02 00 08 00 01 00 0B 00 00 00 13 00 03 00 03 00 00 00 07 2A 2B 2C B7 00 0A B1 00 00 00 00 00 01 00 04 00 01 00 01 00 0B 00 00 00 0E 00 01 00 03 00 00 00 02 03 AC 00 00 00 00 00 01 00 0C 00 00 00 0A 00 01 00 | success or wait | 596139710 |
File other op | Path: C:\Program Files\Java\jre6\lib\deploy.jarNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@6bfd73 | success or wait | 596216011 |
File read | Path: C:\Program Files\Java\jre6\lib\deploy.jar Offset: unknown Length: 12288 Value: 64 65 70 6C 6F 79 2F 73 65 63 75 72 69 74 79 2F 41 75 74 68 4B 65 79 3B 29 4C 63 6F 6D 2F 73 75 6E 2F 64 65 70 6C 6F 79 2F 73 65 63 75 72 69 74 79 2F 43 72 65 64 65 6E 74 69 61 6C 49 6E 66 6F 3B 01 00 4C 28 4C 63 6F 6D 2F 73 75 6E 2F 64 65 70 6C 6F 79 2F 73 65 63 75 72 69 74 79 2F 41 75 74 68 4B 65 | success or wait | 596216532 |
File other op | Path: C:\Program Files\Java\jre6\lib\deploy.jarNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1ccc6c8 | success or wait | 596234171 |
File read | Path: C:\Program Files\Java\jre6\lib\deploy.jar Offset: unknown Length: 65536 Value: 6F 2F 46 69 6C 65 3B 29 56 0C 00 43 00 11 0C 00 28 00 15 0C 00 44 00 15 0C 00 48 00 5F 0C 00 26 00 60 0C 00 13 00 61 0C 00 29 00 62 0C 00 10 00 0B 0C 00 28 00 0C 0C 00 2B 00 0C 0C 00 44 00 0C 0C 00 2E 00 0D 0C 00 30 00 63 0C 00 2A 00 64 0C 00 31 00 65 0C 00 32 00 65 0C 00 33 00 65 0C 00 49 00 65 0C | success or wait | 596234436 |
File read | Path: C:\Program Files\Java\jre6\lib\deploy.jar Offset: unknown Length: 65536 Value: B6 01 50 3A 1E 19 1D 01 B6 01 50 3A 1F 19 1A 19 1E B6 01 4A 9A 00 10 19 1A 19 1F B6 01 4A 9A 00 06 A7 00 CE 04 BD 00 B6 59 03 19 0B 53 3A 20 2D 12 0F 19 20 B6 01 44 3A 21 04 BD 00 BB 59 03 19 09 15 0A 32 53 3A 22 19 21 2B 19 22 B6 01 51 C0 00 AA C0 00 AA 3A 23 BB 00 CA 59 B7 01 5A 3A 24 03 36 25 15 | success or wait | 596320490 |
File read | Path: C:\Program Files\Java\jre6\lib\deploy.jar Offset: unknown Length: 65536 Value: 6C 6F 79 2F 73 65 63 75 72 69 74 79 2F 41 75 74 68 49 6E 66 6F 49 74 65 6D 01 00 36 63 6F 6D 2F 73 75 6E 2F 64 65 70 6C 6F 79 2F 73 65 63 75 72 69 74 79 2F 57 49 45 78 70 6C 6F 72 65 72 42 72 6F 77 73 65 72 41 75 74 68 65 6E 74 69 63 61 74 6F 72 01 00 38 63 6F 6D 2F 73 75 6E 2F 64 65 70 6C 6F 79 2F | success or wait | 596443122 |
File read | Path: C:\Program Files\Java\jre6\lib\deploy.jar Offset: unknown Length: 65536 Value: 6C 6F 79 2F 75 74 69 6C 2F 54 72 61 63 65 4C 65 76 65 6C 01 00 06 65 71 75 61 6C 73 01 00 05 66 6C 75 73 68 01 00 0E 67 65 74 49 6E 70 75 74 53 74 72 65 61 6D 01 00 0F 67 65 74 4F 75 74 70 75 74 53 74 72 65 61 6D 01 00 11 67 6F 74 20 6D 61 67 69 63 20 77 6F 72 64 21 21 21 01 00 07 68 61 73 4E 65 78 | success or wait | 596534887 |
File read | Path: C:\Program Files\Java\jre6\lib\deploy.jar Offset: unknown Length: 65536 Value: 9A 00 0A 2A B4 03 71 B6 04 1A A7 00 0B 2A B4 03 7F 03 B6 04 40 B1 00 00 00 00 00 00 01 5B 02 18 00 01 04 55 00 00 00 1C 00 02 00 02 00 00 00 10 2A B4 03 56 C6 00 0B 2A B4 03 56 2B B6 03 CE B1 00 00 00 00 00 01 00 94 00 22 00 01 04 55 00 00 00 14 00 01 00 01 00 00 00 08 2A B4 03 71 B6 04 19 B1 00 00 | success or wait | 596627041 |
File read | Path: C:\Program Files\Java\jre6\lib\deploy.jar Offset: unknown Length: 65536 Value: 00 00 00 01 00 09 00 4B 00 01 00 94 00 00 00 16 00 02 00 02 00 00 00 0A 2A B7 00 75 2A 2B B6 00 80 B1 00 00 00 00 00 01 00 09 00 07 00 01 00 94 00 00 00 60 00 09 00 07 00 00 00 54 2A B7 00 75 2A 1C B5 00 70 BB 00 3B 59 B7 00 8D 3A 04 19 04 B6 00 8E 3A 05 1D 99 00 10 19 05 04 1B 86 B6 00 88 3A 06 A7 | success or wait | 596746290 |
File read | Path: C:\Program Files\Java\jre6\lib\deploy.jar Offset: unknown Length: 49152 Value: 65 72 76 65 72 2F 52 4D 49 43 6C 61 73 73 4C 6F 61 64 65 72 53 70 69 3B 0C 00 02 00 01 0C 00 04 00 0E 0A 00 0A 00 0F 0A 00 0B 00 10 01 00 04 43 6F 64 65 01 00 0C 49 6E 6E 65 72 43 6C 61 73 73 65 73 00 30 00 09 00 0A 00 01 00 0C 00 00 00 02 00 00 00 02 00 01 00 01 00 13 00 00 00 11 00 01 00 01 00 00 | success or wait | 597026062 |
File opened | Path: C:\Program Files\Java\jre6\lib\ext\dnsns.jar Access: read attributes and synchronize and generic read Options: sequential only and synchronous io non alert and non directory file Attributes: normal Content Overwritten: true | success or wait | 597054141 |
File other op | Path: C:\Program Files\Java\jre6\lib\ext\dnsns.jarNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@10eb2f0 | success or wait | 597054722 |
File read | Path: C:\Program Files\Java\jre6\lib\ext\dnsns.jar Offset: unknown Length: 4143 Value: 5D 56 3E 69 D8 7A B2 1B 19 D9 50 A7 8F DB 48 4F 97 35 84 DD C9 7F 9F 82 D5 B2 33 10 6F 8C C6 AC E5 61 AB CB 8A 24 E2 36 C0 08 58 67 C4 F6 45 1E A5 D5 D7 51 6A AA 11 CD DD 78 9E AA 67 FA 10 53 4D 61 22 3A 78 E4 E5 07 82 41 5B 73 6F 76 E3 B9 4C 21 2A 0D 0D 95 28 24 62 11 0B C5 97 77 75 27 76 08 E6 7C | success or wait | 597054820 |
File opened | Path: C:\Program Files\Java\jre6\lib\ext\localedata.jar Access: read attributes and synchronize and generic read Options: sequential only and synchronous io non alert and non directory file Attributes: normal Content Overwritten: true | success or wait | 597058607 |
File other op | Path: C:\Program Files\Java\jre6\lib\ext\localedata.jarNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@5e593 | success or wait | 597059137 |
File read | Path: C:\Program Files\Java\jre6\lib\ext\localedata.jar Offset: unknown Length: 14061 Value: 34 53 53 59 11 01 78 05 BD 08 DE 59 03 13 06 FB 53 59 04 19 39 53 53 59 11 01 79 05 BD 08 DE 59 03 13 06 FD 53 59 04 19 39 53 53 59 11 01 7A 05 BD 08 DE 59 03 13 06 FC 53 59 04 19 13 53 53 59 11 01 7B 05 BD 08 DE 59 03 12 15 53 59 04 19 0E 53 53 59 11 01 7C 05 BD 08 DE 59 03 12 18 53 59 04 19 0F 53 | success or wait | 597059234 |
File opened | Path: C:\Program Files\Java\jre6\lib\fontconfig.bfc Access: read attributes and synchronize and generic read Options: sequential only and synchronous io non alert and non directory file Attributes: normal Content Overwritten: true | success or wait | 597067564 |
File other op | Path: C:\Program Files\Java\jre6\lib\fontconfig.bfcNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1233bdc | success or wait | 597068117 |
File read | Path: C:\Program Files\Java\jre6\lib\fontconfig.bfc Offset: unknown Length: 3478 Value: 00 14 00 24 00 AC 00 B7 00 EE 01 0A 01 2C 01 4E 01 5E 01 6E 01 76 01 76 01 7C 02 03 06 CB 00 84 00 00 00 85 00 00 00 00 00 30 00 37 00 34 00 28 00 33 00 35 00 36 00 2C 00 29 00 2A 00 2E 00 2D 00 32 00 2B 00 2F 00 31 00 01 00 02 00 03 00 02 00 04 FF F0 00 06 00 07 00 08 00 09 00 08 FF DC FF C8 FF B4 | success or wait | 597068214 |
File opened | Path: C:\Program Files\Java\jre6\lib\fonts\lucidabrightdemibold.ttf Access: read attributes and synchronize and generic read Options: sequential only and synchronous io non alert and non directory file Attributes: normal Content Overwritten: true | success or wait | 597072537 |
File other op | Path: C:\Program Files\Java\jre6\lib\fonts\LucidaBrightDemiBold.ttfNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@2f0e07 | success or wait | 597073078 |
File read | Path: C:\Program Files\Java\jre6\lib\fonts\LucidaBrightDemiBold.ttf Offset: unknown Length: 4096 Value: 00 01 00 00 00 0F 00 80 00 03 00 70 4C 54 53 48 24 EC BE C1 00 01 23 FC 00 00 01 8C 4F 53 2F 32 70 C4 7B 91 00 00 00 FC 00 00 00 56 63 6D 61 70 12 55 EC 7A 00 00 01 54 00 00 04 6A 63 76 74 20 38 1E 45 AE 00 00 05 C0 00 00 01 EE 66 70 67 6D 07 DB 31 8A 00 00 07 B0 00 00 07 BA 67 6C 79 66 40 3E D1 37 | success or wait | 597073176 |
File other op | Path: C:\Program Files\Java\jre6\lib\fonts\LucidaBrightDemiBold.ttfNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@142022d | success or wait | 597077355 |
File read | Path: C:\Program Files\Java\jre6\lib\fonts\LucidaBrightDemiBold.ttf Offset: unknown Length: 4096 Value: FF FF 00 00 00 00 02 D8 07 CF 02 32 00 4F 00 00 01 17 00 E0 FE F4 01 8B 00 13 40 0B 01 19 19 16 15 07 25 01 18 02 26 00 2B 35 01 2B 35 00 FF FF 00 2C FE 50 06 02 05 C8 02 32 00 31 00 00 01 17 00 DD FE C5 00 00 00 0E B9 00 01 FE 26 B4 29 34 16 21 25 01 2B 35 FF FF 00 1F FE 50 05 3B 04 63 02 32 00 51 | success or wait | 597077452 |
File opened | Path: C:\Program Files\Java\jre6\lib\fonts\lucidabrightdemiitalic.ttf Access: read attributes and synchronize and generic read Options: sequential only and synchronous io non alert and non directory file Attributes: normal Content Overwritten: true | success or wait | 597080294 |
File other op | Path: C:\Program Files\Java\jre6\lib\fonts\LucidaBrightDemiItalic.ttfNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@9ced84 | success or wait | 597080850 |
File read | Path: C:\Program Files\Java\jre6\lib\fonts\LucidaBrightDemiItalic.ttf Offset: unknown Length: 4096 Value: 00 01 00 00 00 0F 00 80 00 03 00 70 4C 54 53 48 9E C2 B3 9F 00 01 23 E8 00 00 01 8C 4F 53 2F 32 6B 9A 7B 91 00 00 00 FC 00 00 00 56 63 6D 61 70 12 55 EC 7A 00 00 01 54 00 00 04 6A 63 76 74 20 3D 6A 43 95 00 00 05 C0 00 00 01 EA 66 70 67 6D 07 DB 31 8A 00 00 07 AC 00 00 07 BA 67 6C 79 66 A1 95 9A E8 | success or wait | 597080947 |
File other op | Path: C:\Program Files\Java\jre6\lib\fonts\LucidaBrightDemiItalic.ttfNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@ad8bfd | success or wait | 597085130 |
File read | Path: C:\Program Files\Java\jre6\lib\fonts\LucidaBrightDemiItalic.ttf Offset: unknown Length: 8192 Value: 00 16 00 19 00 00 01 37 33 32 36 3F 01 21 37 01 33 03 33 07 23 07 06 15 14 1F 01 33 07 01 21 13 02 20 0E 0B 31 21 10 0B FE 5A 17 02 1F B2 66 6E 1D 6D 0B 0B 2D 11 0A 0D FD FD 01 3A 4D 02 50 46 28 4E 38 77 02 18 FD FF 8E 38 37 1F 1C 03 01 46 01 82 01 83 00 01 00 7B FF DB 05 E9 05 EE 00 2A 00 00 25 07 | success or wait | 597085225 |
File opened | Path: C:\Program Files\Java\jre6\lib\fonts\lucidabrightitalic.ttf Access: read attributes and synchronize and generic read Options: sequential only and synchronous io non alert and non directory file Attributes: normal Content Overwritten: true | success or wait | 597090148 |
File other op | Path: C:\Program Files\Java\jre6\lib\fonts\LucidaBrightItalic.ttfNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1c1c9dc | success or wait | 597090747 |
File read | Path: C:\Program Files\Java\jre6\lib\fonts\LucidaBrightItalic.ttf Offset: unknown Length: 4096 Value: 00 01 00 00 00 0F 00 80 00 03 00 70 4C 54 53 48 8C 91 FB 32 00 01 3A 4C 00 00 01 8C 4F 53 2F 32 70 9A 7C 79 00 00 00 FC 00 00 00 56 63 6D 61 70 12 55 EC 7A 00 00 01 54 00 00 04 6A 63 76 74 20 46 A1 3B C7 00 00 05 C0 00 00 01 C2 66 70 67 6D 07 DB 31 8A 00 00 07 84 00 00 07 BA 67 6C 79 66 D2 7D 13 B9 | success or wait | 597090878 |
File other op | Path: C:\Program Files\Java\jre6\lib\fonts\LucidaBrightItalic.ttfNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1abbba1 | success or wait | 597095344 |
File read | Path: C:\Program Files\Java\jre6\lib\fonts\LucidaBrightItalic.ttf Offset: unknown Length: 4096 Value: 1C 03 1C A3 1D 39 1E 18 1E B7 1F 95 20 8C 21 5C 21 D4 22 26 22 4F 22 94 22 DD 22 F3 23 14 23 AF 24 63 24 D8 25 79 25 EF 26 69 27 28 27 EC 28 55 28 D8 29 82 29 CF 2A C6 2B 88 2B D7 2C 78 2D 02 2D 77 2E 25 2E BB 2F 9C 30 1F 30 D6 31 96 32 3E 32 D2 33 45 33 71 33 F6 34 4E 34 6E 34 99 34 AF 34 C7 34 DE | success or wait | 597095440 |
File opened | Path: C:\Program Files\Java\jre6\lib\fonts\lucidabrightregular.ttf Access: read attributes and synchronize and generic read Options: sequential only and synchronous io non alert and non directory file Attributes: normal Content Overwritten: true | success or wait | 597098235 |
File other op | Path: C:\Program Files\Java\jre6\lib\fonts\LucidaBrightRegular.ttfNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1ab5d6d | success or wait | 597098766 |
File read | Path: C:\Program Files\Java\jre6\lib\fonts\LucidaBrightRegular.ttf Offset: unknown Length: 4096 Value: 00 01 00 00 00 0F 00 80 00 03 00 70 4C 54 53 48 4E A6 83 55 00 05 3D CC 00 00 05 7E 4F 53 2F 32 94 83 82 53 00 00 00 FC 00 00 00 56 63 6D 61 70 1E D6 74 4F 00 00 01 54 00 00 07 96 63 76 74 20 3D 7C 74 3E 00 00 08 EC 00 00 03 74 66 70 67 6D 07 DB 31 8A 00 00 0C 60 00 00 07 BA 67 6C 79 66 15 4A EB E0 | success or wait | 597098863 |
File other op | Path: C:\Program Files\Java\jre6\lib\fonts\LucidaBrightRegular.ttfNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@182ab3e | success or wait | 597103181 |
File read | Path: C:\Program Files\Java\jre6\lib\fonts\LucidaBrightRegular.ttf Offset: unknown Length: 4096 Value: 00 02 F9 28 00 02 FA 08 00 02 FA 1E 00 02 FB D8 00 02 FC AE 00 02 FD 84 00 02 FD E6 00 02 FD FC 00 02 FE 60 00 02 FE 76 00 02 FE DA 00 02 FF 42 00 03 00 46 00 03 00 5C 00 03 01 24 00 03 01 FE 00 03 03 BA 00 03 03 D0 00 03 04 22 00 03 04 74 00 03 04 8A 00 03 04 D8 00 03 04 EE 00 03 05 04 00 03 05 1A | success or wait | 597103276 |
File opened | Path: C:\Program Files\Java\jre6\lib\fonts\lucidasansdemibold.ttf Access: read attributes and synchronize and generic read Options: sequential only and synchronous io non alert and non directory file Attributes: normal Content Overwritten: true | success or wait | 597107466 |
File other op | Path: C:\Program Files\Java\jre6\lib\fonts\LucidaSansDemiBold.ttfNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1b8aeb1 | success or wait | 597107997 |
File read | Path: C:\Program Files\Java\jre6\lib\fonts\LucidaSansDemiBold.ttf Offset: unknown Length: 4096 Value: 00 01 00 00 00 0F 00 80 00 03 00 70 4C 54 53 48 5F 52 D6 61 00 00 00 FC 00 00 06 86 4F 53 2F 32 0F B9 EA 15 00 00 07 84 00 00 00 56 63 6D 61 70 7A EB 24 4C 00 00 07 DC 00 00 05 5A 63 76 74 20 A9 04 DC 79 00 00 0D 38 00 00 05 68 66 70 67 6D 07 DB 31 8A 00 00 12 A0 00 00 07 BA 67 6C 79 66 F2 88 07 A2 | success or wait | 597108095 |
File other op | Path: C:\Program Files\Java\jre6\lib\fonts\LucidaSansDemiBold.ttfNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1d4ea6c | success or wait | 597112386 |
File read | Path: C:\Program Files\Java\jre6\lib\fonts\LucidaSansDemiBold.ttf Offset: unknown Length: 8192 Value: 00 01 8F 82 00 01 8F B4 00 01 8F E6 00 01 90 18 00 01 90 48 00 01 91 34 00 01 92 24 00 01 92 56 00 01 92 86 00 01 92 B4 00 01 92 E0 00 01 93 12 00 01 93 42 00 01 93 74 00 01 93 A4 00 01 93 D6 00 01 94 06 00 01 94 38 00 01 94 6A 00 01 94 E6 00 01 95 4C 00 01 96 6A 00 01 96 B4 00 01 97 1C 00 01 97 64 | success or wait | 597112482 |
File opened | Path: C:\Program Files\Java\jre6\lib\fonts\lucidasansregular.ttf Access: read attributes and synchronize and generic read Options: sequential only and synchronous io non alert and non directory file Attributes: normal Content Overwritten: true | success or wait | 597118022 |
File read | Path: C:\Program Files\Java\jre6\lib\fonts\LucidaSansRegular.ttf Offset: unknown Length: 4096 Value: 00 01 00 00 00 12 01 00 00 04 00 20 47 44 45 46 BC DF BD 7C 00 09 E8 84 00 00 07 C6 47 50 4F 53 16 94 B8 CB 00 09 F0 4C 00 00 0E 48 47 53 55 42 CE AB 66 F2 00 09 FE 94 00 00 9B 0C 4C 54 53 48 89 88 92 E1 00 08 BE B0 00 00 0B 75 4F 53 2F 32 98 23 47 51 00 00 01 2C 00 00 00 56 63 6D 61 70 84 AF 34 D2 | success or wait | 597118652 |
File read | Path: C:\Program Files\Java\jre6\lib\fonts\LucidaSansRegular.ttf Offset: unknown Length: 4096 Value: 00 05 ED EA 00 05 EF 84 00 05 EF AA 00 05 EF D0 00 05 EF F8 00 05 F0 20 00 05 F1 22 00 05 F2 04 00 05 F3 8E 00 05 F5 14 00 05 F6 E4 00 05 F7 B6 00 05 F8 8E 00 05 F9 E8 00 05 FB 64 00 05 FC 9E 00 05 FD 86 00 05 FE BC 00 05 FE E4 00 06 00 54 00 06 00 7E 00 06 01 B4 00 06 03 24 00 06 04 18 00 06 05 76 | success or wait | 597123358 |
File opened | Path: C:\Program Files\Java\jre6\lib\fonts\lucidatypewriterbold.ttf Access: read attributes and synchronize and generic read Options: sequential only and synchronous io non alert and non directory file Attributes: normal Content Overwritten: true | success or wait | 597127861 |
File read | Path: C:\Program Files\Java\jre6\lib\fonts\LucidaTypewriterBold.ttf Offset: unknown Length: 4096 Value: 00 01 00 00 00 0D 00 80 00 03 00 50 4F 53 2F 32 11 F4 E9 A6 00 00 00 DC 00 00 00 56 63 6D 61 70 57 1B 08 89 00 00 01 34 00 00 05 92 63 76 74 20 C1 4D 2F A7 00 00 06 C8 00 00 06 BC 66 70 67 6D 07 DB 31 8A 00 00 0D 84 00 00 07 BA 67 6C 79 66 7C 1E 9A 11 00 00 15 40 00 02 F7 0C 68 65 61 64 CC 9B 63 95 | success or wait | 597128490 |
File read | Path: C:\Program Files\Java\jre6\lib\fonts\LucidaTypewriterBold.ttf Offset: unknown Length: 4096 Value: 00 01 DC AE 00 01 DC C6 00 01 DD FE 00 01 DE 16 00 01 DF 7E 00 01 DF A2 00 01 E0 78 00 01 E0 9C 00 01 E0 C2 00 01 E1 FC 00 01 E3 1A 00 01 E3 32 00 01 E3 58 00 01 E3 7C 00 01 E4 A0 00 01 E4 C8 00 01 E4 F4 00 01 E5 04 00 01 E6 2A 00 01 E6 42 00 01 E6 80 00 01 E6 C0 00 01 E7 72 00 01 E7 96 00 01 E7 C8 | success or wait | 597132902 |
File opened | Path: C:\Program Files\Java\jre6\lib\fonts\lucidatypewriterregular.ttf Access: read attributes and synchronize and generic read Options: sequential only and synchronous io non alert and non directory file Attributes: normal Content Overwritten: true | success or wait | 597136484 |
File read | Path: C:\Program Files\Java\jre6\lib\fonts\LucidaTypewriterRegular.ttf Offset: unknown Length: 4096 Value: 00 01 00 00 00 0D 00 80 00 03 00 50 4F 53 2F 32 EF 01 8B 73 00 00 00 DC 00 00 00 60 63 6D 61 70 EB 15 52 68 00 00 01 3C 00 00 08 04 63 76 74 20 6D AA A1 09 00 00 09 40 00 00 04 3C 66 70 67 6D 07 DB 31 8A 00 00 0D 7C 00 00 07 BA 67 6C 79 66 A1 BD 3B 7D 00 00 15 38 00 03 1D 12 68 65 61 64 CC 98 2C 6A | success or wait | 597137136 |
Thread delayed | Time: 0 TID: 1700 | success or wait | 597143193 |
File read | Path: C:\Program Files\Java\jre6\lib\fonts\LucidaTypewriterRegular.ttf Offset: unknown Length: 8192 Value: 00 01 04 0E 00 01 04 72 00 01 06 82 00 01 07 9A 00 01 08 34 00 01 08 62 00 01 09 B4 00 01 0A 38 00 01 0A 48 00 01 0A 58 00 01 0A 68 00 01 0A 78 00 01 0A 88 00 01 0A 98 00 01 0A A8 00 01 0B A0 00 01 0C 9E 00 01 0C AE 00 01 0D 14 00 01 0D AC 00 01 0E 4C 00 01 0F 0A 00 01 0F D6 00 01 10 78 00 01 11 52 | success or wait | 597144456 |
File opened | Path: C:\Program Files\Java\jre6\lib\javaws.jar Access: read attributes and synchronize and generic read Options: sequential only and synchronous io non alert and non directory file Attributes: normal Content Overwritten: true | success or wait | 597149910 |
File read | Path: C:\Program Files\Java\jre6\lib\javaws.jar Offset: unknown Length: 16384 Value: 50 4B 03 04 0A 00 00 00 00 00 D3 98 42 3E 00 00 00 00 00 00 00 00 00 00 00 00 09 00 00 00 4D 45 54 41 2D 49 4E 46 2F 50 4B 03 04 0A 00 00 00 00 00 D3 98 42 3E 6F 39 92 05 47 00 00 00 47 00 00 00 14 00 00 00 4D 45 54 41 2D 49 4E 46 2F 4D 41 4E 49 46 45 53 54 2E 4D 46 4D 61 6E 69 66 65 73 74 2D 56 65 | success or wait | 597150535 |
File read | Path: C:\Program Files\Java\jre6\lib\javaws.jar Offset: unknown Length: 65536 Value: 72 69 6E 67 3B 0C 00 0F 00 0D 0C 00 0B 00 09 0C 00 15 00 21 0C 00 16 00 21 0C 00 1B 00 21 0C 00 0B 00 22 0C 00 17 00 24 0C 00 10 00 25 0C 00 17 00 26 09 00 1E 00 27 0A 00 1D 00 2D 0A 00 1D 00 2F 0A 00 1E 00 29 0A 00 1E 00 2A 0A 00 1F 00 2C 0A 00 20 00 28 0A 00 20 00 2B 0A 00 20 00 2C 0A 00 20 00 2E | success or wait | 597160923 |
File read | Path: C:\Program Files\Java\jre6\lib\javaws.jar Offset: unknown Length: 65536 Value: 61 72 61 6D 65 74 65 72 73 01 00 19 63 6F 6D 2F 73 75 6E 2F 64 65 70 6C 6F 79 2F 75 74 69 6C 2F 54 72 61 63 65 01 00 1E 63 6F 6D 2F 73 75 6E 2F 64 65 70 6C 6F 79 2F 75 74 69 6C 2F 54 72 61 63 65 4C 65 76 65 6C 01 00 26 63 6F 6D 2F 73 75 6E 2F 64 65 70 6C 6F 79 2F 78 6D 6C 2F 58 4D 4C 41 74 74 72 69 | success or wait | 597193329 |
File read | Path: C:\Program Files\Java\jre6\lib\javaws.jar Offset: unknown Length: 65536 Value: 53 79 6E 74 68 65 74 69 63 01 00 01 5A 01 00 0A 61 63 63 65 73 73 24 31 30 30 01 00 03 61 64 64 01 00 20 63 6F 6D 2F 73 75 6E 2F 6A 61 76 61 77 73 2F 6A 6E 6C 2F 45 78 74 65 6E 73 69 6F 6E 44 65 73 63 01 00 1A 63 6F 6D 2F 73 75 6E 2F 6A 61 76 61 77 73 2F 6A 6E 6C 2F 4A 41 52 44 65 73 63 01 00 1A 63 | success or wait | 597226823 |
File read | Path: C:\Program Files\Java\jre6\lib\javaws.jar Offset: unknown Length: 65536 Value: 01 00 04 65 78 65 63 01 00 0B 65 78 65 63 50 72 6F 67 72 61 6D 01 00 11 65 78 65 63 75 74 65 49 6E 73 74 61 6C 6C 65 72 73 01 00 13 65 78 65 63 75 74 65 55 6E 69 6E 73 74 61 6C 6C 65 72 73 01 00 05 66 61 6C 73 65 01 00 04 66 69 6C 65 01 00 11 66 69 6C 65 52 65 61 64 57 72 69 74 65 4C 69 73 74 01 00 | success or wait | 597256910 |
File read | Path: C:\Program Files\Java\jre6\lib\javaws.jar Offset: unknown Length: 65536 Value: 49 6E 66 6F 3B 01 00 22 28 29 4C 63 6F 6D 2F 73 75 6E 2F 64 65 70 6C 6F 79 2F 75 69 2F 43 6F 6D 70 6F 6E 65 6E 74 52 65 66 3B 01 00 25 28 29 4C 63 6F 6D 2F 73 75 6E 2F 64 65 70 6C 6F 79 2F 75 74 69 6C 2F 4A 56 4D 50 61 72 61 6D 65 74 65 72 73 3B 01 00 23 28 4C 63 6F 6D 2F 73 75 6E 2F 64 65 70 6C 6F | success or wait | 597291110 |
File read | Path: C:\Program Files\Java\jre6\lib\javaws.jar Offset: unknown Length: 32768 Value: 00 00 01 00 9C 00 00 00 1A 00 03 00 34 00 33 00 9F 00 02 00 35 00 34 00 9D 00 02 00 36 00 34 00 9E 00 02 50 4B 03 04 0A 00 00 00 00 00 CA 98 42 3E 74 B5 16 21 46 0F 00 00 46 0F 00 00 25 00 00 00 63 6F 6D 2F 73 75 6E 2F 6A 61 76 61 77 73 2F 4F 70 65 72 61 50 72 65 66 65 72 65 6E 63 65 73 2E 63 6C 61 | success or wait | 597554320 |
File read | Path: C:\Program Files\Java\jre6\lib\javaws.jar Offset: unknown Length: 28672 Value: 75 6D 6E 01 00 16 72 65 73 2E 76 69 65 77 65 72 2E 73 69 7A 65 2E 63 6F 6C 75 6D 6E 01 00 15 72 65 73 2E 76 69 65 77 65 72 2E 75 72 6C 2E 63 6F 6C 75 6D 6E 01 00 19 72 65 73 2E 76 69 65 77 65 72 2E 76 65 72 73 69 6F 6E 2E 63 6F 6C 75 6D 6E 01 00 07 73 65 74 49 63 6F 6E 01 00 07 73 65 74 54 65 78 74 | success or wait | 597573168 |
File read | Path: C:\Program Files\Java\jre6\lib\javaws.jar Offset: unknown Length: 65536 Value: 63 6F 6D 2F 73 75 6E 2F 6A 61 76 61 77 73 2F 75 69 2F 44 6F 77 6E 6C 6F 61 64 57 69 6E 64 6F 77 24 36 01 00 09 67 65 74 53 74 72 69 6E 67 01 00 10 6A 61 76 61 2F 6C 61 6E 67 2F 4F 62 6A 65 63 74 01 00 12 6A 61 76 61 2F 6C 61 6E 67 2F 52 75 6E 6E 61 62 6C 65 01 00 12 70 72 6F 67 72 65 73 73 2E 6C 61 | success or wait | 597587453 |
File read | Path: C:\Program Files\Java\jre6\lib\javaws.jar Offset: unknown Length: 65536 Value: 01 EE 0A 01 36 01 E2 0A 01 36 01 F3 0A 01 37 01 8B 0A 01 38 01 8B 0A 01 38 01 EB 0A 01 39 01 8D 0A 01 39 01 8E 0A 01 39 01 A4 0A 01 39 01 A5 0A 01 39 01 A8 0A 01 39 01 A9 0A 01 39 01 AA 0A 01 39 01 B0 0A 01 39 01 B2 0A 01 39 01 B4 0A 01 39 01 B8 0A 01 39 01 C6 0A 01 39 01 C8 0A 01 39 01 D5 0A 01 39 | success or wait | 597617918 |
File read | Path: C:\Program Files\Java\jre6\lib\javaws.jar Offset: unknown Length: 8192 Value: 69 6C 65 3B 0C 00 0F 00 16 0C 00 04 00 01 0C 00 07 00 02 0C 00 04 00 03 0C 00 06 00 19 09 00 11 00 1A 0A 00 10 00 1E 0A 00 12 00 1C 0A 00 13 00 1D 0A 00 14 00 1B 01 00 04 43 6F 64 65 01 00 0C 49 6E 6E 65 72 43 6C 61 73 73 65 73 00 20 00 11 00 14 00 01 00 15 00 01 00 12 00 0F 00 16 00 01 00 05 00 00 | success or wait | 597651977 |
File read | Path: C:\Program Files\Java\jre6\lib\javaws.jar Offset: unknown Length: 45056 Value: 65 74 41 73 73 6F 63 69 61 74 69 6F 6E 01 00 0B 73 65 74 4D 69 6D 65 54 79 70 65 01 00 07 73 65 74 4E 61 6D 65 01 00 0B 73 65 74 53 68 6F 72 74 63 75 74 01 00 09 73 75 62 73 74 72 69 6E 67 01 00 0B 74 6F 4C 6F 77 65 72 43 61 73 65 01 00 08 74 6F 53 74 72 69 6E 67 01 00 04 74 72 69 6D 01 00 1C 76 61 | success or wait | 597656698 |
File read | Path: C:\Program Files\Java\jre6\lib\javaws.jar Offset: unknown Length: 57344 Value: 65 74 2F 55 52 4C 3B 29 56 0C 00 0C 00 14 0C 00 0D 00 15 0C 00 02 00 01 0C 00 06 00 17 09 00 0F 00 19 09 00 0F 00 1A 0A 00 0E 00 1C 0A 00 11 00 1B 01 00 04 43 6F 64 65 01 00 0A 45 78 63 65 70 74 69 6F 6E 73 01 00 0C 49 6E 6E 65 72 43 6C 61 73 73 65 73 00 20 00 0F 00 11 00 01 00 13 00 02 00 12 00 0D | success or wait | 597678555 |
File opened | Path: C:\Program Files\Java\jre6\lib\jsse.jar Access: read attributes and synchronize and generic read Options: sequential only and synchronous io non alert and non directory file Attributes: normal Content Overwritten: true | success or wait | 597705834 |
File read | Path: C:\Program Files\Java\jre6\lib\jsse.jar Offset: unknown Length: 24576 Value: 67 3B 29 4C 6A 61 76 61 2F 73 65 63 75 72 69 74 79 2F 50 72 69 76 61 74 65 4B 65 79 3B 01 00 39 28 4C 6A 61 76 61 2F 6C 61 6E 67 2F 53 74 72 69 6E 67 3B 29 5B 4C 6A 61 76 61 2F 73 65 63 75 72 69 74 79 2F 63 65 72 74 2F 58 35 30 39 43 65 72 74 69 66 69 63 61 74 65 3B 01 00 40 28 4C 6A 61 76 61 2F 6C | success or wait | 597706677 |
File opened | Path: C:\Program Files\Java\jre6\lib\logging.properties Access: read attributes and synchronize and generic read Options: sequential only and synchronous io non alert and non directory file Attributes: normal Content Overwritten: true | success or wait | 597718929 |
File read | Path: C:\Program Files\Java\jre6\lib\logging.properties Offset: unknown Length: 2245 Value: 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 0A 23 20 20 09 44 65 66 61 75 6C 74 20 4C 6F 67 67 69 6E 67 20 43 6F 6E 66 69 67 75 72 61 74 69 6F 6E 20 46 69 6C 65 0A | success or wait | 597719953 |
File opened | Path: C:\Program Files\Java\jre6\lib\meta-index Access: read attributes and synchronize and generic read Options: sequential only and synchronous io non alert and non directory file Attributes: normal Content Overwritten: true | success or wait | 597723981 |
File read | Path: C:\Program Files\Java\jre6\lib\meta-index Offset: unknown Length: 2338 Value: 25 20 56 45 52 53 49 4F 4E 20 32 0D 0A 25 20 57 41 52 4E 49 4E 47 3A 20 74 68 69 73 20 66 69 6C 65 20 69 73 20 61 75 74 6F 2D 67 65 6E 65 72 61 74 65 64 3B 20 64 6F 20 6E 6F 74 20 65 64 69 74 0D 0A 25 20 55 4E 53 55 50 50 4F 52 54 45 44 3A 20 74 68 69 73 20 66 69 6C 65 20 61 6E 64 20 69 74 73 20 66 | success or wait | 597724707 |
File opened | Path: C:\Program Files\Java\jre6\lib\net.properties Access: read attributes and synchronize and generic read Options: sequential only and synchronous io non alert and non directory file Attributes: normal Content Overwritten: true | success or wait | 597728024 |
File read | Path: C:\Program Files\Java\jre6\lib\net.properties Offset: unknown Length: 3070 Value: 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 0A 23 20 20 09 44 65 66 61 75 6C 74 20 4E 65 74 77 6F 72 6B 69 6E 67 20 43 6F 6E 66 69 67 75 72 61 74 69 6F 6E 20 46 69 | success or wait | 597728739 |
File opened | Path: C:\Program Files\Java\jre6\lib\plugin.jar Access: read attributes and synchronize and generic read Options: sequential only and synchronous io non alert and non directory file Attributes: normal Content Overwritten: true | success or wait | 597732210 |
File read | Path: C:\Program Files\Java\jre6\lib\plugin.jar Offset: unknown Length: 8192 Value: 50 4B 03 04 0A 00 00 00 00 00 41 99 42 3E 00 00 00 00 00 00 00 00 00 00 00 00 09 00 00 00 4D 45 54 41 2D 49 4E 46 2F 50 4B 03 04 0A 00 00 00 00 00 41 99 42 3E 6F 39 92 05 47 00 00 00 47 00 00 00 14 00 00 00 4D 45 54 41 2D 49 4E 46 2F 4D 41 4E 49 46 45 53 54 2E 4D 46 4D 61 6E 69 66 65 73 74 2D 56 65 | success or wait | 597732848 |
File read | Path: C:\Program Files\Java\jre6\lib\plugin.jar Offset: unknown Length: 8192 Value: 13 2B BB 00 6A 59 B7 00 B8 B6 00 A8 2B 04 B6 00 A7 2B B0 00 00 00 00 00 00 50 4B 03 04 0A 00 00 00 00 00 3A 99 42 3E 00 00 00 00 00 00 00 00 00 00 00 00 11 00 00 00 73 75 6E 2F 70 6C 75 67 69 6E 2F 63 61 63 68 65 2F 50 4B 03 04 0A 00 00 00 00 00 3A 99 42 3E E0 10 85 D4 13 08 00 00 13 08 00 00 28 00 | success or wait | 597739242 |
File read | Path: C:\Program Files\Java\jre6\lib\plugin.jar Offset: unknown Length: 36864 Value: 67 2F 53 74 72 69 6E 67 42 75 66 66 65 72 3B 01 00 57 28 4C 73 75 6E 2F 70 6C 75 67 69 6E 2F 65 78 74 65 6E 73 69 6F 6E 2F 45 78 74 65 6E 73 69 6F 6E 49 6E 73 74 61 6C 6C 61 74 69 6F 6E 49 6D 70 6C 3B 4C 6A 61 76 61 2F 6C 61 6E 67 2F 53 74 72 69 6E 67 3B 4C 6A 61 76 61 2F 6C 61 6E 67 2F 53 74 72 69 | success or wait | 597744752 |
File read | Path: C:\Program Files\Java\jre6\lib\plugin.jar Offset: unknown Length: 40960 Value: 6E 2F 6E 65 74 2F 63 6F 6F 6B 69 65 2F 4E 65 74 73 63 61 70 65 34 43 6F 6F 6B 69 65 48 61 6E 64 6C 65 72 2E 63 6C 61 73 73 CA FE BA BE 00 00 00 30 00 71 08 00 0B 08 00 0D 08 00 0E 08 00 12 08 00 13 01 00 03 28 29 56 01 00 03 28 29 5A 01 00 04 28 49 29 49 01 00 06 3C 69 6E 69 74 3E 01 00 04 43 6F 64 | success or wait | 597763014 |
File read | Path: C:\Program Files\Java\jre6\lib\plugin.jar Offset: unknown Length: 8192 Value: 6F 6B 69 65 48 61 6E 64 6C 65 72 3B 01 00 2D 28 29 4C 63 6F 6D 2F 73 75 6E 2F 64 65 70 6C 6F 79 2F 6E 65 74 2F 6F 66 66 6C 69 6E 65 2F 4F 66 66 6C 69 6E 65 48 61 6E 64 6C 65 72 3B 01 00 2F 28 29 4C 63 6F 6D 2F 73 75 6E 2F 64 65 70 6C 6F 79 2F 6E 65 74 2F 70 72 6F 78 79 2F 42 72 6F 77 73 65 72 50 72 | success or wait | 597786389 |
File read | Path: C:\Program Files\Java\jre6\lib\plugin.jar Offset: unknown Length: 28672 Value: C7 1F BE FE 9D EF 77 2D 0D 36 0D 55 8D 9C C6 E2 23 70 44 79 E4 E9 F7 09 DF F7 1E 0D 3A DA 76 8C 7B AC E1 07 D3 1F 76 1D 67 1D 2F 6A 42 9A F2 9A 46 9B 53 9A FB 5B 62 5B BA 4F CC 3E D1 D6 EA DE 7A FC 47 DB 1F 0F 9C 34 3C 59 79 4A F3 54 C9 69 DA E9 82 D3 93 67 F2 CF 8C 9D 95 9D 7D 7E 2E F9 DC 60 DB A2 | success or wait | 597791880 |
File read | Path: C:\Program Files\Java\jre6\lib\plugin.jar Offset: unknown Length: 36864 Value: 63 48 52 4D 00 00 7A 25 00 00 80 83 00 00 F9 FF 00 00 80 E9 00 00 75 30 00 00 EA 60 00 00 3A 98 00 00 17 6F 92 5F C5 46 00 00 14 25 49 44 41 54 78 DA EC 9D 79 94 1D 55 9D C7 3F BD 27 DD 9D 85 34 D9 20 84 6C 64 21 89 89 C0 30 48 06 07 64 58 0C 51 06 C2 22 8A 3A 84 45 E1 88 A3 38 10 D4 D1 91 19 07 38 | success or wait | 598053304 |
File read | Path: C:\Program Files\Java\jre6\lib\plugin.jar Offset: unknown Length: 65536 Value: 00 C2 01 07 09 00 C2 01 08 09 00 C2 01 09 09 00 C2 01 0A 09 00 C2 01 0B 09 00 C2 01 0C 0A 00 A7 01 2F 0A 00 A8 01 26 0A 00 A9 01 43 0A 00 A9 01 44 0A 00 AA 01 32 0A 00 AB 01 10 0A 00 AC 01 1A 0A 00 AC 01 41 0A 00 AE 01 1D 0A 00 AE 01 2D 0A 00 B0 01 10 0A 00 B0 01 46 0A 00 B2 01 10 0A 00 B2 01 15 0A | success or wait | 598072932 |
File read | Path: C:\Program Files\Java\jre6\lib\plugin.jar Offset: unknown Length: 16384 Value: 0C 00 D8 01 75 0C 00 7A 01 76 0C 00 38 01 77 0C 00 D3 01 78 0C 00 DD 01 79 0C 00 96 01 7A 0C 00 9C 01 7A 0C 00 9D 01 7A 0C 00 EF 01 7B 0C 00 EE 01 7C 0C 00 5B 01 7D 0C 00 38 01 7E 0C 00 D5 01 7F 0C 00 53 01 80 0C 00 53 01 81 0C 00 A5 01 82 0C 00 63 01 83 0C 00 DF 01 84 0C 00 DA 01 85 0C 00 ED 01 87 | success or wait | 598165882 |
File read | Path: C:\Program Files\Java\jre6\lib\plugin.jar Offset: unknown Length: 65536 Value: 54 69 74 6C 65 01 00 0E 73 65 74 55 6E 64 65 63 6F 72 61 74 65 64 01 00 0A 73 65 74 56 69 73 69 62 6C 65 01 00 12 73 65 74 75 70 43 6C 6F 73 65 4C 69 73 74 65 6E 65 72 01 00 0B 73 65 74 75 70 57 69 6E 64 6F 77 01 00 09 73 75 62 73 74 72 69 6E 67 01 00 1D 73 75 6E 2F 70 6C 75 67 69 6E 32 2F 61 70 70 | success or wait | 598174109 |
File read | Path: C:\Program Files\Java\jre6\lib\plugin.jar Offset: unknown Length: 65536 Value: 04 BA B6 04 B9 B2 04 07 B8 04 4E 19 0C 15 18 B9 05 06 02 00 36 0D 15 06 9A 00 0E 15 0D 99 00 09 B2 04 0E 99 01 03 1C 99 00 0E 2A 13 02 31 04 B8 04 B7 B6 04 EB 15 15 9A 00 20 2A 13 02 30 19 16 B6 04 EB BB 02 5E 59 19 16 09 09 19 10 B6 04 76 01 01 B7 04 78 3A 17 B2 04 0C 99 00 70 BB 02 78 59 B7 04 B8 | success or wait | 598205427 |
File read | Path: C:\Program Files\Java\jre6\lib\plugin.jar Offset: unknown Length: 49152 Value: 50 6C 75 67 69 6E 32 4D 61 6E 61 67 65 72 24 41 70 70 6C 65 74 45 78 65 63 75 74 69 6F 6E 52 75 6E 6E 61 62 6C 65 24 31 2E 63 6C 61 73 73 CA FE BA BE 00 00 00 30 00 61 08 00 09 08 00 0B 01 00 03 28 29 49 01 00 03 28 29 56 01 00 03 28 29 5A 01 00 05 28 49 49 29 56 01 00 04 28 5A 29 56 01 00 06 3C 69 | success or wait | 598247755 |
Thread delayed | Time: 0 TID: 1700 | success or wait | 598274033 |
File read | Path: C:\Program Files\Java\jre6\lib\plugin.jar Offset: unknown Length: 65536 Value: 72 3B 01 00 64 28 4C 73 75 6E 2F 70 6C 75 67 69 6E 32 2F 61 70 70 6C 65 74 2F 76 69 65 77 65 72 2F 4A 4E 4C 50 32 56 69 65 77 65 72 3B 4C 6A 61 76 61 2F 6C 61 6E 67 2F 54 68 72 65 61 64 47 72 6F 75 70 3B 4C 73 75 6E 2F 70 6C 75 67 69 6E 32 2F 61 70 70 6C 65 74 2F 50 6C 75 67 69 6E 32 4D 61 6E 61 67 | success or wait | 598277529 |
File read | Path: C:\Program Files\Java\jre6\lib\plugin.jar Offset: unknown Length: 65536 Value: 6C 61 6E 67 2F 4F 62 6A 65 63 74 3B 5A 29 56 01 00 14 28 29 4C 6A 61 76 61 2F 6C 61 6E 67 2F 53 74 72 69 6E 67 3B 01 00 15 28 4C 6A 61 76 61 2F 6C 61 6E 67 2F 53 74 72 69 6E 67 3B 29 56 01 00 22 28 4C 6A 61 76 61 2F 6C 61 6E 67 2F 72 65 66 6C 65 63 74 2F 43 6F 6E 73 74 72 75 63 74 6F 72 3B 29 56 01 | success or wait | 598308086 |
File read | Path: C:\Program Files\Java\jre6\lib\plugin.jar Offset: unknown Length: 65536 Value: 69 6F 6E 44 65 6C 65 67 61 74 65 01 00 15 4A 61 76 61 4E 61 6D 65 53 70 61 63 65 44 65 6C 65 67 61 74 65 01 00 11 4C 69 76 65 43 6F 6E 6E 65 63 74 57 6F 72 6B 65 72 01 00 0D 50 65 72 41 70 70 6C 65 74 49 6E 66 6F 00 20 00 E1 00 CC 00 00 00 0F 00 02 00 43 00 29 00 00 00 02 00 93 00 F8 00 00 00 02 00 | success or wait | 598334264 |
File read | Path: C:\Program Files\Java\jre6\lib\plugin.jar Offset: unknown Length: 28672 Value: 69 6E 32 2F 6D 61 69 6E 2F 63 6C 69 65 6E 74 2F 50 6C 75 67 69 6E 4D 61 69 6E 3B 01 00 7A 28 4C 73 75 6E 2F 70 6C 75 67 69 6E 32 2F 6D 61 69 6E 2F 63 6C 69 65 6E 74 2F 50 6C 75 67 69 6E 4D 61 69 6E 24 50 6C 75 67 69 6E 4D 61 69 6E 44 72 61 67 4C 69 73 74 65 6E 65 72 24 31 3B 29 4C 73 75 6E 2F 70 6C | success or wait | 598583623 |
File read | Path: C:\Program Files\Java\jre6\lib\plugin.jar Offset: unknown Length: 65536 Value: 6E 74 72 6F 6C 57 69 6E 64 6F 77 01 00 07 68 61 6E 64 6C 65 72 01 00 06 68 65 69 67 68 74 01 00 17 69 43 72 65 61 74 65 64 4D 61 69 6E 54 68 72 65 61 64 45 76 65 6E 74 01 00 12 69 64 65 6E 74 69 66 69 65 72 54 6F 53 74 72 69 6E 67 01 00 07 69 6E 64 65 78 4F 66 01 00 09 69 6E 69 74 43 61 75 73 65 01 | success or wait | 598600618 |
File read | Path: C:\Program Files\Java\jre6\lib\plugin.jar Offset: unknown Length: 65536 Value: 01 00 05 73 74 61 72 74 01 00 20 73 75 6E 2F 70 6C 75 67 69 6E 32 2F 6D 65 73 73 61 67 65 2F 43 6F 6E 76 65 72 73 61 74 69 6F 6E 01 00 18 73 75 6E 2F 70 6C 75 67 69 6E 32 2F 6D 65 73 73 61 67 65 2F 50 69 70 65 01 00 25 73 75 6E 2F 70 6C 75 67 69 6E 32 2F 6D 65 73 73 61 67 65 2F 50 69 70 65 24 57 6F | success or wait | 598634941 |
File read | Path: C:\Program Files\Java\jre6\lib\plugin.jar Offset: unknown Length: 57344 Value: 0C 00 30 00 5D 0C 00 2E 00 5E 0C 00 2F 00 5E 0C 00 4E 00 5E 0C 00 4F 00 5E 0C 00 31 00 5F 0C 00 48 00 60 0C 00 1E 00 61 0C 00 3E 00 61 0C 00 44 00 61 0C 00 29 00 62 0C 00 47 00 62 0C 00 1E 00 64 0C 00 2D 00 65 0C 00 32 00 65 0C 00 33 00 65 0C 00 46 00 66 0C 00 27 00 67 0C 00 50 00 68 0C 00 2C 00 69 | success or wait | 598664504 |
File opened | Path: C:\Program Files\Java\jre6\lib\resources.jar Access: read attributes and synchronize and generic read Options: sequential only and synchronous io non alert and non directory file Attributes: normal Content Overwritten: true | success or wait | 598695159 |
File read | Path: C:\Program Files\Java\jre6\lib\resources.jar Offset: unknown Length: 16384 Value: 6D 65 64 20 6F 67 69 6C 74 69 67 20 73 74 61 74 75 73 20 28 6D E5 73 74 65 20 76 61 72 61 20 77 61 69 74 29 0A 72 6D 69 64 2E 65 78 65 63 2E 70 6F 6C 69 63 79 2E 65 78 63 65 70 74 69 6F 6E 3D 72 6D 69 64 5C 3A 20 66 F6 72 73 F6 6B 20 61 74 74 20 68 E4 6D 74 61 20 74 68 72 6F 77 73 20 66 F6 72 20 65 | success or wait | 598695793 |
File read | Path: C:\Program Files\Java\jre6\lib\resources.jar Offset: unknown Length: 65536 Value: 08 08 08 08 08 08 FF FF FF 0C 08 09 09 09 09 09 09 09 09 09 09 08 08 08 08 08 08 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 | success or wait | 598705036 |
File read | Path: C:\Program Files\Java\jre6\lib\resources.jar Offset: unknown Length: 36864 Value: 61 DD ED 00 01 90 94 00 01 90 F1 00 01 91 11 00 02 D8 61 DF 2E 00 01 91 1B 00 01 92 38 00 01 92 D7 00 01 92 D8 00 01 92 7C 00 01 93 F9 00 01 94 15 00 02 D8 62 DF FA 00 01 95 8B 00 01 49 95 00 01 95 B7 00 02 D8 63 DD 77 00 01 49 E6 00 01 96 C3 00 01 5D B2 00 01 97 23 00 02 D8 64 DD 45 00 02 D8 64 DE | success or wait | 598738623 |
File read | Path: C:\Program Files\Java\jre6\lib\resources.jar Offset: unknown Length: 28672 Value: 03 CC 03 CF 03 D5 03 D2 03 CC 03 CF 03 D5 03 D2 03 CC 03 CF 03 D5 03 D2 03 CC 03 CF 03 D5 03 D2 03 CC 03 CF 03 D5 03 D2 03 CC 03 CF 03 D5 03 D2 03 CC 03 CF 03 D5 03 D2 03 CC 03 CF 03 D5 03 D2 03 CC 03 D2 03 CC 03 D2 03 CC 03 D2 03 CC 03 D2 03 CC 03 D2 03 CC 03 D2 03 CC 03 CF 03 D5 03 D2 03 CC 03 CF | success or wait | 598756173 |
File opened | Path: C:\Program Files\Java\jre6\lib\rt.jar Access: read attributes and synchronize and generic read Options: sequential only and synchronous io non alert and non directory file Attributes: normal Content Overwritten: true | success or wait | 598768764 |
File read | Path: C:\Program Files\Java\jre6\lib\rt.jar Offset: unknown Length: 20480 Value: 69 2F 74 72 61 6E 73 70 6F 72 74 2F 54 72 61 6E 73 70 6F 72 74 44 65 66 61 75 6C 74 24 32 01 00 31 63 6F 6D 2F 73 75 6E 2F 63 6F 72 62 61 2F 73 65 2F 73 70 69 2F 74 72 61 6E 73 70 6F 72 74 2F 54 72 61 6E 73 70 6F 72 74 44 65 66 61 75 6C 74 24 33 01 00 10 6A 61 76 61 2F 6C 61 6E 67 2F 4F 62 6A 65 63 | success or wait | 598769792 |
File read | Path: C:\Program Files\Java\jre6\lib\rt.jar Offset: unknown Length: 32768 Value: 69 6F 6E 20 6D 65 74 68 6F 64 20 28 6E 6F 74 20 30 29 21 01 00 1E 55 6E 6B 6E 6F 77 6E 20 66 69 6C 74 65 72 20 6D 65 74 68 6F 64 20 28 6E 6F 74 20 30 29 21 01 00 26 55 6E 6B 6E 6F 77 6E 20 69 6E 74 65 72 6C 61 63 65 20 6D 65 74 68 6F 64 20 28 6E 6F 74 20 30 20 6F 72 20 31 29 21 01 00 1B 55 6E 6B 6E | success or wait | 598783048 |
File read | Path: C:\Program Files\Java\jre6\lib\rt.jar Offset: unknown Length: 24576 Value: 00 18 00 26 0A 00 18 00 2B 0A 00 19 00 25 0A 00 1A 00 27 0A 00 1A 00 29 0A 00 1B 00 25 0A 00 1B 00 28 0A 00 1B 00 2A 01 00 04 49 6D 70 6C 04 21 00 18 00 19 00 01 00 17 00 01 00 42 00 14 00 1D 00 01 00 09 00 00 00 02 00 1E 00 05 00 01 00 05 00 02 00 01 00 06 00 00 00 11 00 01 00 01 00 00 00 05 2A B7 | success or wait | 598801545 |
File read | Path: C:\Program Files\Java\jre6\lib\rt.jar Offset: unknown Length: 12288 Value: 3E 9D 27 58 76 3A 1A 00 00 3A 1A 00 00 36 00 00 00 63 6F 6D 2F 73 75 6E 2F 6A 61 76 61 2F 73 77 69 6E 67 2F 70 6C 61 66 2F 6D 6F 74 69 66 2F 4D 6F 74 69 66 47 72 61 70 68 69 63 73 55 74 69 6C 73 2E 63 6C 61 73 73 CA FE BA BE 00 00 00 31 01 44 08 00 06 08 00 0F 08 00 16 08 00 45 08 00 68 01 00 00 01 | success or wait | 598815117 |
File read | Path: C:\Program Files\Java\jre6\lib\rt.jar Offset: unknown Length: 8192 Value: 79 42 69 6E 64 69 6E 67 52 65 67 69 73 74 65 72 65 64 01 00 0A 69 73 53 65 6C 65 63 74 65 64 01 00 0E 6A 61 76 61 2F 61 77 74 2F 43 6F 6C 6F 72 01 00 10 6A 61 76 61 2F 61 77 74 2F 54 6F 6F 6C 6B 69 74 01 00 15 6A 61 76 61 78 2F 73 77 69 6E 67 2F 41 63 74 69 6F 6E 4D 61 70 01 00 1A 6A 61 76 61 78 2F | success or wait | 598823462 |
File read | Path: C:\Program Files\Java\jre6\lib\rt.jar Offset: unknown Length: 4096 Value: 02 08 02 03 08 02 04 08 02 05 08 02 07 08 02 08 08 02 09 08 02 0A 08 02 0B 08 02 0C 08 02 0D 08 02 0E 08 02 0F 08 02 10 08 02 11 08 02 12 08 02 13 08 02 14 08 02 16 08 02 17 08 02 18 08 02 19 08 02 1A 08 02 1B 08 02 1C 08 02 1D 08 02 1E 08 02 1F 08 02 21 08 02 22 08 02 23 08 02 24 08 02 25 08 02 26 | success or wait | 599071143 |
File read | Path: C:\Program Files\Java\jre6\lib\rt.jar Offset: unknown Length: 28672 Value: 04 12 21 53 53 59 10 07 05 BD 00 51 59 03 12 0A 53 59 04 12 16 53 53 59 10 08 05 BD 00 51 59 03 12 0B 53 59 04 12 02 53 53 59 10 09 05 BD 00 51 59 03 12 0C 53 59 04 12 23 53 53 59 10 0A 05 BD 00 51 59 03 12 0D 53 59 04 12 18 53 53 59 10 0B 05 BD 00 51 59 03 12 0E 53 59 04 12 1B 53 53 59 10 0C 05 BD | success or wait | 599073400 |
File read | Path: C:\Program Files\Java\jre6\lib\rt.jar Offset: unknown Length: 28672 Value: 64 45 64 69 74 61 62 6C 65 01 00 22 70 61 69 6E 74 42 61 63 6B 67 72 6F 75 6E 64 4D 6F 75 73 65 4F 76 65 72 41 6E 64 46 6F 63 75 73 65 64 01 00 16 70 61 69 6E 74 42 61 63 6B 67 72 6F 75 6E 64 50 72 65 73 73 65 64 01 00 21 70 61 69 6E 74 42 61 63 6B 67 72 6F 75 6E 64 50 72 65 73 73 65 64 41 6E 64 45 | success or wait | 599088519 |
File read | Path: C:\Program Files\Java\jre6\lib\rt.jar Offset: unknown Length: 65536 Value: 65 72 2F 49 6E 61 63 63 65 73 73 69 62 6C 65 57 53 44 4C 45 78 63 65 70 74 69 6F 6E 01 00 45 63 6F 6D 2F 73 75 6E 2F 78 6D 6C 2F 69 6E 74 65 72 6E 61 6C 2F 77 73 2F 77 73 64 6C 2F 70 61 72 73 65 72 2F 49 6E 61 63 63 65 73 73 69 62 6C 65 57 53 44 4C 45 78 63 65 70 74 69 6F 6E 24 42 75 69 6C 64 65 72 | success or wait | 599102525 |
File read | Path: C:\Program Files\Java\jre6\lib\rt.jar Offset: unknown Length: 65536 Value: 06 BE 36 07 03 36 08 15 08 15 07 A2 00 46 19 06 15 08 32 3A 09 19 09 B9 00 F8 01 00 B6 00 D6 2D B9 00 ED 01 00 B6 00 D6 B6 00 D8 99 00 20 19 09 B9 00 F9 01 00 12 01 B6 00 D8 99 00 04 B1 2A 2B 19 09 B9 00 F9 01 00 B7 00 D4 B1 84 08 01 A7 FF B9 B1 00 00 00 00 00 02 00 1F 00 8E 00 01 00 15 00 00 00 1A | success or wait | 599138404 |
File read | Path: C:\Program Files\Java\jre6\lib\rt.jar Offset: unknown Length: 65536 Value: 11 4C 6A 61 76 61 2F 61 77 74 2F 42 75 74 74 6F 6E 3B 01 00 24 4C 6A 61 76 61 78 2F 61 63 63 65 73 73 69 62 69 6C 69 74 79 2F 41 63 63 65 73 73 69 62 6C 65 52 6F 6C 65 3B 01 00 16 28 4C 6A 61 76 61 2F 61 77 74 2F 41 57 54 45 76 65 6E 74 3B 29 56 01 00 14 28 4C 6A 61 76 61 2F 61 77 74 2F 42 75 74 74 | success or wait | 599168796 |
File read | Path: C:\Program Files\Java\jre6\lib\rt.jar Offset: unknown Length: 65536 Value: 2A 2B 2C 2D 19 04 B7 00 55 2A 15 05 B5 00 4C B1 00 00 00 00 00 01 00 18 00 35 00 01 00 0A 00 00 00 22 00 04 00 01 00 00 00 16 BB 00 2F 59 2A B4 00 4F B4 00 51 2A B4 00 4F B4 00 52 B7 00 59 B0 00 00 00 00 00 01 00 16 00 34 00 01 00 0A 00 00 00 11 00 01 00 01 00 00 00 05 2A B4 00 4D B0 00 00 00 00 00 | success or wait | 599203621 |
File read | Path: C:\Program Files\Java\jre6\lib\rt.jar Offset: unknown Length: 28672 Value: 00 11 00 01 00 00 00 00 00 05 03 B3 01 3E B1 00 00 00 00 00 01 00 1F 00 00 00 0A 00 01 00 AF 00 AE 01 9A 00 04 50 4B 03 04 0A 00 00 00 00 00 81 90 42 3E DE 7E C5 C8 7C 02 00 00 7C 02 00 00 25 00 00 00 6A 61 76 61 2F 61 77 74 2F 4D 65 6E 75 24 41 63 63 65 73 73 69 62 6C 65 41 57 54 4D 65 6E 75 2E 63 | success or wait | 599233380 |
File read | Path: C:\Program Files\Java\jre6\lib\rt.jar Offset: unknown Length: 65536 Value: 61 76 61 2F 61 77 74 2F 50 6F 6C 79 67 6F 6E 24 50 6F 6C 79 67 6F 6E 50 61 74 68 49 74 65 72 61 74 6F 72 01 00 1D 6A 61 76 61 2F 61 77 74 2F 67 65 6F 6D 2F 41 66 66 69 6E 65 54 72 61 6E 73 66 6F 72 6D 01 00 1A 6A 61 76 61 2F 61 77 74 2F 67 65 6F 6D 2F 50 61 74 68 49 74 65 72 61 74 6F 72 01 00 10 6A | success or wait | 599249490 |
File read | Path: C:\Program Files\Java\jre6\lib\rt.jar Offset: unknown Length: 65536 Value: 0C 00 22 00 C0 0C 00 6A 00 C0 0C 00 3D 00 C1 0C 00 6D 00 C2 09 00 8A 00 C3 09 00 90 00 CD 09 00 91 00 C4 09 00 91 00 C5 09 00 91 00 C6 09 00 91 00 C7 09 00 91 00 C8 09 00 91 00 C9 09 00 91 00 CA 09 00 91 00 CB 09 00 91 00 CC 09 00 91 00 CE 09 00 91 00 CF 09 00 91 00 D0 09 00 91 00 D1 0A 00 8B 00 FE | success or wait | 599280770 |
File read | Path: C:\Program Files\Java\jre6\lib\rt.jar Offset: unknown Length: 65536 Value: 2F 61 77 74 2F 64 6E 64 2F 44 72 61 67 47 65 73 74 75 72 65 45 76 65 6E 74 2E 63 6C 61 73 73 CA FE BA BE 00 00 00 31 00 A8 03 40 00 00 00 08 00 1A 08 00 1B 08 00 1C 08 00 1E 08 00 1F 08 00 3A 08 00 3B 08 00 3C 08 00 3D 08 00 3E 01 00 03 28 29 49 01 00 03 28 29 56 01 00 03 28 29 5A 01 00 15 28 4C 6A | success or wait | 599303006 |
Thread delayed | Time: 0 TID: 1700 | success or wait | 599577646 |
File read | Path: C:\Program Files\Java\jre6\lib\rt.jar Offset: unknown Length: 65536 Value: B4 00 60 B6 00 6B B8 00 6F 90 AE 00 00 00 00 00 01 00 19 00 02 00 01 00 0A 00 00 00 19 00 04 00 01 00 00 00 0D 0E 2A B4 00 60 B6 00 6A B8 00 6F 90 AE 00 00 00 00 00 01 00 13 00 41 00 01 00 0A 00 00 00 5C 00 03 00 05 00 00 00 40 2B 24 8B 25 8B B6 00 63 2A B4 00 5E 04 A0 00 0E 2B 2A B4 00 5F B6 00 64 | success or wait | 599579024 |
File read | Path: C:\Program Files\Java\jre6\lib\rt.jar Offset: unknown Length: 65536 Value: 00 01 00 33 00 08 00 01 00 0E 00 00 00 3B 00 03 00 0E 00 00 00 2F 2A 15 0D B6 00 68 2A 27 90 B5 00 64 2A 29 90 B5 00 65 2A 18 05 90 B5 00 63 2A 18 07 90 B5 00 61 2A 18 09 90 B5 00 62 2A 18 0B 90 B5 00 60 B1 00 00 00 00 00 01 00 32 00 07 00 01 00 0E 00 00 00 13 00 03 00 03 00 00 00 07 2A 27 90 B5 00 | success or wait | 599608259 |
File read | Path: C:\Program Files\Java\jre6\lib\rt.jar Offset: unknown Length: 20480 Value: 6F 72 20 6F 75 74 20 6F 66 20 62 6F 75 6E 64 73 01 00 09 74 72 61 6E 73 66 6F 72 6D 01 00 01 77 01 00 01 78 01 00 01 79 07 00 19 07 00 1A 07 00 1B 07 00 1C 07 00 1D 07 00 1E 01 00 1F 4C 6A 61 76 61 2F 61 77 74 2F 67 65 6F 6D 2F 41 66 66 69 6E 65 54 72 61 6E 73 66 6F 72 6D 3B 01 00 3D 28 4C 6A 61 76 | success or wait | 599642434 |
File read | Path: C:\Program Files\Java\jre6\lib\rt.jar Offset: unknown Length: 8192 Value: 2F 6C 61 6E 67 2F 4F 62 6A 65 63 74 3B 29 56 01 00 31 28 4C 6A 61 76 61 2F 69 6F 2F 49 6E 70 75 74 53 74 72 65 61 6D 3B 4C 6F 72 67 2F 78 6D 6C 2F 73 61 78 2F 48 61 6E 64 6C 65 72 42 61 73 65 3B 29 56 01 00 48 28 4C 6A 61 76 61 2F 69 6F 2F 49 6E 70 75 74 53 74 72 65 61 6D 3B 4C 6A 61 76 61 2F 6C 61 | success or wait | 599652021 |
File read | Path: C:\Program Files\Java\jre6\lib\rt.jar Offset: unknown Length: 8192 Value: 62 65 61 6E 73 2F 62 65 61 6E 63 6F 6E 74 65 78 74 2F 42 65 61 6E 43 6F 6E 74 65 78 74 53 65 72 76 69 63 65 73 01 00 31 6A 61 76 61 2F 62 65 61 6E 73 2F 62 65 61 6E 63 6F 6E 74 65 78 74 2F 42 65 61 6E 43 6F 6E 74 65 78 74 53 65 72 76 69 63 65 73 53 75 70 70 6F 72 74 01 00 3B 6A 61 76 61 2F 62 65 61 | success or wait | 599658339 |
File read | Path: C:\Program Files\Java\jre6\lib\rt.jar Offset: unknown Length: 8192 Value: 04 73 69 7A 65 01 00 0F 77 72 69 74 65 45 78 70 72 65 73 73 69 6F 6E 07 00 14 07 00 15 07 00 16 07 00 17 07 00 18 07 00 19 07 00 1A 07 00 1B 07 00 1C 07 00 1D 01 00 20 28 29 4C 6A 61 76 61 2F 62 65 61 6E 73 2F 45 78 63 65 70 74 69 6F 6E 4C 69 73 74 65 6E 65 72 3B 01 00 1A 28 4C 6A 61 76 61 2F 62 65 | success or wait | 599664574 |
File read | Path: C:\Program Files\Java\jre6\lib\rt.jar Offset: unknown Length: 32768 Value: 01 00 1B 6A 61 76 61 2F 69 6F 2F 53 79 6E 63 46 61 69 6C 65 64 45 78 63 65 70 74 69 6F 6E 07 00 04 07 00 05 0C 00 02 00 01 0A 00 06 00 08 00 21 00 07 00 06 00 00 00 00 00 01 00 01 00 02 00 01 00 01 00 03 00 00 00 12 00 02 00 02 00 00 00 06 2A 2B B7 00 09 B1 00 00 00 00 00 00 50 4B 03 04 0A 00 00 00 | success or wait | 599668551 |
File read | Path: C:\Program Files\Java\jre6\lib\rt.jar Offset: unknown Length: 16384 Value: 4E 49 4E 47 5F 43 4C 41 53 53 5F 41 42 4F 56 45 01 00 04 43 6F 64 65 01 00 0D 43 6F 6E 73 74 61 6E 74 56 61 6C 75 65 01 00 05 45 6E 74 72 79 01 00 0B 46 49 4E 41 4C 5F 43 41 53 45 44 01 00 01 49 01 00 0C 49 6E 6E 65 72 43 6C 61 73 73 65 73 01 00 0A 4D 4F 52 45 5F 41 42 4F 56 45 01 00 0E 4E 4F 54 5F | success or wait | 599683764 |
File read | Path: C:\Program Files\Java\jre6\lib\rt.jar Offset: unknown Length: 32768 Value: 0C 00 1B 00 01 0C 00 1D 00 01 0C 00 07 00 02 0C 00 07 00 04 0C 00 07 00 05 0C 00 07 00 06 0C 00 18 00 23 0C 00 0F 00 24 09 00 21 00 29 09 00 21 00 2A 09 00 21 00 2B 0A 00 1F 00 35 0A 00 20 00 32 0A 00 20 00 33 0A 00 20 00 34 0A 00 21 00 2C 0A 00 21 00 2D 0A 00 21 00 2E 0A 00 21 00 2F 0A 00 21 00 30 | success or wait | 599691791 |
File read | Path: C:\Program Files\Java\jre6\lib\rt.jar Offset: unknown Length: 65536 Value: BD 00 2A B5 00 3F 2C 03 2A B4 00 3F 03 2C BE B8 00 45 B1 00 00 00 00 00 01 00 13 00 02 00 01 00 06 00 00 00 11 00 01 00 01 00 00 00 05 2A B4 00 3E B0 00 00 00 00 00 01 00 12 00 31 00 01 00 06 00 00 00 1A 00 01 00 01 00 00 00 0E 2A B4 00 3F B6 00 40 C0 00 24 C0 00 24 B0 00 00 00 00 00 01 00 11 00 04 | success or wait | 599709762 |
File read | Path: C:\Program Files\Java\jre6\lib\rt.jar Offset: unknown Length: 12288 Value: 00 02 00 01 00 00 00 19 2A B4 00 2A C6 00 10 2A B4 00 2A 2A B4 00 29 B9 00 2D 02 00 2A B4 00 29 B0 00 00 00 00 00 05 00 00 00 04 00 01 00 1C 00 02 00 15 00 20 00 02 00 03 00 00 00 25 00 02 00 02 00 00 00 19 2A B4 00 2A C6 00 10 2A B4 00 2A 2A B4 00 29 B9 00 2D 02 00 2B B6 00 2B B1 00 00 00 00 00 05 | success or wait | 599741110 |
File read | Path: C:\Program Files\Java\jre6\lib\rt.jar Offset: unknown Length: 28672 Value: 75 72 69 74 79 2F 4B 65 79 53 74 6F 72 65 24 50 72 6F 74 65 63 74 69 6F 6E 50 61 72 61 6D 65 74 65 72 3B 01 00 2E 28 29 4C 6A 61 76 61 2F 73 65 63 75 72 69 74 79 2F 4B 65 79 53 74 6F 72 65 24 50 72 6F 74 65 63 74 69 6F 6E 50 61 72 61 6D 65 74 65 72 3B 01 00 2F 28 4C 6A 61 76 61 2F 73 65 63 75 72 69 | success or wait | 599746849 |
File read | Path: C:\Program Files\Java\jre6\lib\rt.jar Offset: unknown Length: 65536 Value: 01 00 00 00 05 2A B4 01 06 B0 00 00 00 00 00 01 00 8C 00 1F 00 01 00 2D 00 00 01 07 00 03 00 03 00 00 00 FB BB 00 98 59 B7 01 14 4C 2B 12 11 B6 01 16 57 2A B4 01 08 C6 00 40 2B 12 04 B6 01 16 57 2A B4 01 08 B6 01 2E 4D 2C B9 01 3D 01 00 99 00 28 2B BB 00 99 59 B7 01 17 12 02 B6 01 1A 2C B9 01 3E 01 | success or wait | 599760889 |
File read | Path: C:\Program Files\Java\jre6\lib\rt.jar Offset: unknown Length: 24576 Value: 40 00 01 00 44 00 05 00 19 00 0F 00 0D 00 01 00 0B 00 00 00 02 00 3B 00 19 00 11 00 0D 00 01 00 0B 00 00 00 02 00 3C 00 19 00 10 00 0D 00 01 00 0B 00 00 00 02 00 3D 00 19 00 12 00 0D 00 01 00 0B 00 00 00 02 00 3E 00 19 00 13 00 0D 00 01 00 0B 00 00 00 02 00 3F 00 2F 04 01 00 1C 00 4D 00 01 00 0C 00 | success or wait | 599793438 |
File read | Path: C:\Program Files\Java\jre6\lib\rt.jar Offset: unknown Length: 8192 Value: 2F 53 74 72 69 6E 67 01 00 25 6A 61 76 61 2F 74 65 78 74 2F 41 74 74 72 69 62 75 74 65 64 43 68 61 72 61 63 74 65 72 49 74 65 72 61 74 6F 72 01 00 2F 6A 61 76 61 2F 74 65 78 74 2F 41 74 74 72 69 62 75 74 65 64 43 68 61 72 61 63 74 65 72 49 74 65 72 61 74 6F 72 24 41 74 74 72 69 62 75 74 65 01 00 1A | success or wait | 599804732 |
File read | Path: C:\Program Files\Java\jre6\lib\rt.jar Offset: unknown Length: 40960 Value: 66 6F 72 6D 61 74 20 61 72 72 61 79 73 20 6F 66 20 64 69 66 66 65 72 65 6E 74 20 6C 65 6E 67 74 68 2E 01 00 10 6C 6F 6E 67 42 69 74 73 54 6F 44 6F 75 62 6C 65 01 00 0A 6E 65 78 74 44 6F 75 62 6C 65 01 00 05 70 61 72 73 65 01 00 0E 70 72 65 76 69 6F 75 73 44 6F 75 62 6C 65 01 00 0A 72 65 61 64 4F 62 | success or wait | 600054912 |
File read | Path: C:\Program Files\Java\jre6\lib\rt.jar Offset: unknown Length: 20480 Value: 54 79 70 65 01 00 07 68 61 73 4E 65 78 74 01 00 08 68 61 73 68 43 6F 64 65 01 00 07 69 73 45 6D 70 74 79 01 00 0A 69 73 49 6E 73 74 61 6E 63 65 01 00 08 69 74 65 72 61 74 6F 72 01 00 0F 6A 61 76 61 2F 6C 61 6E 67 2F 43 6C 61 73 73 01 00 10 6A 61 76 61 2F 6C 61 6E 67 2F 4F 62 6A 65 63 74 01 00 10 6A | success or wait | 600080010 |
File read | Path: C:\Program Files\Java\jre6\lib\rt.jar Offset: unknown Length: 12288 Value: 7A 61 62 6C 65 3B 4C 6A 61 76 61 2F 6C 61 6E 67 2F 43 6C 6F 6E 65 61 62 6C 65 3B 01 00 1E 28 4C 6A 61 76 61 2F 69 6F 2F 4F 62 6A 65 63 74 49 6E 70 75 74 53 74 72 65 61 6D 3B 29 56 01 00 1F 28 4C 6A 61 76 61 2F 69 6F 2F 4F 62 6A 65 63 74 4F 75 74 70 75 74 53 74 72 65 61 6D 3B 29 56 01 00 13 28 29 4C | success or wait | 600097788 |
File read | Path: C:\Program Files\Java\jre6\lib\rt.jar Offset: unknown Length: 40960 Value: 0C 00 A3 01 50 0C 00 64 01 51 0C 00 65 01 51 0C 00 66 01 51 0C 00 E4 01 51 0C 00 E9 01 51 0C 00 EC 01 51 0C 00 E3 01 52 0C 00 80 01 53 0C 00 98 01 53 0C 00 AD 01 53 0C 00 82 01 54 0C 00 8C 01 54 0C 00 A5 01 54 0C 00 AE 01 54 0C 00 D9 01 55 0C 00 7D 01 56 0C 00 87 01 57 0C 00 89 01 58 0C 00 90 01 59 | success or wait | 600106069 |
File read | Path: C:\Program Files\Java\jre6\lib\rt.jar Offset: unknown Length: 65536 Value: 3B 01 00 1A 4C 6A 61 76 61 2F 75 74 69 6C 2F 54 72 65 65 4D 61 70 24 4B 65 79 53 65 74 3B 01 00 1F 4C 6A 61 76 61 2F 75 74 69 6C 2F 54 72 65 65 4D 61 70 24 4B 65 79 53 65 74 3C 54 4B 3B 3E 3B 01 00 38 4C 6A 61 76 61 2F 75 74 69 6C 2F 54 72 65 65 4D 61 70 24 4E 61 76 69 67 61 62 6C 65 53 75 62 4D 61 | success or wait | 600124798 |
File read | Path: C:\Program Files\Java\jre6\lib\rt.jar Offset: unknown Length: 12288 Value: 28 28 5B 4C 6A 61 76 61 2F 6C 61 6E 67 2F 4F 62 6A 65 63 74 3B 29 5B 4C 6A 61 76 61 2F 6C 61 6E 67 2F 4F 62 6A 65 63 74 3B 01 00 2C 28 4C 6A 61 76 61 2F 6C 61 6E 67 2F 54 68 72 6F 77 61 62 6C 65 3B 29 4C 6A 61 76 61 2F 6C 61 6E 67 2F 54 68 72 6F 77 61 62 6C 65 3B 01 00 2D 28 4C 6A 61 76 61 2F 6C 61 | success or wait | 600156090 |
File read | Path: C:\Program Files\Java\jre6\lib\rt.jar Offset: unknown Length: 65536 Value: 03 00 06 00 00 00 99 2A B4 01 27 99 00 16 1C 05 7E 9A 00 0A 1C 05 80 3D A7 00 09 1C 05 02 82 7E 3D 2A 2B B7 01 4D 99 00 1D 1C 05 7E 9A 00 15 2A B7 01 55 4E 2A 2D B7 01 56 99 00 08 2D B4 01 24 B0 01 B0 2A 2B B7 01 4C 99 00 26 1C 05 7E 99 00 1E 2A B7 01 54 4E 2D C6 00 15 2D B4 01 24 3A 04 2A 19 04 B7 | success or wait | 600166233 |
File read | Path: C:\Program Files\Java\jre6\lib\rt.jar Offset: unknown Length: 4096 Value: 00 9D 2A 10 20 BD 00 51 B5 00 96 2A BB 00 54 59 B7 00 B6 B5 00 97 B1 00 00 00 00 00 01 00 26 00 62 00 03 00 11 00 00 00 42 00 05 00 03 00 00 00 36 B8 00 A2 9A 00 2B 2A 2B C7 00 09 B2 00 95 A7 00 04 2B 03 09 B7 00 A7 4D 2C B2 00 95 A6 00 05 01 B0 2C B2 00 94 A5 00 05 2C B0 B8 00 A2 57 BB 00 48 59 B7 | success or wait | 600197575 |
File read | Path: C:\Program Files\Java\jre6\lib\rt.jar Offset: unknown Length: 40960 Value: 6C 2F 63 6F 6E 63 75 72 72 65 6E 74 2F 45 78 65 63 75 74 6F 72 73 24 52 75 6E 6E 61 62 6C 65 41 64 61 70 74 65 72 01 00 28 6A 61 76 61 2F 75 74 69 6C 2F 63 6F 6E 63 75 72 72 65 6E 74 2F 4C 69 6E 6B 65 64 42 6C 6F 63 6B 69 6E 67 51 75 65 75 65 01 00 30 6A 61 76 61 2F 75 74 69 6C 2F 63 6F 6E 63 75 72 | success or wait | 600200020 |
File read | Path: C:\Program Files\Java\jre6\lib\rt.jar Offset: unknown Length: 65536 Value: 01 00 06 28 54 54 3B 29 56 01 00 07 28 54 54 3B 49 29 56 01 00 08 28 54 54 3B 49 49 29 5A 01 00 08 3C 63 6C 69 6E 69 74 3E 01 00 06 3C 69 6E 69 74 3E 01 00 06 43 6C 61 73 73 20 01 00 04 43 6F 64 65 01 00 0C 49 6E 6E 65 72 43 6C 61 73 73 65 73 01 00 01 4A 01 00 11 4C 6A 61 76 61 2F 6C 61 6E 67 2F 43 | success or wait | 600223505 |
File read | Path: C:\Program Files\Java\jre6\lib\rt.jar Offset: unknown Length: 4096 Value: 66 6C 75 73 68 01 00 13 6A 61 76 61 2F 69 6F 2F 49 4F 45 78 63 65 70 74 69 6F 6E 01 00 14 6A 61 76 61 2F 69 6F 2F 4F 75 74 70 75 74 53 74 72 65 61 6D 01 00 1D 6A 61 76 61 2F 75 74 69 6C 2F 6C 6F 67 67 69 6E 67 2F 46 69 6C 65 48 61 6E 64 6C 65 72 01 00 2B 6A 61 76 61 2F 75 74 69 6C 2F 6C 6F 67 67 69 | success or wait | 600255016 |
File read | Path: C:\Program Files\Java\jre6\lib\rt.jar Offset: unknown Length: 4096 Value: 61 76 61 2F 75 74 69 6C 2F 44 61 74 65 01 00 18 6A 61 76 61 2F 75 74 69 6C 2F 52 65 73 6F 75 72 63 65 42 75 6E 64 6C 65 01 00 1B 6A 61 76 61 2F 75 74 69 6C 2F 6C 6F 67 67 69 6E 67 2F 46 6F 72 6D 61 74 74 65 72 01 00 19 6A 61 76 61 2F 75 74 69 6C 2F 6C 6F 67 67 69 6E 67 2F 48 61 6E 64 6C 65 72 01 00 | success or wait | 600257069 |
File read | Path: C:\Program Files\Java\jre6\lib\rt.jar Offset: unknown Length: 20480 Value: 00 D6 00 01 00 33 00 00 00 A4 00 03 00 05 00 00 00 98 BB 00 B3 59 B7 01 2D 4D 2B C6 00 0B 2B B2 01 11 B6 01 26 4C 03 3E 1D 2A B4 01 13 BE A2 00 2D 2A B4 01 13 1D 32 C7 00 06 A7 00 1B 2A B4 01 13 1D 32 2B B6 01 1E 3A 04 19 04 C6 00 0A 2A 19 04 2C B7 01 37 84 03 01 A7 FF D0 03 3E 1D 2A B4 01 13 BE A2 | success or wait | 600259125 |
File read | Path: C:\Program Files\Java\jre6\lib\rt.jar Offset: unknown Length: 4096 Value: 00 62 00 01 00 1A 00 00 00 20 00 01 00 01 00 00 00 14 2A B4 00 89 C7 00 05 01 B0 2A B4 00 89 B6 00 90 C0 00 56 B0 00 00 00 00 00 01 00 40 00 15 00 01 00 1A 00 00 00 8E 00 03 00 05 00 00 00 82 1B 9D 00 0D BB 00 57 59 12 0C B7 00 91 BF 1C 9D 00 0D BB 00 57 59 12 0D B7 00 91 BF 1D 9B 00 08 1D 1B A1 00 | success or wait | 600269849 |
File read | Path: C:\Program Files\Java\jre6\lib\rt.jar Offset: unknown Length: 65536 Value: 6E 67 2F 53 74 72 69 6E 67 3B 5B 4C 6A 61 76 61 2F 6C 61 6E 67 2F 53 74 72 69 6E 67 3B 4C 6A 61 76 61 2F 6C 61 6E 67 2F 53 74 72 69 6E 67 3B 5A 4C 6A 61 76 61 2F 6C 61 6E 67 2F 53 74 72 69 6E 67 3B 4C 6A 61 76 61 2F 6C 61 6E 67 2F 53 74 72 69 6E 67 3B 5B 4C 6A 61 76 61 2F 6C 61 6E 67 2F 53 74 72 69 | success or wait | 600272971 |
File read | Path: C:\Program Files\Java\jre6\lib\rt.jar Offset: unknown Length: 65536 Value: 07 69 73 43 6C 61 73 73 01 00 07 69 73 46 69 65 6C 64 01 00 0B 69 73 49 6E 74 65 72 66 61 63 65 01 00 0E 6A 61 76 61 2F 6C 61 6E 67 2F 45 6E 75 6D 01 00 24 6A 61 76 61 78 2F 6C 61 6E 67 2F 6D 6F 64 65 6C 2F 65 6C 65 6D 65 6E 74 2F 45 6C 65 6D 65 6E 74 4B 69 6E 64 01 00 07 76 61 6C 75 65 4F 66 01 00 | success or wait | 600320470 |
File read | Path: C:\Program Files\Java\jre6\lib\rt.jar Offset: unknown Length: 49152 Value: 08 18 0C 98 9D 00 07 04 A7 00 04 03 AC 2C C0 00 3A B6 00 5B 3A 05 2D C0 00 3A B6 00 5B 3A 06 19 04 C0 00 3A B6 00 5B 3A 07 19 06 19 05 B6 00 52 9D 00 11 19 05 19 07 B6 00 52 9D 00 07 04 A7 00 04 03 AC 00 00 00 00 00 12 00 00 00 0A 00 04 00 34 00 33 00 32 00 36 00 01 00 2D 00 08 00 01 00 10 00 00 00 | success or wait | 600563320 |
File read | Path: C:\Program Files\Java\jre6\lib\rt.jar Offset: unknown Length: 24576 Value: 78 2F 6D 61 6E 61 67 65 6D 65 6E 74 2F 4D 42 65 61 6E 53 65 72 76 65 72 3B 4C 6A 61 76 61 78 2F 6D 61 6E 61 67 65 6D 65 6E 74 2F 4D 42 65 61 6E 53 65 72 76 65 72 44 65 6C 65 67 61 74 65 3B 5A 29 4C 6A 61 76 61 78 2F 6D 61 6E 61 67 65 6D 65 6E 74 2F 4D 42 65 61 6E 53 65 72 76 65 72 3B 0C 00 02 00 01 | success or wait | 600594341 |
File read | Path: C:\Program Files\Java\jre6\lib\rt.jar Offset: unknown Length: 49152 Value: 72 69 62 75 74 65 4C 69 73 74 3B 01 00 3C 28 4C 6A 61 76 61 78 2F 6D 61 6E 61 67 65 6D 65 6E 74 2F 4D 42 65 61 6E 49 6E 66 6F 3B 5A 29 4C 6A 61 76 61 78 2F 6D 61 6E 61 67 65 6D 65 6E 74 2F 44 65 73 63 72 69 70 74 6F 72 3B 01 00 4E 28 4C 6A 61 76 61 78 2F 6D 61 6E 61 67 65 6D 65 6E 74 2F 49 6D 6D 75 | success or wait | 600608505 |
Thread delayed | Time: 0 TID: 1700 | success or wait | 600671792 |
Thread delayed | Time: 0 TID: 1700 | success or wait | 601793130 |
Thread delayed | Time: 0 TID: 1700 | success or wait | 602913782 |
Thread delayed | Time: 0 TID: 1700 | success or wait | 604210202 |
File opened | Path: C:\Program Files\Java\jre6\lib\security\blacklist Access: read attributes and synchronize and generic read Options: sequential only and synchronous io non alert and non directory file Attributes: normal Content Overwritten: true | success or wait | 604745770 |
File read | Path: C:\Program Files\Java\jre6\lib\security\blacklist Offset: unknown Length: 92 Value: 23 20 4A 4E 4C 50 41 70 70 6C 65 74 4C 61 75 6E 63 68 65 72 20 61 70 70 6C 65 74 2D 6C 61 75 6E 63 68 65 72 2E 6A 61 72 0A 53 48 41 31 2D 44 69 67 65 73 74 2D 4D 61 6E 69 66 65 73 74 3A 20 35 42 6F 35 2F 65 67 38 39 32 68 51 39 6D 67 62 55 57 35 36 69 44 6D 73 70 31 6B 3D 0A | success or wait | 604746410 |
File opened | Path: C:\Program Files\Java\jre6\lib\security\java.policy Access: read attributes and synchronize and generic read Options: sequential only and synchronous io non alert and non directory file Attributes: normal Content Overwritten: true | success or wait | 604747776 |
File read | Path: C:\Program Files\Java\jre6\lib\security\java.policy Offset: unknown Length: 2253 Value: 0A 2F 2F 20 53 74 61 6E 64 61 72 64 20 65 78 74 65 6E 73 69 6F 6E 73 20 67 65 74 20 61 6C 6C 20 70 65 72 6D 69 73 73 69 6F 6E 73 20 62 79 20 64 65 66 61 75 6C 74 0A 0A 67 72 61 6E 74 20 63 6F 64 65 42 61 73 65 20 22 66 69 6C 65 3A 24 7B 7B 6A 61 76 61 2E 65 78 74 2E 64 69 72 73 7D 7D 2F 2A 22 20 7B | success or wait | 604748627 |
File opened | Path: C:\Program Files\Java\jre6\lib\security\java.security Access: read attributes and synchronize and generic read Options: sequential only and synchronous io non alert and non directory file Attributes: normal Content Overwritten: true | success or wait | 604751703 |
File read | Path: C:\Program Files\Java\jre6\lib\security\java.security Offset: unknown Length: 9979 Value: 23 0A 23 20 54 68 69 73 20 69 73 20 74 68 65 20 22 6D 61 73 74 65 72 20 73 65 63 75 72 69 74 79 20 70 72 6F 70 65 72 74 69 65 73 20 66 69 6C 65 22 2E 0A 23 0A 23 20 49 6E 20 74 68 69 73 20 66 69 6C 65 2C 20 76 61 72 69 6F 75 73 20 73 65 63 75 72 69 74 79 20 70 72 6F 70 65 72 74 69 65 73 20 61 72 65 | success or wait | 604752330 |
File opened | Path: C:\Program Files\Java\jre6\lib\security\javaws.policy Access: read attributes and synchronize and generic read Options: sequential only and synchronous io non alert and non directory file Attributes: normal Content Overwritten: true | success or wait | 604758883 |
File read | Path: C:\Program Files\Java\jre6\lib\security\javaws.policy Offset: unknown Length: 109 Value: 2F 2F 20 25 57 25 20 25 45 25 0A 0A 67 72 61 6E 74 20 63 6F 64 65 42 61 73 65 20 22 66 69 6C 65 3A 24 7B 6A 6E 6C 70 78 2E 68 6F 6D 65 7D 2F 6A 61 76 61 77 73 2E 6A 61 72 22 20 7B 0A 20 20 20 20 70 65 72 6D 69 73 73 69 6F 6E 20 6A 61 76 61 2E 73 65 63 75 72 69 74 79 2E 41 6C 6C 50 65 72 6D 69 73 73 | success or wait | 604759510 |
File opened | Path: C:\Program Files\Java\jre6\lib\tzmappings Access: read attributes and synchronize and generic read Options: sequential only and synchronous io non alert and non directory file Attributes: normal Content Overwritten: true | success or wait | 604761421 |
File read | Path: C:\Program Files\Java\jre6\lib\tzmappings Offset: unknown Length: 7961 Value: 23 0A 23 20 25 57 25 20 25 45 25 0A 23 20 0A 23 20 54 68 69 73 20 66 69 6C 65 20 64 65 73 63 72 69 62 65 73 20 6D 61 70 70 69 6E 67 20 69 6E 66 6F 72 6D 61 74 69 6F 6E 20 62 65 74 77 65 65 6E 20 57 69 6E 64 6F 77 73 20 61 6E 64 20 4A 61 76 61 0A 23 20 74 69 6D 65 20 7A 6F 6E 65 73 2E 0A 23 20 46 6F | success or wait | 604762043 |
File opened | Path: C:\Program Files\Java\jre6\lib\zi\gmt Access: read attributes and synchronize and generic read Options: sequential only and synchronous io non alert and non directory file Attributes: normal Content Overwritten: true | success or wait | 604769085 |
File read | Path: C:\Program Files\Java\jre6\lib\zi\GMT Offset: unknown Length: 27 Value: 6A 61 76 61 7A 69 00 01 01 00 04 00 00 00 00 02 00 02 00 00 03 00 04 00 00 00 00 | success or wait | 604769713 |
File opened | Path: C:\Program Files\Java\jre6\bin\awt.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: normal Content Overwritten: true | success or wait | 604771585 |
Section loaded | Path: C:\Program Files\Java\jre6\bin\awt.dll Access: write and read and execute Type: commit Baseaddress: 1620000 Size: 1208320 Protection: execute Mapped to pid: own pid | success or wait | 604773361 |
Section loaded | Path: C:\Program Files\Java\jre6\bin\awt.dll Access: query and write and read and execute Type: image Baseaddress: 6D000000 Size: 1351680 Protection: read write Mapped to pid: own pid | success or wait | 604775215 |
Process information queried | PID: 400 Info Class: BasicInformation | success or wait | 604775874 |
Section loaded | Path: \KnownDlls\SETUPAPI.DLL Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 604781396 |
Section loaded | Path: C:\WINDOWS\system32\setupapi.dll Access: query and write and read and execute Type: image Baseaddress: 77920000 Size: 995328 Protection: read write Mapped to pid: own pid | success or wait | 604782023 |
Process information queried | PID: 400 Info Class: Wow64Information | success or wait | 604785143 |
Section loaded | Path: \KnownDlls\SETUPAPI.DLL Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 604956344 |
Section loaded | Path: C:\WINDOWS\system32\setupapi.dll Access: query and write and read and execute Type: image Baseaddress: 77920000 Size: 995328 Protection: read write Mapped to pid: own pid | success or wait | 604957003 |
Process information queried | PID: 400 Info Class: Wow64Information | success or wait | 604959688 |
File opened | Path: C:\Program Files\Java\jre6\bin\client\jvm.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: normal Content Overwritten: true | success or wait | 604988193 |
Section loaded | Path: C:\Program Files\Java\jre6\bin\client\jvm.dll Access: write and read and execute Type: commit Baseaddress: 1620000 Size: 2695168 Protection: execute Mapped to pid: own pid | success or wait | 604989597 |
Section loaded | Path: C:\Program Files\Java\jre6\bin\client\jvm.dll Access: query and write and read and execute Type: image Baseaddress: 6D7F0000 Size: 2777088 Protection: read write Mapped to pid: own pid | success or wait | 604991257 |
Process information queried | PID: 400 Info Class: BasicInformation | success or wait | 604991924 |
Section loaded | Path: \KnownDlls\SETUPAPI.DLL Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 604997210 |
Section loaded | Path: C:\WINDOWS\system32\setupapi.dll Access: query and write and read and execute Type: image Baseaddress: 77920000 Size: 995328 Protection: read write Mapped to pid: own pid | success or wait | 604998099 |
Process information queried | PID: 400 Info Class: Wow64Information | success or wait | 605000863 |
Section loaded | Path: \KnownDlls\SETUPAPI.DLL Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 605100703 |
Section loaded | Path: C:\WINDOWS\system32\setupapi.dll Access: query and write and read and execute Type: image Baseaddress: 77920000 Size: 995328 Protection: read write Mapped to pid: own pid | success or wait | 605101325 |
Process information queried | PID: 400 Info Class: Wow64Information | success or wait | 605103721 |
Thread delayed | Time: 0 TID: 1700 | success or wait | 605417379 |
File opened | Path: C:\Program Files\Java\jre6\bin\dcpr.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: normal Content Overwritten: true | success or wait | 605454752 |
Section loaded | Path: C:\Program Files\Java\jre6\bin\dcpr.dll Access: write and read and execute Type: commit Baseaddress: 1210000 Size: 143360 Protection: execute Mapped to pid: own pid | success or wait | 605456338 |
Section loaded | Path: C:\Program Files\Java\jre6\bin\dcpr.dll Access: query and write and read and execute Type: image Baseaddress: 6D1A0000 Size: 143360 Protection: read write Mapped to pid: own pid | success or wait | 605457976 |
Process information queried | PID: 400 Info Class: BasicInformation | success or wait | 605458556 |
Section loaded | Path: \KnownDlls\SETUPAPI.DLL Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 605464216 |
Section loaded | Path: C:\WINDOWS\system32\setupapi.dll Access: query and write and read and execute Type: image Baseaddress: 77920000 Size: 995328 Protection: read write Mapped to pid: own pid | success or wait | 605464817 |
Process information queried | PID: 400 Info Class: Wow64Information | success or wait | 605467538 |
Section loaded | Path: \KnownDlls\SETUPAPI.DLL Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 605501810 |
Section loaded | Path: C:\WINDOWS\system32\setupapi.dll Access: query and write and read and execute Type: image Baseaddress: 77920000 Size: 995328 Protection: read write Mapped to pid: own pid | success or wait | 605502396 |
Process information queried | PID: 400 Info Class: Wow64Information | success or wait | 605504916 |
File opened | Path: C:\Program Files\Java\jre6\bin\deploy.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: normal Content Overwritten: true | success or wait | 605532096 |
Section loaded | Path: C:\Program Files\Java\jre6\bin\deploy.dll Access: write and read and execute Type: commit Baseaddress: 1210000 Size: 77824 Protection: execute Mapped to pid: own pid | success or wait | 605533828 |
Section loaded | Path: C:\Program Files\Java\jre6\bin\deploy.dll Access: query and write and read and execute Type: image Baseaddress: 6D1D0000 Size: 77824 Protection: read write Mapped to pid: own pid | success or wait | 605535542 |
Process information queried | PID: 400 Info Class: BasicInformation | success or wait | 605536107 |
Section loaded | Path: \KnownDlls\SETUPAPI.DLL Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 605541411 |
Section loaded | Path: C:\WINDOWS\system32\setupapi.dll Access: query and write and read and execute Type: image Baseaddress: 77920000 Size: 995328 Protection: read write Mapped to pid: own pid | success or wait | 605542004 |
Process information queried | PID: 400 Info Class: Wow64Information | success or wait | 605544612 |
Section loaded | Path: \KnownDlls\SETUPAPI.DLL Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 605577294 |
Section loaded | Path: C:\WINDOWS\system32\setupapi.dll Access: query and write and read and execute Type: image Baseaddress: 77920000 Size: 995328 Protection: read write Mapped to pid: own pid | success or wait | 605577881 |
Process information queried | PID: 400 Info Class: Wow64Information | success or wait | 605580440 |
File opened | Path: C:\Program Files\Java\jre6\bin\fontmanager.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: normal Content Overwritten: true | success or wait | 605608846 |
Section loaded | Path: C:\Program Files\Java\jre6\bin\fontmanager.dll Access: write and read and execute Type: commit Baseaddress: 1210000 Size: 323584 Protection: execute Mapped to pid: own pid | success or wait | 605610394 |
Section loaded | Path: C:\Program Files\Java\jre6\bin\fontmanager.dll Access: query and write and read and execute Type: image Baseaddress: 6D230000 Size: 323584 Protection: read write Mapped to pid: own pid | success or wait | 605612105 |
Process information queried | PID: 400 Info Class: BasicInformation | success or wait | 605612695 |
Section loaded | Path: \KnownDlls\SETUPAPI.DLL Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 605618169 |
Section loaded | Path: C:\WINDOWS\system32\setupapi.dll Access: query and write and read and execute Type: image Baseaddress: 77920000 Size: 995328 Protection: read write Mapped to pid: own pid | success or wait | 605618784 |
Process information queried | PID: 400 Info Class: Wow64Information | success or wait | 605621499 |
Section loaded | Path: \KnownDlls\SETUPAPI.DLL Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 605667754 |
Section loaded | Path: C:\WINDOWS\system32\setupapi.dll Access: query and write and read and execute Type: image Baseaddress: 77920000 Size: 995328 Protection: read write Mapped to pid: own pid | success or wait | 605668367 |
Process information queried | PID: 400 Info Class: Wow64Information | success or wait | 605670999 |
File opened | Path: C:\Program Files\Java\jre6\bin\hpi.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: normal Content Overwritten: true | success or wait | 606252519 |
Section loaded | Path: C:\Program Files\Java\jre6\bin\hpi.dll Access: write and read and execute Type: commit Baseaddress: 1210000 Size: 16384 Protection: execute Mapped to pid: own pid | success or wait | 606256267 |
Section loaded | Path: C:\Program Files\Java\jre6\bin\hpi.dll Access: query and write and read and execute Type: image Baseaddress: 6D280000 Size: 32768 Protection: read write Mapped to pid: own pid | success or wait | 606260539 |
Process information queried | PID: 400 Info Class: BasicInformation | success or wait | 606262132 |
Section loaded | Path: \KnownDlls\SETUPAPI.DLL Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 606277382 |
Section loaded | Path: C:\WINDOWS\system32\setupapi.dll Access: query and write and read and execute Type: image Baseaddress: 77920000 Size: 995328 Protection: read write Mapped to pid: own pid | success or wait | 606279042 |
Process information queried | PID: 400 Info Class: Wow64Information | success or wait | 606286831 |
Section loaded | Path: \KnownDlls\SETUPAPI.DLL Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 606373908 |
Section loaded | Path: C:\WINDOWS\system32\setupapi.dll Access: query and write and read and execute Type: image Baseaddress: 77920000 Size: 995328 Protection: read write Mapped to pid: own pid | success or wait | 606375558 |
Process information queried | PID: 400 Info Class: Wow64Information | success or wait | 606382766 |
File opened | Path: C:\Program Files\Java\jre6\bin\java.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: normal Content Overwritten: true | success or wait | 606463379 |
Section loaded | Path: C:\Program Files\Java\jre6\bin\java.dll Access: write and read and execute Type: commit Baseaddress: 1210000 Size: 126976 Protection: execute Mapped to pid: own pid | success or wait | 606467534 |
Section loaded | Path: C:\Program Files\Java\jre6\bin\java.dll Access: query and write and read and execute Type: image Baseaddress: 6D320000 Size: 126976 Protection: read write Mapped to pid: own pid | success or wait | 606471962 |
Process information queried | PID: 400 Info Class: BasicInformation | success or wait | 606473562 |
Thread delayed | Time: 0 TID: 1700 | success or wait | 606485773 |
Section loaded | Path: \KnownDlls\SETUPAPI.DLL Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 606495974 |
Section loaded | Path: C:\WINDOWS\system32\setupapi.dll Access: query and write and read and execute Type: image Baseaddress: 77920000 Size: 995328 Protection: read write Mapped to pid: own pid | success or wait | 606497637 |
Process information queried | PID: 400 Info Class: Wow64Information | success or wait | 606505696 |
Section loaded | Path: \KnownDlls\SETUPAPI.DLL Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 606600099 |
Section loaded | Path: C:\WINDOWS\system32\setupapi.dll Access: query and write and read and execute Type: image Baseaddress: 77920000 Size: 995328 Protection: read write Mapped to pid: own pid | success or wait | 606601748 |
Process information queried | PID: 400 Info Class: Wow64Information | success or wait | 606609354 |
File opened | Path: C:\Program Files\Java\jre6\bin\javaw.exe Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: normal Content Overwritten: true | success or wait | 606688963 |
Section loaded | Path: C:\Program Files\Java\jre6\bin\javaw.exe Access: write and read and execute Type: commit Baseaddress: 1210000 Size: 147456 Protection: execute Mapped to pid: own pid | success or wait | 606692551 |
Section loaded | Path: C:\Program Files\Java\jre6\bin\javaw.exe Access: query and write and read and execute Type: image Baseaddress: 1210000 Size: 147456 Protection: read write Mapped to pid: own pid | conflicting addresses | 606696974 |
Process information queried | PID: 400 Info Class: BasicInformation | success or wait | 606700555 |
Section loaded | Path: \KnownDlls\SETUPAPI.DLL Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 606716623 |
Section loaded | Path: C:\WINDOWS\system32\setupapi.dll Access: query and write and read and execute Type: image Baseaddress: 77920000 Size: 995328 Protection: read write Mapped to pid: own pid | success or wait | 606718298 |
Process information queried | PID: 400 Info Class: Wow64Information | success or wait | 606725744 |
Section loaded | Path: \KnownDlls\SETUPAPI.DLL Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 606821723 |
Section loaded | Path: C:\WINDOWS\system32\setupapi.dll Access: query and write and read and execute Type: image Baseaddress: 77920000 Size: 995328 Protection: read write Mapped to pid: own pid | success or wait | 606823651 |
Process information queried | PID: 400 Info Class: Wow64Information | success or wait | 606830973 |
File opened | Path: C:\Program Files\Java\jre6\bin\jp2native.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: normal Content Overwritten: true | success or wait | 606905396 |
Section loaded | Path: C:\Program Files\Java\jre6\bin\jp2native.dll Access: write and read and execute Type: commit Baseaddress: 1210000 Size: 8192 Protection: execute Mapped to pid: own pid | success or wait | 606909133 |
Section loaded | Path: C:\Program Files\Java\jre6\bin\jp2native.dll Access: query and write and read and execute Type: image Baseaddress: 6D420000 Size: 24576 Protection: read write Mapped to pid: own pid | success or wait | 606913508 |
Process information queried | PID: 400 Info Class: BasicInformation | success or wait | 606915096 |
Section loaded | Path: \KnownDlls\SETUPAPI.DLL Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 606931676 |
Section loaded | Path: C:\WINDOWS\system32\setupapi.dll Access: query and write and read and execute Type: image Baseaddress: 77920000 Size: 995328 Protection: read write Mapped to pid: own pid | success or wait | 606933567 |
Process information queried | PID: 400 Info Class: Wow64Information | success or wait | 606940956 |
Section loaded | Path: \KnownDlls\SETUPAPI.DLL Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 607029852 |
Section loaded | Path: C:\WINDOWS\system32\setupapi.dll Access: query and write and read and execute Type: image Baseaddress: 77920000 Size: 995328 Protection: read write Mapped to pid: own pid | success or wait | 607031496 |
Process information queried | PID: 400 Info Class: Wow64Information | success or wait | 607038783 |
File opened | Path: C:\Program Files\Java\jre6\bin\jpeg.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: normal Content Overwritten: true | success or wait | 607118201 |
Section loaded | Path: C:\Program Files\Java\jre6\bin\jpeg.dll Access: write and read and execute Type: commit Baseaddress: 1210000 Size: 151552 Protection: execute Mapped to pid: own pid | success or wait | 607120414 |
Section loaded | Path: C:\Program Files\Java\jre6\bin\jpeg.dll Access: query and write and read and execute Type: image Baseaddress: 6D440000 Size: 151552 Protection: read write Mapped to pid: own pid | success or wait | 607124765 |
Process information queried | PID: 400 Info Class: BasicInformation | success or wait | 607126368 |
Section loaded | Path: \KnownDlls\SETUPAPI.DLL Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 607141593 |
Section loaded | Path: C:\WINDOWS\system32\setupapi.dll Access: query and write and read and execute Type: image Baseaddress: 77920000 Size: 995328 Protection: read write Mapped to pid: own pid | success or wait | 607143273 |
Process information queried | PID: 400 Info Class: Wow64Information | success or wait | 607151282 |
Section loaded | Path: \KnownDlls\SETUPAPI.DLL Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 607246432 |
Section loaded | Path: C:\WINDOWS\system32\setupapi.dll Access: query and write and read and execute Type: image Baseaddress: 77920000 Size: 995328 Protection: read write Mapped to pid: own pid | success or wait | 607248078 |
Process information queried | PID: 400 Info Class: Wow64Information | success or wait | 607255689 |
File opened | Path: C:\Program Files\Java\jre6\bin\msvcr71.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: normal Content Overwritten: true | success or wait | 607337509 |
Process information queried | PID: 400 Info Class: BasicInformation | success or wait | 607338554 |
Section loaded | Path: \KnownDlls\SETUPAPI.DLL Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 607344426 |
Section loaded | Path: C:\WINDOWS\system32\setupapi.dll Access: query and write and read and execute Type: image Baseaddress: 77920000 Size: 995328 Protection: read write Mapped to pid: own pid | success or wait | 607346073 |
Process information queried | PID: 400 Info Class: Wow64Information | success or wait | 607353460 |
Section loaded | Path: \KnownDlls\SETUPAPI.DLL Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 607532403 |
Section loaded | Path: C:\WINDOWS\system32\setupapi.dll Access: query and write and read and execute Type: image Baseaddress: 77920000 Size: 995328 Protection: read write Mapped to pid: own pid | success or wait | 607534144 |
Process information queried | PID: 400 Info Class: Wow64Information | success or wait | 607541961 |
Thread delayed | Time: 0 TID: 1700 | success or wait | 607604009 |
File opened | Path: C:\Program Files\Java\jre6\bin\net.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: normal Content Overwritten: true | success or wait | 607625599 |
Section loaded | Path: C:\Program Files\Java\jre6\bin\net.dll Access: write and read and execute Type: commit Baseaddress: 1210000 Size: 77824 Protection: execute Mapped to pid: own pid | success or wait | 607629199 |
Section loaded | Path: C:\Program Files\Java\jre6\bin\net.dll Access: query and write and read and execute Type: image Baseaddress: 6D600000 Size: 77824 Protection: read write Mapped to pid: own pid | success or wait | 607633132 |
Process information queried | PID: 400 Info Class: BasicInformation | success or wait | 607634593 |
Section loaded | Path: \KnownDlls\SETUPAPI.DLL Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 607648793 |
Section loaded | Path: C:\WINDOWS\system32\setupapi.dll Access: query and write and read and execute Type: image Baseaddress: 77920000 Size: 995328 Protection: read write Mapped to pid: own pid | success or wait | 607650301 |
Process information queried | PID: 400 Info Class: Wow64Information | success or wait | 607656384 |
Section loaded | Path: \KnownDlls\SETUPAPI.DLL Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 607743072 |
Section loaded | Path: C:\WINDOWS\system32\setupapi.dll Access: query and write and read and execute Type: image Baseaddress: 77920000 Size: 995328 Protection: read write Mapped to pid: own pid | success or wait | 607744576 |
Process information queried | PID: 400 Info Class: Wow64Information | success or wait | 607750072 |
File opened | Path: C:\Program Files\Java\jre6\bin\nio.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: normal Content Overwritten: true | success or wait | 607819151 |
Section loaded | Path: C:\Program Files\Java\jre6\bin\nio.dll Access: write and read and execute Type: commit Baseaddress: 1210000 Size: 20480 Protection: execute Mapped to pid: own pid | success or wait | 607821215 |
Section loaded | Path: C:\Program Files\Java\jre6\bin\nio.dll Access: query and write and read and execute Type: image Baseaddress: 6D620000 Size: 36864 Protection: read write Mapped to pid: own pid | success or wait | 607825688 |
Process information queried | PID: 400 Info Class: BasicInformation | success or wait | 607827155 |
Section loaded | Path: \KnownDlls\SETUPAPI.DLL Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 607840944 |
Section loaded | Path: C:\WINDOWS\system32\setupapi.dll Access: query and write and read and execute Type: image Baseaddress: 77920000 Size: 995328 Protection: read write Mapped to pid: own pid | success or wait | 607842450 |
Process information queried | PID: 400 Info Class: Wow64Information | success or wait | 607849157 |
Section loaded | Path: \KnownDlls\SETUPAPI.DLL Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 607929153 |
Section loaded | Path: C:\WINDOWS\system32\setupapi.dll Access: query and write and read and execute Type: image Baseaddress: 77920000 Size: 995328 Protection: read write Mapped to pid: own pid | success or wait | 607930636 |
Process information queried | PID: 400 Info Class: Wow64Information | success or wait | 607956690 |
Thread delayed | Time: 0 TID: 1700 | success or wait | 608742723 |
File opened | Path: C:\Program Files\Java\jre6\bin\regutils.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: normal Content Overwritten: true | success or wait | 608816113 |
Section loaded | Path: C:\Program Files\Java\jre6\bin\regutils.dll Access: write and read and execute Type: commit Baseaddress: 1210000 Size: 278528 Protection: execute Mapped to pid: own pid | success or wait | 608819848 |
Section loaded | Path: C:\Program Files\Java\jre6\bin\regutils.dll Access: query and write and read and execute Type: image Baseaddress: 6D6A0000 Size: 286720 Protection: read write Mapped to pid: own pid | success or wait | 608823329 |
Process information queried | PID: 400 Info Class: BasicInformation | success or wait | 608823926 |
Section loaded | Path: \KnownDlls\SETUPAPI.DLL Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 608836253 |
Section loaded | Path: C:\WINDOWS\system32\setupapi.dll Access: query and write and read and execute Type: image Baseaddress: 77920000 Size: 995328 Protection: read write Mapped to pid: own pid | success or wait | 608837761 |
Process information queried | PID: 400 Info Class: Wow64Information | success or wait | 608844498 |
Section loaded | Path: \KnownDlls\SETUPAPI.DLL Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 608934029 |
Section loaded | Path: C:\WINDOWS\system32\setupapi.dll Access: query and write and read and execute Type: image Baseaddress: 77920000 Size: 995328 Protection: read write Mapped to pid: own pid | success or wait | 608935798 |
Process information queried | PID: 400 Info Class: Wow64Information | success or wait | 608942781 |
File opened | Path: C:\Program Files\Java\jre6\bin\verify.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: normal Content Overwritten: true | success or wait | 609020275 |
Section loaded | Path: C:\Program Files\Java\jre6\bin\verify.dll Access: write and read and execute Type: commit Baseaddress: 1210000 Size: 32768 Protection: execute Mapped to pid: own pid | success or wait | 609023879 |
Section loaded | Path: C:\Program Files\Java\jre6\bin\verify.dll Access: query and write and read and execute Type: image Baseaddress: 6D7A0000 Size: 49152 Protection: read write Mapped to pid: own pid | success or wait | 609027898 |
Process information queried | PID: 400 Info Class: BasicInformation | success or wait | 609029337 |
Section loaded | Path: \KnownDlls\SETUPAPI.DLL Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 609043337 |
Section loaded | Path: C:\WINDOWS\system32\setupapi.dll Access: query and write and read and execute Type: image Baseaddress: 77920000 Size: 995328 Protection: read write Mapped to pid: own pid | success or wait | 609044930 |
Process information queried | PID: 400 Info Class: Wow64Information | success or wait | 609051705 |
Section loaded | Path: \KnownDlls\SETUPAPI.DLL Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 609132964 |
Section loaded | Path: C:\WINDOWS\system32\setupapi.dll Access: query and write and read and execute Type: image Baseaddress: 77920000 Size: 995328 Protection: read write Mapped to pid: own pid | success or wait | 609134515 |
Process information queried | PID: 400 Info Class: Wow64Information | success or wait | 609141033 |
File opened | Path: C:\Program Files\Java\jre6\bin\zip.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: normal Content Overwritten: true | success or wait | 609576979 |
Section loaded | Path: C:\Program Files\Java\jre6\bin\zip.dll Access: write and read and execute Type: commit Baseaddress: 1210000 Size: 49152 Protection: execute Mapped to pid: own pid | success or wait | 609577813 |
Section loaded | Path: C:\Program Files\Java\jre6\bin\zip.dll Access: query and write and read and execute Type: image Baseaddress: 6D7E0000 Size: 61440 Protection: read write Mapped to pid: own pid | success or wait | 609579849 |
Process information queried | PID: 400 Info Class: BasicInformation | success or wait | 609580467 |
Section loaded | Path: \KnownDlls\SETUPAPI.DLL Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 609586003 |
Section loaded | Path: C:\WINDOWS\system32\setupapi.dll Access: query and write and read and execute Type: image Baseaddress: 77920000 Size: 995328 Protection: read write Mapped to pid: own pid | success or wait | 609586642 |
Process information queried | PID: 400 Info Class: Wow64Information | success or wait | 609589391 |
Section loaded | Path: \KnownDlls\SETUPAPI.DLL Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 609622511 |
Section loaded | Path: C:\WINDOWS\system32\setupapi.dll Access: query and write and read and execute Type: image Baseaddress: 77920000 Size: 995328 Protection: read write Mapped to pid: own pid | success or wait | 609623121 |
Process information queried | PID: 400 Info Class: Wow64Information | success or wait | 609625761 |
Thread delayed | Time: 0 TID: 1700 | success or wait | 609841283 |
Thread delayed | Time: 0 TID: 1700 | success or wait | 610957644 |
Thread delayed | Time: 0 TID: 1700 | success or wait | 612075701 |
Thread delayed | Time: 0 TID: 1700 | success or wait | 613194504 |
Thread delayed | Time: 0 TID: 1700 | success or wait | 614315777 |
Thread delayed | Time: 0 TID: 1700 | success or wait | 615431612 |
Thread delayed | Time: 0 TID: 1700 | success or wait | 616550238 |
Thread delayed | Time: 0 TID: 1700 | success or wait | 617671748 |
Thread delayed | Time: 0 TID: 1700 | success or wait | 618787394 |
Thread delayed | Time: 0 TID: 1700 | success or wait | 619912644 |
Thread delayed | Time: 0 TID: 1700 | success or wait | 621024603 |
Thread delayed | Time: 0 TID: 1700 | success or wait | 622143437 |
Thread delayed | Time: 0 TID: 1700 | success or wait | 623261838 |
Thread delayed | Time: 0 TID: 1700 | success or wait | 624383147 |
Thread delayed | Time: 0 TID: 1700 | success or wait | 625499066 |
Thread delayed | Time: 0 TID: 1700 | success or wait | 626619102 |
Thread delayed | Time: 0 TID: 1700 | success or wait | 627736285 |
Thread delayed | Time: 0 TID: 1700 | success or wait | 628859250 |
Thread delayed | Time: 0 TID: 1700 | success or wait | 629974219 |
Thread delayed | Time: 0 TID: 1700 | success or wait | 631092144 |
Thread delayed | Time: 0 TID: 1700 | success or wait | 632210679 |
Thread delayed | Time: 0 TID: 1700 | success or wait | 633329314 |
Thread delayed | Time: 0 TID: 1700 | success or wait | 634454623 |
Thread delayed | Time: 0 TID: 1700 | success or wait | 635566527 |
Thread delayed | Time: 0 TID: 1700 | success or wait | 636685138 |
Thread delayed | Time: 0 TID: 1700 | success or wait | 637803741 |
Thread delayed | Time: 0 TID: 1700 | success or wait | 638925012 |
Thread delayed | Time: 0 TID: 1700 | success or wait | 640043945 |
Thread delayed | Time: 0 TID: 1700 | success or wait | 641162322 |
Thread delayed | Time: 0 TID: 1700 | success or wait | 642281179 |
Thread delayed | Time: 0 TID: 1700 | success or wait | 644187487 |
Thread resumed | TID: 3472 PID: 400 Path: C:\Program Files\Java\jre6\bin\jqs.exe | success or wait | 661641212 |
File opened | Path: C:\Program Files\Java\jre6\bin\client\classes.jsa Access: read attributes and synchronize and generic read Options: sequential only and synchronous io non alert and non directory file Attributes: normal Content Overwritten: true | success or wait | 676574333 |
Section loaded | Path: C:\Program Files\Java\jre6\bin\client\classes.jsa Access: query and read Type: commit Baseaddress: 1620000 Size: 13369344 Protection: readonly Mapped to pid: own pid | success or wait | 676575247 |
Section loaded | Path: \KnownDlls\SETUPAPI.DLL Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 676576841 |
Section loaded | Path: C:\WINDOWS\system32\setupapi.dll Access: query and write and read and execute Type: image Baseaddress: 77920000 Size: 995328 Protection: read write Mapped to pid: own pid | success or wait | 676578565 |
Process information queried | PID: 400 Info Class: Wow64Information | success or wait | 676586402 |
Section loaded | Path: \KnownDlls\SETUPAPI.DLL Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 677828628 |
Section loaded | Path: C:\WINDOWS\system32\setupapi.dll Access: query and write and read and execute Type: image Baseaddress: 77920000 Size: 995328 Protection: read write Mapped to pid: own pid | success or wait | 677830558 |
Process information queried | PID: 400 Info Class: Wow64Information | success or wait | 677839757 |
File opened | Path: C:\Program Files\Java\jre6\lib\content-types.properties Access: read attributes and synchronize and generic read Options: sequential only and synchronous io non alert and non directory file Attributes: normal Content Overwritten: true | success or wait | 677922150 |
File other op | Path: C:\Program Files\Java\jre6\lib\content-types.propertiesNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1f23ca4 | success or wait | 677923938 |
File read | Path: C:\Program Files\Java\jre6\lib\content-types.properties Offset: unknown Length: 5501 Value: 23 73 75 6E 2E 6E 65 74 2E 77 77 77 20 4D 49 4D 45 20 63 6F 6E 74 65 6E 74 2D 74 79 70 65 73 20 74 61 62 6C 65 3B 20 76 65 72 73 69 6F 6E 20 25 49 25 2C 20 25 47 25 0A 23 0A 23 20 50 72 6F 70 65 72 74 79 20 66 69 65 6C 64 73 3A 0A 23 0A 23 20 20 20 3C 64 65 73 63 72 69 70 74 69 6F 6E 3E 20 3A 3A 3D | success or wait | 677924212 |
File opened | Path: C:\Program Files\Java\jre6\lib\deploy.jar Access: read attributes and synchronize and generic read Options: sequential only and synchronous io non alert and non directory file Attributes: normal Content Overwritten: true | success or wait | 677934881 |
File other op | Path: C:\Program Files\Java\jre6\lib\deploy.jarNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@6b611e | success or wait | 677936523 |
File read | Path: C:\Program Files\Java\jre6\lib\deploy.jar Offset: unknown Length: 4096 Value: 50 4B 03 04 0A 00 00 00 00 00 2A 99 42 3E 00 00 00 00 00 00 00 00 00 00 00 00 09 00 00 00 4D 45 54 41 2D 49 4E 46 2F 50 4B 03 04 0A 00 00 00 00 00 2A 99 42 3E 6F 39 92 05 47 00 00 00 47 00 00 00 14 00 00 00 4D 45 54 41 2D 49 4E 46 2F 4D 41 4E 49 46 45 53 54 2E 4D 46 4D 61 6E 69 66 65 73 74 2D 56 65 | success or wait | 677936795 |
File other op | Path: C:\Program Files\Java\jre6\lib\deploy.jarNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1b51061 | success or wait | 677948252 |
File read | Path: C:\Program Files\Java\jre6\lib\deploy.jar Offset: unknown Length: 65536 Value: 00 10 6A 61 76 61 2F 6C 61 6E 67 2F 53 74 72 69 6E 67 01 00 16 6A 61 76 61 2F 6C 61 6E 67 2F 53 74 72 69 6E 67 42 75 66 66 65 72 01 00 10 6A 61 76 61 2F 6C 61 6E 67 2F 53 79 73 74 65 6D 01 00 0C 6A 61 76 61 2F 6E 65 74 2F 55 52 4C 01 00 06 6C 65 6E 67 74 68 01 00 0A 6F 70 65 6E 53 74 72 65 61 6D 01 | success or wait | 677948521 |
File read | Path: C:\Program Files\Java\jre6\lib\deploy.jar Offset: unknown Length: 65536 Value: 72 73 52 65 71 07 00 07 07 00 09 07 00 0A 07 00 0B 07 00 11 07 00 12 07 00 13 07 00 14 07 00 15 07 00 16 07 00 17 07 00 18 01 00 26 4C 63 6F 6D 2F 73 75 6E 2F 64 65 70 6C 6F 79 2F 63 61 63 68 65 2F 43 61 63 68 65 64 4A 61 72 46 69 6C 65 31 34 3B 01 00 20 4C 63 6F 6D 2F 73 75 6E 2F 64 65 70 6C 6F 79 | success or wait | 679005401 |
File read | Path: C:\Program Files\Java\jre6\lib\deploy.jar Offset: unknown Length: 65536 Value: BE A2 00 5E 01 3A 09 01 3A 0A 2B 15 08 32 C1 02 D7 99 00 0C 2B 15 08 32 C0 02 D7 3A 09 15 08 04 60 2B BE A2 00 1D 2B 15 08 04 60 32 C1 02 D7 99 00 11 2B 15 08 04 60 32 C0 02 D7 3A 0A A7 00 07 19 09 3A 0A 19 07 19 09 B6 05 D8 57 19 09 19 0A B8 05 2B 9A 00 06 A7 00 09 84 08 01 A7 FF A1 15 08 2B BE A2 | success or wait | 679099320 |
File read | Path: C:\Program Files\Java\jre6\lib\deploy.jar Offset: unknown Length: 65536 Value: 2E 73 65 63 75 72 69 74 79 2E 76 61 6C 69 64 61 74 69 6F 6E 2E 63 72 6C 2E 75 72 6C 01 00 23 64 65 70 6C 6F 79 6D 65 6E 74 2E 73 65 63 75 72 69 74 79 2E 76 61 6C 69 64 61 74 69 6F 6E 2E 6F 63 73 70 01 00 2D 64 65 70 6C 6F 79 6D 65 6E 74 2E 73 65 63 75 72 69 74 79 2E 76 61 6C 69 64 61 74 69 6F 6E 2E | success or wait | 679269358 |
File read | Path: C:\Program Files\Java\jre6\lib\deploy.jar Offset: unknown Length: 65536 Value: 0A 00 5C 00 89 0A 00 5C 00 8F 0A 00 5C 00 94 0B 00 56 00 7E 0B 00 56 00 86 0B 00 59 00 87 0B 00 59 00 90 0B 00 5A 00 7F 0B 00 5A 00 85 01 00 04 43 6F 64 65 01 00 0A 45 78 63 65 70 74 69 6F 6E 73 01 00 0C 49 6E 6E 65 72 43 6C 61 73 73 65 73 01 00 08 4A 61 72 46 69 6C 65 32 00 20 00 4C 00 52 00 00 00 | success or wait | 679371986 |
File read | Path: C:\Program Files\Java\jre6\lib\deploy.jar Offset: unknown Length: 65536 Value: 50 5F 4D 49 4D 45 5F 54 59 50 45 01 00 1E 4C 6F 6F 6B 69 6E 67 20 75 70 20 6E 61 74 69 76 65 20 6C 69 62 72 61 72 79 20 69 6E 3A 20 01 00 12 4E 41 54 49 56 45 5F 43 4F 4E 54 45 4E 54 5F 42 49 54 01 00 07 4E 45 54 57 4F 52 4B 01 00 12 4E 4F 52 4D 41 4C 5F 43 4F 4E 54 45 4E 54 5F 42 49 54 01 00 44 4E | success or wait | 679461511 |
File read | Path: C:\Program Files\Java\jre6\lib\deploy.jar Offset: unknown Length: 65536 Value: 2B C7 00 05 01 B0 2B B6 01 28 4E 2D 12 10 B6 01 1A 99 00 70 2B B6 01 29 3A 04 19 04 10 2F B6 01 19 36 05 15 05 02 A0 00 1E BB 00 94 59 BB 00 A2 59 B7 01 1F 12 08 B6 01 23 2B B6 01 22 B6 01 20 B7 01 05 BF 19 04 84 05 01 15 05 B6 01 18 10 2F A0 00 06 A7 FF F1 BB 00 A7 59 BB 00 A2 59 B7 01 1F 12 11 B6 | success or wait | 679552717 |
File read | Path: C:\Program Files\Java\jre6\lib\deploy.jar Offset: unknown Length: 36864 Value: 6E 67 2F 53 74 72 69 6E 67 3B 29 5A 01 00 18 28 4C 6A 61 76 61 2F 6C 61 6E 67 2F 54 68 72 6F 77 61 62 6C 65 3B 29 56 01 00 3E 28 4C 6A 61 76 61 2F 69 6F 2F 46 69 6C 65 3B 4C 63 6F 6D 2F 73 75 6E 2F 64 65 70 6C 6F 79 2F 6E 65 74 2F 70 72 6F 78 79 2F 42 72 6F 77 73 65 72 50 72 6F 78 79 49 6E 66 6F 3B | success or wait | 679641529 |
File other op | Path: C:\Program Files\Java\jre6\lib\deploy.jarNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@465648 | success or wait | 679694591 |
File read | Path: C:\Program Files\Java\jre6\lib\deploy.jar Offset: unknown Length: 4096 Value: 61 6E 67 2F 43 6C 61 73 73 3B 01 00 15 4C 6A 61 76 61 78 2F 73 77 69 6E 67 2F 4A 42 75 74 74 6F 6E 3B 01 00 18 4C 6A 61 76 61 78 2F 73 77 69 6E 67 2F 4A 43 6F 6D 70 6F 6E 65 6E 74 3B 01 00 14 4C 6A 61 76 61 78 2F 73 77 69 6E 67 2F 4A 4C 61 62 65 6C 3B 01 00 14 4C 6A 61 76 61 78 2F 73 77 69 6E 67 2F | success or wait | 679694728 |
File other op | Path: C:\Program Files\Java\jre6\lib\deploy.jarNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1ca9f78 | success or wait | 679702902 |
File read | Path: C:\Program Files\Java\jre6\lib\deploy.jar Offset: unknown Length: 65536 Value: 77 69 6E 67 2F 4A 42 75 74 74 6F 6E 3B 01 00 14 4C 6A 61 76 61 78 2F 73 77 69 6E 67 2F 4A 50 61 6E 65 6C 3B 01 00 18 4C 6A 61 76 61 78 2F 73 77 69 6E 67 2F 4A 54 65 78 74 46 69 65 6C 64 3B 01 00 2A 4C 6A 61 76 61 78 2F 73 77 69 6E 67 2F 74 72 65 65 2F 44 65 66 61 75 6C 74 54 72 65 65 43 65 6C 6C 52 | success or wait | 679704348 |
File read | Path: C:\Program Files\Java\jre6\lib\deploy.jar Offset: unknown Length: 65536 Value: 00 26 46 69 6E 64 20 74 68 65 20 76 61 6C 69 64 20 72 6F 6F 74 20 43 41 20 69 6E 20 63 61 63 65 72 74 73 20 66 69 6C 65 01 00 17 46 69 6E 64 69 6E 67 20 69 6E 66 6F 72 6D 61 74 69 6F 6E 20 2E 2E 2E 01 00 06 46 69 6E 69 73 68 01 00 58 46 6F 72 20 6D 6F 72 65 20 69 6E 66 6F 72 6D 61 74 69 6F 6E 20 61 | success or wait | 680576938 |
File read | Path: C:\Program Files\Java\jre6\lib\deploy.jar Offset: unknown Length: 4096 Value: 72 69 74 79 2E 70 6F 6C 69 63 69 65 73 2E 61 64 76 61 6E 63 65 64 2E 74 65 78 74 01 00 1D 73 65 63 75 72 69 74 79 2E 70 6F 6C 69 63 69 65 73 2E 62 6F 72 64 65 72 2E 74 65 78 74 01 00 1B 73 65 63 75 72 69 74 79 2E 70 6F 6C 69 63 69 65 73 2E 64 65 73 63 2E 74 65 78 74 01 00 1F 73 65 63 75 72 69 74 79 | success or wait | 680659058 |
File other op | Path: C:\Program Files\Java\jre6\lib\deploy.jarNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1aba72e | success or wait | 680667274 |
File read | Path: C:\Program Files\Java\jre6\lib\deploy.jar Offset: unknown Length: 4096 Value: 67 68 74 20 28 63 29 20 32 30 31 31 20 4F 72 61 63 6C 65 20 61 6E 64 2F 6F 72 20 69 74 73 20 61 66 66 69 6C 69 61 74 65 73 2E 2E 01 00 06 46 54 50 EF BC 9A 01 00 07 48 54 54 50 EF BC 9A 01 00 31 4A 4E 4C 50 20 E6 AA 94 E4 B8 AD E7 9A 84 20 4A 41 52 20 E8 B3 87 E6 BA 90 E6 9C AA E4 BB A5 E7 9B B8 E5 | success or wait | 680669005 |
File other op | Path: C:\Program Files\Java\jre6\lib\deploy.jarNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@6cd67b | success or wait | 680683214 |
File read | Path: C:\Program Files\Java\jre6\lib\deploy.jar Offset: unknown Length: 20480 Value: 03 13 0D 41 53 59 04 13 0A F8 53 53 59 11 03 BD 05 BD 13 89 59 03 13 0D 1D 53 59 04 13 10 BD 53 53 59 11 03 BE 05 BD 13 89 59 03 13 0D 1E 53 59 04 13 0A F7 53 53 59 11 03 BF 05 BD 13 89 59 03 13 0C FB 53 59 04 13 12 9E 53 53 59 11 03 C0 05 BD 13 89 59 03 13 0C FC 53 59 04 13 13 7C 53 53 59 11 03 C1 | success or wait | 680683483 |
File other op | Path: C:\Program Files\Java\jre6\lib\deploy.jarNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@175650e | success or wait | 680738404 |
File read | Path: C:\Program Files\Java\jre6\lib\deploy.jar Offset: unknown Length: 45056 Value: 58 1A 26 C7 16 63 E5 58 35 56 8F 35 63 1D 58 37 76 15 1B C0 9E 61 EF 08 24 02 8B 80 13 EC 08 5E 84 10 C2 6C 82 90 90 47 58 4C 58 43 A8 25 EC 23 B4 12 BA 08 57 09 83 84 31 C2 27 22 93 A8 4F B4 25 7A 12 F9 C4 78 62 3A B1 90 58 46 AC 26 EE 21 1E 21 9E 25 5E 27 0E 13 5F 93 48 24 0E C9 92 E4 4E 0A 21 25 | success or wait | 680747710 |
File other op | Path: C:\Program Files\Java\jre6\lib\deploy.jarNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@3da1dc | success or wait | 680832377 |
File read | Path: C:\Program Files\Java\jre6\lib\deploy.jar Offset: unknown Length: 12288 Value: 25 00 00 80 83 00 00 F9 FF 00 00 80 E9 00 00 75 30 00 00 EA 60 00 00 3A 98 00 00 17 6F 92 5F C5 46 00 00 03 2F 49 44 41 54 78 DA B4 96 CF 6F 54 55 14 C7 3F 77 66 1C 4B DB 97 0E AD A5 B5 2D 0D 35 64 42 C4 95 09 2B 57 2E 31 46 5D 74 6F 58 D6 84 BF C0 B8 32 2C 65 21 46 96 98 10 5D 18 58 F8 23 26 9A 18 | success or wait | 680836983 |
File other op | Path: C:\Program Files\Java\jre6\lib\deploy.jarNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@4d9ebf | success or wait | 680895734 |
File read | Path: C:\Program Files\Java\jre6\lib\deploy.jar Offset: unknown Length: 8192 Value: 8B 0E 58 D2 76 00 40 7E F3 2D 8C 1A 0B 91 00 10 67 34 32 79 F7 00 00 93 BF F9 8F 40 2B 01 00 CD 97 A4 E3 00 00 BC E8 18 5C A8 94 17 4C C6 08 00 00 44 A0 81 2A B0 41 07 0C C1 14 AC C0 0E 9C C1 1D BC C0 17 02 61 06 44 40 0C 24 C0 3C 10 42 06 E4 80 1C 0A A1 18 96 41 19 54 C0 3A D8 04 B5 B0 03 1A A0 11 | success or wait | 680899151 |
File other op | Path: C:\Program Files\Java\jre6\lib\deploy.jarNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1f14318 | success or wait | 680914360 |
File read | Path: C:\Program Files\Java\jre6\lib\deploy.jar Offset: unknown Length: 53248 Value: 65 01 00 0C 49 6E 6E 65 72 43 6C 61 73 73 65 73 00 30 00 06 00 07 00 00 00 00 00 02 00 00 00 02 00 08 00 01 00 0B 00 00 00 13 00 03 00 03 00 00 00 07 2A 2B 2C B7 00 0A B1 00 00 00 00 00 01 00 04 00 01 00 01 00 0B 00 00 00 0E 00 01 00 03 00 00 00 02 03 AC 00 00 00 00 00 01 00 0C 00 00 00 0A 00 01 00 | success or wait | 680916312 |
File other op | Path: C:\Program Files\Java\jre6\lib\deploy.jarNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@6bfd73 | success or wait | 681014602 |
File read | Path: C:\Program Files\Java\jre6\lib\deploy.jar Offset: unknown Length: 12288 Value: 64 65 70 6C 6F 79 2F 73 65 63 75 72 69 74 79 2F 41 75 74 68 4B 65 79 3B 29 4C 63 6F 6D 2F 73 75 6E 2F 64 65 70 6C 6F 79 2F 73 65 63 75 72 69 74 79 2F 43 72 65 64 65 6E 74 69 61 6C 49 6E 66 6F 3B 01 00 4C 28 4C 63 6F 6D 2F 73 75 6E 2F 64 65 70 6C 6F 79 2F 73 65 63 75 72 69 74 79 2F 41 75 74 68 4B 65 | success or wait | 681018106 |
File other op | Path: C:\Program Files\Java\jre6\lib\deploy.jarNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1ccc6c8 | success or wait | 681059076 |
File read | Path: C:\Program Files\Java\jre6\lib\deploy.jar Offset: unknown Length: 65536 Value: 6F 2F 46 69 6C 65 3B 29 56 0C 00 43 00 11 0C 00 28 00 15 0C 00 44 00 15 0C 00 48 00 5F 0C 00 26 00 60 0C 00 13 00 61 0C 00 29 00 62 0C 00 10 00 0B 0C 00 28 00 0C 0C 00 2B 00 0C 0C 00 44 00 0C 0C 00 2E 00 0D 0C 00 30 00 63 0C 00 2A 00 64 0C 00 31 00 65 0C 00 32 00 65 0C 00 33 00 65 0C 00 49 00 65 0C | success or wait | 681082102 |
File read | Path: C:\Program Files\Java\jre6\lib\deploy.jar Offset: unknown Length: 65536 Value: B6 01 50 3A 1E 19 1D 01 B6 01 50 3A 1F 19 1A 19 1E B6 01 4A 9A 00 10 19 1A 19 1F B6 01 4A 9A 00 06 A7 00 CE 04 BD 00 B6 59 03 19 0B 53 3A 20 2D 12 0F 19 20 B6 01 44 3A 21 04 BD 00 BB 59 03 19 09 15 0A 32 53 3A 22 19 21 2B 19 22 B6 01 51 C0 00 AA C0 00 AA 3A 23 BB 00 CA 59 B7 01 5A 3A 24 03 36 25 15 | success or wait | 681204368 |
File read | Path: C:\Program Files\Java\jre6\lib\deploy.jar Offset: unknown Length: 65536 Value: 6C 6F 79 2F 73 65 63 75 72 69 74 79 2F 41 75 74 68 49 6E 66 6F 49 74 65 6D 01 00 36 63 6F 6D 2F 73 75 6E 2F 64 65 70 6C 6F 79 2F 73 65 63 75 72 69 74 79 2F 57 49 45 78 70 6C 6F 72 65 72 42 72 6F 77 73 65 72 41 75 74 68 65 6E 74 69 63 61 74 6F 72 01 00 38 63 6F 6D 2F 73 75 6E 2F 64 65 70 6C 6F 79 2F | success or wait | 681308559 |
File read | Path: C:\Program Files\Java\jre6\lib\deploy.jar Offset: unknown Length: 65536 Value: 6C 6F 79 2F 75 74 69 6C 2F 54 72 61 63 65 4C 65 76 65 6C 01 00 06 65 71 75 61 6C 73 01 00 05 66 6C 75 73 68 01 00 0E 67 65 74 49 6E 70 75 74 53 74 72 65 61 6D 01 00 0F 67 65 74 4F 75 74 70 75 74 53 74 72 65 61 6D 01 00 11 67 6F 74 20 6D 61 67 69 63 20 77 6F 72 64 21 21 21 01 00 07 68 61 73 4E 65 78 | success or wait | 681445417 |
File read | Path: C:\Program Files\Java\jre6\lib\deploy.jar Offset: unknown Length: 65536 Value: 9A 00 0A 2A B4 03 71 B6 04 1A A7 00 0B 2A B4 03 7F 03 B6 04 40 B1 00 00 00 00 00 00 01 5B 02 18 00 01 04 55 00 00 00 1C 00 02 00 02 00 00 00 10 2A B4 03 56 C6 00 0B 2A B4 03 56 2B B6 03 CE B1 00 00 00 00 00 01 00 94 00 22 00 01 04 55 00 00 00 14 00 01 00 01 00 00 00 08 2A B4 03 71 B6 04 19 B1 00 00 | success or wait | 682466350 |
File read | Path: C:\Program Files\Java\jre6\lib\deploy.jar Offset: unknown Length: 65536 Value: 00 00 00 01 00 09 00 4B 00 01 00 94 00 00 00 16 00 02 00 02 00 00 00 0A 2A B7 00 75 2A 2B B6 00 80 B1 00 00 00 00 00 01 00 09 00 07 00 01 00 94 00 00 00 60 00 09 00 07 00 00 00 54 2A B7 00 75 2A 1C B5 00 70 BB 00 3B 59 B7 00 8D 3A 04 19 04 B6 00 8E 3A 05 1D 99 00 10 19 05 04 1B 86 B6 00 88 3A 06 A7 | success or wait | 682635435 |
File read | Path: C:\Program Files\Java\jre6\lib\deploy.jar Offset: unknown Length: 49152 Value: 65 72 76 65 72 2F 52 4D 49 43 6C 61 73 73 4C 6F 61 64 65 72 53 70 69 3B 0C 00 02 00 01 0C 00 04 00 0E 0A 00 0A 00 0F 0A 00 0B 00 10 01 00 04 43 6F 64 65 01 00 0C 49 6E 6E 65 72 43 6C 61 73 73 65 73 00 30 00 09 00 0A 00 01 00 0C 00 00 00 02 00 00 00 02 00 01 00 01 00 13 00 00 00 11 00 01 00 01 00 00 | success or wait | 682724197 |
File opened | Path: C:\Program Files\Java\jre6\lib\ext\dnsns.jar Access: read attributes and synchronize and generic read Options: sequential only and synchronous io non alert and non directory file Attributes: normal Content Overwritten: true | success or wait | 683000631 |
File other op | Path: C:\Program Files\Java\jre6\lib\ext\dnsns.jarNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@10eb2f0 | success or wait | 683071314 |
File read | Path: C:\Program Files\Java\jre6\lib\ext\dnsns.jar Offset: unknown Length: 4143 Value: 5D 56 3E 69 D8 7A B2 1B 19 D9 50 A7 8F DB 48 4F 97 35 84 DD C9 7F 9F 82 D5 B2 33 10 6F 8C C6 AC E5 61 AB CB 8A 24 E2 36 C0 08 58 67 C4 F6 45 1E A5 D5 D7 51 6A AA 11 CD DD 78 9E AA 67 FA 10 53 4D 61 22 3A 78 E4 E5 07 82 41 5B 73 6F 76 E3 B9 4C 21 2A 0D 0D 95 28 24 62 11 0B C5 97 77 75 27 76 08 E6 7C | success or wait | 683071564 |
File opened | Path: C:\Program Files\Java\jre6\lib\ext\localedata.jar Access: read attributes and synchronize and generic read Options: sequential only and synchronous io non alert and non directory file Attributes: normal Content Overwritten: true | success or wait | 683102396 |
File other op | Path: C:\Program Files\Java\jre6\lib\ext\localedata.jarNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@5e593 | success or wait | 683104196 |
File read | Path: C:\Program Files\Java\jre6\lib\ext\localedata.jar Offset: unknown Length: 14061 Value: 34 53 53 59 11 01 78 05 BD 08 DE 59 03 13 06 FB 53 59 04 19 39 53 53 59 11 01 79 05 BD 08 DE 59 03 13 06 FD 53 59 04 19 39 53 53 59 11 01 7A 05 BD 08 DE 59 03 13 06 FC 53 59 04 19 13 53 53 59 11 01 7B 05 BD 08 DE 59 03 12 15 53 59 04 19 0E 53 53 59 11 01 7C 05 BD 08 DE 59 03 12 18 53 59 04 19 0F 53 | success or wait | 683104447 |
File opened | Path: C:\Program Files\Java\jre6\lib\fontconfig.bfc Access: read attributes and synchronize and generic read Options: sequential only and synchronous io non alert and non directory file Attributes: normal Content Overwritten: true | success or wait | 683334446 |
File other op | Path: C:\Program Files\Java\jre6\lib\fontconfig.bfcNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1233bdc | success or wait | 683339702 |
File read | Path: C:\Program Files\Java\jre6\lib\fontconfig.bfc Offset: unknown Length: 3478 Value: 00 14 00 24 00 AC 00 B7 00 EE 01 0A 01 2C 01 4E 01 5E 01 6E 01 76 01 76 01 7C 02 03 06 CB 00 84 00 00 00 85 00 00 00 00 00 30 00 37 00 34 00 28 00 33 00 35 00 36 00 2C 00 29 00 2A 00 2E 00 2D 00 32 00 2B 00 2F 00 31 00 01 00 02 00 03 00 02 00 04 FF F0 00 06 00 07 00 08 00 09 00 08 FF DC FF C8 FF B4 | success or wait | 683647623 |
File opened | Path: C:\Program Files\Java\jre6\lib\fonts\lucidabrightdemibold.ttf Access: read attributes and synchronize and generic read Options: sequential only and synchronous io non alert and non directory file Attributes: normal Content Overwritten: true | success or wait | 683684103 |
File other op | Path: C:\Program Files\Java\jre6\lib\fonts\LucidaBrightDemiBold.ttfNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@2f0e07 | success or wait | 683687312 |
File read | Path: C:\Program Files\Java\jre6\lib\fonts\LucidaBrightDemiBold.ttf Offset: unknown Length: 4096 Value: 00 01 00 00 00 0F 00 80 00 03 00 70 4C 54 53 48 24 EC BE C1 00 01 23 FC 00 00 01 8C 4F 53 2F 32 70 C4 7B 91 00 00 00 FC 00 00 00 56 63 6D 61 70 12 55 EC 7A 00 00 01 54 00 00 04 6A 63 76 74 20 38 1E 45 AE 00 00 05 C0 00 00 01 EE 66 70 67 6D 07 DB 31 8A 00 00 07 B0 00 00 07 BA 67 6C 79 66 40 3E D1 37 | success or wait | 683687429 |
File other op | Path: C:\Program Files\Java\jre6\lib\fonts\LucidaBrightDemiBold.ttfNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@142022d | success or wait | 683694265 |
File read | Path: C:\Program Files\Java\jre6\lib\fonts\LucidaBrightDemiBold.ttf Offset: unknown Length: 4096 Value: FF FF 00 00 00 00 02 D8 07 CF 02 32 00 4F 00 00 01 17 00 E0 FE F4 01 8B 00 13 40 0B 01 19 19 16 15 07 25 01 18 02 26 00 2B 35 01 2B 35 00 FF FF 00 2C FE 50 06 02 05 C8 02 32 00 31 00 00 01 17 00 DD FE C5 00 00 00 0E B9 00 01 FE 26 B4 29 34 16 21 25 01 2B 35 FF FF 00 1F FE 50 05 3B 04 63 02 32 00 51 | success or wait | 683694378 |
File opened | Path: C:\Program Files\Java\jre6\lib\fonts\lucidabrightdemiitalic.ttf Access: read attributes and synchronize and generic read Options: sequential only and synchronous io non alert and non directory file Attributes: normal Content Overwritten: true | success or wait | 683705851 |
File other op | Path: C:\Program Files\Java\jre6\lib\fonts\LucidaBrightDemiItalic.ttfNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@9ced84 | success or wait | 683709234 |
File read | Path: C:\Program Files\Java\jre6\lib\fonts\LucidaBrightDemiItalic.ttf Offset: unknown Length: 4096 Value: 00 01 00 00 00 0F 00 80 00 03 00 70 4C 54 53 48 9E C2 B3 9F 00 01 23 E8 00 00 01 8C 4F 53 2F 32 6B 9A 7B 91 00 00 00 FC 00 00 00 56 63 6D 61 70 12 55 EC 7A 00 00 01 54 00 00 04 6A 63 76 74 20 3D 6A 43 95 00 00 05 C0 00 00 01 EA 66 70 67 6D 07 DB 31 8A 00 00 07 AC 00 00 07 BA 67 6C 79 66 A1 95 9A E8 | success or wait | 683709354 |
File other op | Path: C:\Program Files\Java\jre6\lib\fonts\LucidaBrightDemiItalic.ttfNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@ad8bfd | success or wait | 683719247 |
File read | Path: C:\Program Files\Java\jre6\lib\fonts\LucidaBrightDemiItalic.ttf Offset: unknown Length: 8192 Value: 00 16 00 19 00 00 01 37 33 32 36 3F 01 21 37 01 33 03 33 07 23 07 06 15 14 1F 01 33 07 01 21 13 02 20 0E 0B 31 21 10 0B FE 5A 17 02 1F B2 66 6E 1D 6D 0B 0B 2D 11 0A 0D FD FD 01 3A 4D 02 50 46 28 4E 38 77 02 18 FD FF 8E 38 37 1F 1C 03 01 46 01 82 01 83 00 01 00 7B FF DB 05 E9 05 EE 00 2A 00 00 25 07 | success or wait | 683730636 |
File opened | Path: C:\Program Files\Java\jre6\lib\fonts\lucidabrightitalic.ttf Access: read attributes and synchronize and generic read Options: sequential only and synchronous io non alert and non directory file Attributes: normal Content Overwritten: true | success or wait | 683754381 |
File other op | Path: C:\Program Files\Java\jre6\lib\fonts\LucidaBrightItalic.ttfNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1c1c9dc | success or wait | 683758793 |
File read | Path: C:\Program Files\Java\jre6\lib\fonts\LucidaBrightItalic.ttf Offset: unknown Length: 4096 Value: 00 01 00 00 00 0F 00 80 00 03 00 70 4C 54 53 48 8C 91 FB 32 00 01 3A 4C 00 00 01 8C 4F 53 2F 32 70 9A 7C 79 00 00 00 FC 00 00 00 56 63 6D 61 70 12 55 EC 7A 00 00 01 54 00 00 04 6A 63 76 74 20 46 A1 3B C7 00 00 05 C0 00 00 01 C2 66 70 67 6D 07 DB 31 8A 00 00 07 84 00 00 07 BA 67 6C 79 66 D2 7D 13 B9 | success or wait | 683759340 |
File other op | Path: C:\Program Files\Java\jre6\lib\fonts\LucidaBrightItalic.ttfNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1abbba1 | success or wait | 683768341 |
File read | Path: C:\Program Files\Java\jre6\lib\fonts\LucidaBrightItalic.ttf Offset: unknown Length: 4096 Value: 1C 03 1C A3 1D 39 1E 18 1E B7 1F 95 20 8C 21 5C 21 D4 22 26 22 4F 22 94 22 DD 22 F3 23 14 23 AF 24 63 24 D8 25 79 25 EF 26 69 27 28 27 EC 28 55 28 D8 29 82 29 CF 2A C6 2B 88 2B D7 2C 78 2D 02 2D 77 2E 25 2E BB 2F 9C 30 1F 30 D6 31 96 32 3E 32 D2 33 45 33 71 33 F6 34 4E 34 6E 34 99 34 AF 34 C7 34 DE | success or wait | 683768795 |
File opened | Path: C:\Program Files\Java\jre6\lib\fonts\lucidabrightregular.ttf Access: read attributes and synchronize and generic read Options: sequential only and synchronous io non alert and non directory file Attributes: normal Content Overwritten: true | success or wait | 683800864 |
File other op | Path: C:\Program Files\Java\jre6\lib\fonts\LucidaBrightRegular.ttfNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1ab5d6d | success or wait | 683862450 |
File read | Path: C:\Program Files\Java\jre6\lib\fonts\LucidaBrightRegular.ttf Offset: unknown Length: 4096 Value: 00 01 00 00 00 0F 00 80 00 03 00 70 4C 54 53 48 4E A6 83 55 00 05 3D CC 00 00 05 7E 4F 53 2F 32 94 83 82 53 00 00 00 FC 00 00 00 56 63 6D 61 70 1E D6 74 4F 00 00 01 54 00 00 07 96 63 76 74 20 3D 7C 74 3E 00 00 08 EC 00 00 03 74 66 70 67 6D 07 DB 31 8A 00 00 0C 60 00 00 07 BA 67 6C 79 66 15 4A EB E0 | success or wait | 683862962 |
File other op | Path: C:\Program Files\Java\jre6\lib\fonts\LucidaBrightRegular.ttfNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@182ab3e | success or wait | 683876658 |
File read | Path: C:\Program Files\Java\jre6\lib\fonts\LucidaBrightRegular.ttf Offset: unknown Length: 4096 Value: 00 02 F9 28 00 02 FA 08 00 02 FA 1E 00 02 FB D8 00 02 FC AE 00 02 FD 84 00 02 FD E6 00 02 FD FC 00 02 FE 60 00 02 FE 76 00 02 FE DA 00 02 FF 42 00 03 00 46 00 03 00 5C 00 03 01 24 00 03 01 FE 00 03 03 BA 00 03 03 D0 00 03 04 22 00 03 04 74 00 03 04 8A 00 03 04 D8 00 03 04 EE 00 03 05 04 00 03 05 1A | success or wait | 683876757 |
File opened | Path: C:\Program Files\Java\jre6\lib\fonts\lucidasansdemibold.ttf Access: read attributes and synchronize and generic read Options: sequential only and synchronous io non alert and non directory file Attributes: normal Content Overwritten: true | success or wait | 683901676 |
File other op | Path: C:\Program Files\Java\jre6\lib\fonts\LucidaSansDemiBold.ttfNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1b8aeb1 | success or wait | 683904906 |
File read | Path: C:\Program Files\Java\jre6\lib\fonts\LucidaSansDemiBold.ttf Offset: unknown Length: 4096 Value: 00 01 00 00 00 0F 00 80 00 03 00 70 4C 54 53 48 5F 52 D6 61 00 00 00 FC 00 00 06 86 4F 53 2F 32 0F B9 EA 15 00 00 07 84 00 00 00 56 63 6D 61 70 7A EB 24 4C 00 00 07 DC 00 00 05 5A 63 76 74 20 A9 04 DC 79 00 00 0D 38 00 00 05 68 66 70 67 6D 07 DB 31 8A 00 00 12 A0 00 00 07 BA 67 6C 79 66 F2 88 07 A2 | success or wait | 683905465 |
File other op | Path: C:\Program Files\Java\jre6\lib\fonts\LucidaSansDemiBold.ttfNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1d4ea6c | success or wait | 683935329 |
File read | Path: C:\Program Files\Java\jre6\lib\fonts\LucidaSansDemiBold.ttf Offset: unknown Length: 8192 Value: 00 01 8F 82 00 01 8F B4 00 01 8F E6 00 01 90 18 00 01 90 48 00 01 91 34 00 01 92 24 00 01 92 56 00 01 92 86 00 01 92 B4 00 01 92 E0 00 01 93 12 00 01 93 42 00 01 93 74 00 01 93 A4 00 01 93 D6 00 01 94 06 00 01 94 38 00 01 94 6A 00 01 94 E6 00 01 95 4C 00 01 96 6A 00 01 96 B4 00 01 97 1C 00 01 97 64 | success or wait | 683936025 |
File opened | Path: C:\Program Files\Java\jre6\lib\fonts\lucidasansregular.ttf Access: read attributes and synchronize and generic read Options: sequential only and synchronous io non alert and non directory file Attributes: normal Content Overwritten: true | success or wait | 684557783 |
File read | Path: C:\Program Files\Java\jre6\lib\fonts\LucidaSansRegular.ttf Offset: unknown Length: 4096 Value: 00 01 00 00 00 12 01 00 00 04 00 20 47 44 45 46 BC DF BD 7C 00 09 E8 84 00 00 07 C6 47 50 4F 53 16 94 B8 CB 00 09 F0 4C 00 00 0E 48 47 53 55 42 CE AB 66 F2 00 09 FE 94 00 00 9B 0C 4C 54 53 48 89 88 92 E1 00 08 BE B0 00 00 0B 75 4F 53 2F 32 98 23 47 51 00 00 01 2C 00 00 00 56 63 6D 61 70 84 AF 34 D2 | success or wait | 686620690 |
File read | Path: C:\Program Files\Java\jre6\lib\fonts\LucidaSansRegular.ttf Offset: unknown Length: 4096 Value: 00 05 ED EA 00 05 EF 84 00 05 EF AA 00 05 EF D0 00 05 EF F8 00 05 F0 20 00 05 F1 22 00 05 F2 04 00 05 F3 8E 00 05 F5 14 00 05 F6 E4 00 05 F7 B6 00 05 F8 8E 00 05 F9 E8 00 05 FB 64 00 05 FC 9E 00 05 FD 86 00 05 FE BC 00 05 FE E4 00 06 00 54 00 06 00 7E 00 06 01 B4 00 06 03 24 00 06 04 18 00 06 05 76 | success or wait | 688581376 |
File opened | Path: C:\Program Files\Java\jre6\lib\fonts\lucidatypewriterbold.ttf Access: read attributes and synchronize and generic read Options: sequential only and synchronous io non alert and non directory file Attributes: normal Content Overwritten: true | success or wait | 689992079 |
File read | Path: C:\Program Files\Java\jre6\lib\fonts\LucidaTypewriterBold.ttf Offset: unknown Length: 4096 Value: 00 01 00 00 00 0D 00 80 00 03 00 50 4F 53 2F 32 11 F4 E9 A6 00 00 00 DC 00 00 00 56 63 6D 61 70 57 1B 08 89 00 00 01 34 00 00 05 92 63 76 74 20 C1 4D 2F A7 00 00 06 C8 00 00 06 BC 66 70 67 6D 07 DB 31 8A 00 00 0D 84 00 00 07 BA 67 6C 79 66 7C 1E 9A 11 00 00 15 40 00 02 F7 0C 68 65 61 64 CC 9B 63 95 | success or wait | 689994053 |
File read | Path: C:\Program Files\Java\jre6\lib\fonts\LucidaTypewriterBold.ttf Offset: unknown Length: 4096 Value: 00 01 DC AE 00 01 DC C6 00 01 DD FE 00 01 DE 16 00 01 DF 7E 00 01 DF A2 00 01 E0 78 00 01 E0 9C 00 01 E0 C2 00 01 E1 FC 00 01 E3 1A 00 01 E3 32 00 01 E3 58 00 01 E3 7C 00 01 E4 A0 00 01 E4 C8 00 01 E4 F4 00 01 E5 04 00 01 E6 2A 00 01 E6 42 00 01 E6 80 00 01 E6 C0 00 01 E7 72 00 01 E7 96 00 01 E7 C8 | success or wait | 691251221 |
File opened | Path: C:\Program Files\Java\jre6\lib\fonts\lucidatypewriterregular.ttf Access: read attributes and synchronize and generic read Options: sequential only and synchronous io non alert and non directory file Attributes: normal Content Overwritten: true | success or wait | 691347078 |
File read | Path: C:\Program Files\Java\jre6\lib\fonts\LucidaTypewriterRegular.ttf Offset: unknown Length: 4096 Value: 00 01 00 00 00 0D 00 80 00 03 00 50 4F 53 2F 32 EF 01 8B 73 00 00 00 DC 00 00 00 60 63 6D 61 70 EB 15 52 68 00 00 01 3C 00 00 08 04 63 76 74 20 6D AA A1 09 00 00 09 40 00 00 04 3C 66 70 67 6D 07 DB 31 8A 00 00 0D 7C 00 00 07 BA 67 6C 79 66 A1 BD 3B 7D 00 00 15 38 00 03 1D 12 68 65 61 64 CC 98 2C 6A | success or wait | 692097709 |
File read | Path: C:\Program Files\Java\jre6\lib\fonts\LucidaTypewriterRegular.ttf Offset: unknown Length: 8192 Value: 00 01 04 0E 00 01 04 72 00 01 06 82 00 01 07 9A 00 01 08 34 00 01 08 62 00 01 09 B4 00 01 0A 38 00 01 0A 48 00 01 0A 58 00 01 0A 68 00 01 0A 78 00 01 0A 88 00 01 0A 98 00 01 0A A8 00 01 0B A0 00 01 0C 9E 00 01 0C AE 00 01 0D 14 00 01 0D AC 00 01 0E 4C 00 01 0F 0A 00 01 0F D6 00 01 10 78 00 01 11 52 | success or wait | 696100867 |
File opened | Path: C:\Program Files\Java\jre6\lib\javaws.jar Access: read attributes and synchronize and generic read Options: sequential only and synchronous io non alert and non directory file Attributes: normal Content Overwritten: true | success or wait | 698394821 |
File read | Path: C:\Program Files\Java\jre6\lib\javaws.jar Offset: unknown Length: 16384 Value: 50 4B 03 04 0A 00 00 00 00 00 D3 98 42 3E 00 00 00 00 00 00 00 00 00 00 00 00 09 00 00 00 4D 45 54 41 2D 49 4E 46 2F 50 4B 03 04 0A 00 00 00 00 00 D3 98 42 3E 6F 39 92 05 47 00 00 00 47 00 00 00 14 00 00 00 4D 45 54 41 2D 49 4E 46 2F 4D 41 4E 49 46 45 53 54 2E 4D 46 4D 61 6E 69 66 65 73 74 2D 56 65 | success or wait | 698982011 |
File read | Path: C:\Program Files\Java\jre6\lib\javaws.jar Offset: unknown Length: 65536 Value: 72 69 6E 67 3B 0C 00 0F 00 0D 0C 00 0B 00 09 0C 00 15 00 21 0C 00 16 00 21 0C 00 1B 00 21 0C 00 0B 00 22 0C 00 17 00 24 0C 00 10 00 25 0C 00 17 00 26 09 00 1E 00 27 0A 00 1D 00 2D 0A 00 1D 00 2F 0A 00 1E 00 29 0A 00 1E 00 2A 0A 00 1F 00 2C 0A 00 20 00 28 0A 00 20 00 2B 0A 00 20 00 2C 0A 00 20 00 2E | success or wait | 700882414 |
File read | Path: C:\Program Files\Java\jre6\lib\javaws.jar Offset: unknown Length: 65536 Value: 61 72 61 6D 65 74 65 72 73 01 00 19 63 6F 6D 2F 73 75 6E 2F 64 65 70 6C 6F 79 2F 75 74 69 6C 2F 54 72 61 63 65 01 00 1E 63 6F 6D 2F 73 75 6E 2F 64 65 70 6C 6F 79 2F 75 74 69 6C 2F 54 72 61 63 65 4C 65 76 65 6C 01 00 26 63 6F 6D 2F 73 75 6E 2F 64 65 70 6C 6F 79 2F 78 6D 6C 2F 58 4D 4C 41 74 74 72 69 | success or wait | 701359346 |
File read | Path: C:\Program Files\Java\jre6\lib\javaws.jar Offset: unknown Length: 65536 Value: 53 79 6E 74 68 65 74 69 63 01 00 01 5A 01 00 0A 61 63 63 65 73 73 24 31 30 30 01 00 03 61 64 64 01 00 20 63 6F 6D 2F 73 75 6E 2F 6A 61 76 61 77 73 2F 6A 6E 6C 2F 45 78 74 65 6E 73 69 6F 6E 44 65 73 63 01 00 1A 63 6F 6D 2F 73 75 6E 2F 6A 61 76 61 77 73 2F 6A 6E 6C 2F 4A 41 52 44 65 73 63 01 00 1A 63 | success or wait | 701996838 |
File read | Path: C:\Program Files\Java\jre6\lib\javaws.jar Offset: unknown Length: 65536 Value: 01 00 04 65 78 65 63 01 00 0B 65 78 65 63 50 72 6F 67 72 61 6D 01 00 11 65 78 65 63 75 74 65 49 6E 73 74 61 6C 6C 65 72 73 01 00 13 65 78 65 63 75 74 65 55 6E 69 6E 73 74 61 6C 6C 65 72 73 01 00 05 66 61 6C 73 65 01 00 04 66 69 6C 65 01 00 11 66 69 6C 65 52 65 61 64 57 72 69 74 65 4C 69 73 74 01 00 | success or wait | 702078397 |
File read | Path: C:\Program Files\Java\jre6\lib\javaws.jar Offset: unknown Length: 65536 Value: 49 6E 66 6F 3B 01 00 22 28 29 4C 63 6F 6D 2F 73 75 6E 2F 64 65 70 6C 6F 79 2F 75 69 2F 43 6F 6D 70 6F 6E 65 6E 74 52 65 66 3B 01 00 25 28 29 4C 63 6F 6D 2F 73 75 6E 2F 64 65 70 6C 6F 79 2F 75 74 69 6C 2F 4A 56 4D 50 61 72 61 6D 65 74 65 72 73 3B 01 00 23 28 4C 63 6F 6D 2F 73 75 6E 2F 64 65 70 6C 6F | success or wait | 703589979 |
File read | Path: C:\Program Files\Java\jre6\lib\javaws.jar Offset: unknown Length: 32768 Value: 00 00 01 00 9C 00 00 00 1A 00 03 00 34 00 33 00 9F 00 02 00 35 00 34 00 9D 00 02 00 36 00 34 00 9E 00 02 50 4B 03 04 0A 00 00 00 00 00 CA 98 42 3E 74 B5 16 21 46 0F 00 00 46 0F 00 00 25 00 00 00 63 6F 6D 2F 73 75 6E 2F 6A 61 76 61 77 73 2F 4F 70 65 72 61 50 72 65 66 65 72 65 6E 63 65 73 2E 63 6C 61 | success or wait | 705498199 |
File read | Path: C:\Program Files\Java\jre6\lib\javaws.jar Offset: unknown Length: 28672 Value: 75 6D 6E 01 00 16 72 65 73 2E 76 69 65 77 65 72 2E 73 69 7A 65 2E 63 6F 6C 75 6D 6E 01 00 15 72 65 73 2E 76 69 65 77 65 72 2E 75 72 6C 2E 63 6F 6C 75 6D 6E 01 00 19 72 65 73 2E 76 69 65 77 65 72 2E 76 65 72 73 69 6F 6E 2E 63 6F 6C 75 6D 6E 01 00 07 73 65 74 49 63 6F 6E 01 00 07 73 65 74 54 65 78 74 | success or wait | 706210360 |
File read | Path: C:\Program Files\Java\jre6\lib\javaws.jar Offset: unknown Length: 65536 Value: 63 6F 6D 2F 73 75 6E 2F 6A 61 76 61 77 73 2F 75 69 2F 44 6F 77 6E 6C 6F 61 64 57 69 6E 64 6F 77 24 36 01 00 09 67 65 74 53 74 72 69 6E 67 01 00 10 6A 61 76 61 2F 6C 61 6E 67 2F 4F 62 6A 65 63 74 01 00 12 6A 61 76 61 2F 6C 61 6E 67 2F 52 75 6E 6E 61 62 6C 65 01 00 12 70 72 6F 67 72 65 73 73 2E 6C 61 | success or wait | 706249183 |
File read | Path: C:\Program Files\Java\jre6\lib\javaws.jar Offset: unknown Length: 65536 Value: 01 EE 0A 01 36 01 E2 0A 01 36 01 F3 0A 01 37 01 8B 0A 01 38 01 8B 0A 01 38 01 EB 0A 01 39 01 8D 0A 01 39 01 8E 0A 01 39 01 A4 0A 01 39 01 A5 0A 01 39 01 A8 0A 01 39 01 A9 0A 01 39 01 AA 0A 01 39 01 B0 0A 01 39 01 B2 0A 01 39 01 B4 0A 01 39 01 B8 0A 01 39 01 C6 0A 01 39 01 C8 0A 01 39 01 D5 0A 01 39 | success or wait | 706333631 |
File read | Path: C:\Program Files\Java\jre6\lib\javaws.jar Offset: unknown Length: 8192 Value: 69 6C 65 3B 0C 00 0F 00 16 0C 00 04 00 01 0C 00 07 00 02 0C 00 04 00 03 0C 00 06 00 19 09 00 11 00 1A 0A 00 10 00 1E 0A 00 12 00 1C 0A 00 13 00 1D 0A 00 14 00 1B 01 00 04 43 6F 64 65 01 00 0C 49 6E 6E 65 72 43 6C 61 73 73 65 73 00 20 00 11 00 14 00 01 00 15 00 01 00 12 00 0F 00 16 00 01 00 05 00 00 | success or wait | 706421718 |
File read | Path: C:\Program Files\Java\jre6\lib\javaws.jar Offset: unknown Length: 45056 Value: 65 74 41 73 73 6F 63 69 61 74 69 6F 6E 01 00 0B 73 65 74 4D 69 6D 65 54 79 70 65 01 00 07 73 65 74 4E 61 6D 65 01 00 0B 73 65 74 53 68 6F 72 74 63 75 74 01 00 09 73 75 62 73 74 72 69 6E 67 01 00 0B 74 6F 4C 6F 77 65 72 43 61 73 65 01 00 08 74 6F 53 74 72 69 6E 67 01 00 04 74 72 69 6D 01 00 1C 76 61 | success or wait | 706433501 |
File read | Path: C:\Program Files\Java\jre6\lib\javaws.jar Offset: unknown Length: 57344 Value: 65 74 2F 55 52 4C 3B 29 56 0C 00 0C 00 14 0C 00 0D 00 15 0C 00 02 00 01 0C 00 06 00 17 09 00 0F 00 19 09 00 0F 00 1A 0A 00 0E 00 1C 0A 00 11 00 1B 01 00 04 43 6F 64 65 01 00 0A 45 78 63 65 70 74 69 6F 6E 73 01 00 0C 49 6E 6E 65 72 43 6C 61 73 73 65 73 00 20 00 0F 00 11 00 01 00 13 00 02 00 12 00 0D | success or wait | 706493516 |
File opened | Path: C:\Program Files\Java\jre6\lib\jsse.jar Access: read attributes and synchronize and generic read Options: sequential only and synchronous io non alert and non directory file Attributes: normal Content Overwritten: true | success or wait | 706582098 |
File read | Path: C:\Program Files\Java\jre6\lib\jsse.jar Offset: unknown Length: 24576 Value: 67 3B 29 4C 6A 61 76 61 2F 73 65 63 75 72 69 74 79 2F 50 72 69 76 61 74 65 4B 65 79 3B 01 00 39 28 4C 6A 61 76 61 2F 6C 61 6E 67 2F 53 74 72 69 6E 67 3B 29 5B 4C 6A 61 76 61 2F 73 65 63 75 72 69 74 79 2F 63 65 72 74 2F 58 35 30 39 43 65 72 74 69 66 69 63 61 74 65 3B 01 00 40 28 4C 6A 61 76 61 2F 6C | success or wait | 706585405 |
File opened | Path: C:\Program Files\Java\jre6\lib\logging.properties Access: read attributes and synchronize and generic read Options: sequential only and synchronous io non alert and non directory file Attributes: normal Content Overwritten: true | success or wait | 706623316 |
File read | Path: C:\Program Files\Java\jre6\lib\logging.properties Offset: unknown Length: 2245 Value: 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 0A 23 20 20 09 44 65 66 61 75 6C 74 20 4C 6F 67 67 69 6E 67 20 43 6F 6E 66 69 67 75 72 61 74 69 6F 6E 20 46 69 6C 65 0A | success or wait | 706625583 |
File opened | Path: C:\Program Files\Java\jre6\lib\meta-index Access: read attributes and synchronize and generic read Options: sequential only and synchronous io non alert and non directory file Attributes: normal Content Overwritten: true | success or wait | 706632915 |
File read | Path: C:\Program Files\Java\jre6\lib\meta-index Offset: unknown Length: 2338 Value: 25 20 56 45 52 53 49 4F 4E 20 32 0D 0A 25 20 57 41 52 4E 49 4E 47 3A 20 74 68 69 73 20 66 69 6C 65 20 69 73 20 61 75 74 6F 2D 67 65 6E 65 72 61 74 65 64 3B 20 64 6F 20 6E 6F 74 20 65 64 69 74 0D 0A 25 20 55 4E 53 55 50 50 4F 52 54 45 44 3A 20 74 68 69 73 20 66 69 6C 65 20 61 6E 64 20 69 74 73 20 66 | success or wait | 706634851 |
File opened | Path: C:\Program Files\Java\jre6\lib\net.properties Access: read attributes and synchronize and generic read Options: sequential only and synchronous io non alert and non directory file Attributes: normal Content Overwritten: true | success or wait | 706641788 |
File read | Path: C:\Program Files\Java\jre6\lib\net.properties Offset: unknown Length: 3070 Value: 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 0A 23 20 20 09 44 65 66 61 75 6C 74 20 4E 65 74 77 6F 72 6B 69 6E 67 20 43 6F 6E 66 69 67 75 72 61 74 69 6F 6E 20 46 69 | success or wait | 706643725 |
File opened | Path: C:\Program Files\Java\jre6\lib\plugin.jar Access: read attributes and synchronize and generic read Options: sequential only and synchronous io non alert and non directory file Attributes: normal Content Overwritten: true | success or wait | 706651773 |
File read | Path: C:\Program Files\Java\jre6\lib\plugin.jar Offset: unknown Length: 8192 Value: 50 4B 03 04 0A 00 00 00 00 00 41 99 42 3E 00 00 00 00 00 00 00 00 00 00 00 00 09 00 00 00 4D 45 54 41 2D 49 4E 46 2F 50 4B 03 04 0A 00 00 00 00 00 41 99 42 3E 6F 39 92 05 47 00 00 00 47 00 00 00 14 00 00 00 4D 45 54 41 2D 49 4E 46 2F 4D 41 4E 49 46 45 53 54 2E 4D 46 4D 61 6E 69 66 65 73 74 2D 56 65 | success or wait | 706653935 |
File read | Path: C:\Program Files\Java\jre6\lib\plugin.jar Offset: unknown Length: 8192 Value: 13 2B BB 00 6A 59 B7 00 B8 B6 00 A8 2B 04 B6 00 A7 2B B0 00 00 00 00 00 00 50 4B 03 04 0A 00 00 00 00 00 3A 99 42 3E 00 00 00 00 00 00 00 00 00 00 00 00 11 00 00 00 73 75 6E 2F 70 6C 75 67 69 6E 2F 63 61 63 68 65 2F 50 4B 03 04 0A 00 00 00 00 00 3A 99 42 3E E0 10 85 D4 13 08 00 00 13 08 00 00 28 00 | success or wait | 706670476 |
File read | Path: C:\Program Files\Java\jre6\lib\plugin.jar Offset: unknown Length: 36864 Value: 67 2F 53 74 72 69 6E 67 42 75 66 66 65 72 3B 01 00 57 28 4C 73 75 6E 2F 70 6C 75 67 69 6E 2F 65 78 74 65 6E 73 69 6F 6E 2F 45 78 74 65 6E 73 69 6F 6E 49 6E 73 74 61 6C 6C 61 74 69 6F 6E 49 6D 70 6C 3B 4C 6A 61 76 61 2F 6C 61 6E 67 2F 53 74 72 69 6E 67 3B 4C 6A 61 76 61 2F 6C 61 6E 67 2F 53 74 72 69 | success or wait | 706685565 |
File read | Path: C:\Program Files\Java\jre6\lib\plugin.jar Offset: unknown Length: 40960 Value: 6E 2F 6E 65 74 2F 63 6F 6F 6B 69 65 2F 4E 65 74 73 63 61 70 65 34 43 6F 6F 6B 69 65 48 61 6E 64 6C 65 72 2E 63 6C 61 73 73 CA FE BA BE 00 00 00 30 00 71 08 00 0B 08 00 0D 08 00 0E 08 00 12 08 00 13 01 00 03 28 29 56 01 00 03 28 29 5A 01 00 04 28 49 29 49 01 00 06 3C 69 6E 69 74 3E 01 00 04 43 6F 64 | success or wait | 706757660 |
File read | Path: C:\Program Files\Java\jre6\lib\plugin.jar Offset: unknown Length: 8192 Value: 6F 6B 69 65 48 61 6E 64 6C 65 72 3B 01 00 2D 28 29 4C 63 6F 6D 2F 73 75 6E 2F 64 65 70 6C 6F 79 2F 6E 65 74 2F 6F 66 66 6C 69 6E 65 2F 4F 66 66 6C 69 6E 65 48 61 6E 64 6C 65 72 3B 01 00 2F 28 29 4C 63 6F 6D 2F 73 75 6E 2F 64 65 70 6C 6F 79 2F 6E 65 74 2F 70 72 6F 78 79 2F 42 72 6F 77 73 65 72 50 72 | success or wait | 706832618 |
File read | Path: C:\Program Files\Java\jre6\lib\plugin.jar Offset: unknown Length: 28672 Value: C7 1F BE FE 9D EF 77 2D 0D 36 0D 55 8D 9C C6 E2 23 70 44 79 E4 E9 F7 09 DF F7 1E 0D 3A DA 76 8C 7B AC E1 07 D3 1F 76 1D 67 1D 2F 6A 42 9A F2 9A 46 9B 53 9A FB 5B 62 5B BA 4F CC 3E D1 D6 EA DE 7A FC 47 DB 1F 0F 9C 34 3C 59 79 4A F3 54 C9 69 DA E9 82 D3 93 67 F2 CF 8C 9D 95 9D 7D 7E 2E F9 DC 60 DB A2 | success or wait | 706847030 |
File read | Path: C:\Program Files\Java\jre6\lib\plugin.jar Offset: unknown Length: 36864 Value: 63 48 52 4D 00 00 7A 25 00 00 80 83 00 00 F9 FF 00 00 80 E9 00 00 75 30 00 00 EA 60 00 00 3A 98 00 00 17 6F 92 5F C5 46 00 00 14 25 49 44 41 54 78 DA EC 9D 79 94 1D 55 9D C7 3F BD 27 DD 9D 85 34 D9 20 84 6C 64 21 89 89 C0 30 48 06 07 64 58 0C 51 06 C2 22 8A 3A 84 45 E1 88 A3 38 10 D4 D1 91 19 07 38 | success or wait | 706890044 |
File read | Path: C:\Program Files\Java\jre6\lib\plugin.jar Offset: unknown Length: 65536 Value: 00 C2 01 07 09 00 C2 01 08 09 00 C2 01 09 09 00 C2 01 0A 09 00 C2 01 0B 09 00 C2 01 0C 0A 00 A7 01 2F 0A 00 A8 01 26 0A 00 A9 01 43 0A 00 A9 01 44 0A 00 AA 01 32 0A 00 AB 01 10 0A 00 AC 01 1A 0A 00 AC 01 41 0A 00 AE 01 1D 0A 00 AE 01 2D 0A 00 B0 01 10 0A 00 B0 01 46 0A 00 B2 01 10 0A 00 B2 01 15 0A | success or wait | 706954137 |
File read | Path: C:\Program Files\Java\jre6\lib\plugin.jar Offset: unknown Length: 16384 Value: 0C 00 D8 01 75 0C 00 7A 01 76 0C 00 38 01 77 0C 00 D3 01 78 0C 00 DD 01 79 0C 00 96 01 7A 0C 00 9C 01 7A 0C 00 9D 01 7A 0C 00 EF 01 7B 0C 00 EE 01 7C 0C 00 5B 01 7D 0C 00 38 01 7E 0C 00 D5 01 7F 0C 00 53 01 80 0C 00 53 01 81 0C 00 A5 01 82 0C 00 63 01 83 0C 00 DF 01 84 0C 00 DA 01 85 0C 00 ED 01 87 | success or wait | 707743692 |
File read | Path: C:\Program Files\Java\jre6\lib\plugin.jar Offset: unknown Length: 65536 Value: 54 69 74 6C 65 01 00 0E 73 65 74 55 6E 64 65 63 6F 72 61 74 65 64 01 00 0A 73 65 74 56 69 73 69 62 6C 65 01 00 12 73 65 74 75 70 43 6C 6F 73 65 4C 69 73 74 65 6E 65 72 01 00 0B 73 65 74 75 70 57 69 6E 64 6F 77 01 00 09 73 75 62 73 74 72 69 6E 67 01 00 1D 73 75 6E 2F 70 6C 75 67 69 6E 32 2F 61 70 70 | success or wait | 707766017 |
File read | Path: C:\Program Files\Java\jre6\lib\plugin.jar Offset: unknown Length: 65536 Value: 04 BA B6 04 B9 B2 04 07 B8 04 4E 19 0C 15 18 B9 05 06 02 00 36 0D 15 06 9A 00 0E 15 0D 99 00 09 B2 04 0E 99 01 03 1C 99 00 0E 2A 13 02 31 04 B8 04 B7 B6 04 EB 15 15 9A 00 20 2A 13 02 30 19 16 B6 04 EB BB 02 5E 59 19 16 09 09 19 10 B6 04 76 01 01 B7 04 78 3A 17 B2 04 0C 99 00 70 BB 02 78 59 B7 04 B8 | success or wait | 707846825 |
File read | Path: C:\Program Files\Java\jre6\lib\plugin.jar Offset: unknown Length: 49152 Value: 50 6C 75 67 69 6E 32 4D 61 6E 61 67 65 72 24 41 70 70 6C 65 74 45 78 65 63 75 74 69 6F 6E 52 75 6E 6E 61 62 6C 65 24 31 2E 63 6C 61 73 73 CA FE BA BE 00 00 00 30 00 61 08 00 09 08 00 0B 01 00 03 28 29 49 01 00 03 28 29 56 01 00 03 28 29 5A 01 00 05 28 49 49 29 56 01 00 04 28 5A 29 56 01 00 06 3C 69 | success or wait | 707958527 |
File read | Path: C:\Program Files\Java\jre6\lib\plugin.jar Offset: unknown Length: 65536 Value: 72 3B 01 00 64 28 4C 73 75 6E 2F 70 6C 75 67 69 6E 32 2F 61 70 70 6C 65 74 2F 76 69 65 77 65 72 2F 4A 4E 4C 50 32 56 69 65 77 65 72 3B 4C 6A 61 76 61 2F 6C 61 6E 67 2F 54 68 72 65 61 64 47 72 6F 75 70 3B 4C 73 75 6E 2F 70 6C 75 67 69 6E 32 2F 61 70 70 6C 65 74 2F 50 6C 75 67 69 6E 32 4D 61 6E 61 67 | success or wait | 708016430 |
File read | Path: C:\Program Files\Java\jre6\lib\plugin.jar Offset: unknown Length: 65536 Value: 6C 61 6E 67 2F 4F 62 6A 65 63 74 3B 5A 29 56 01 00 14 28 29 4C 6A 61 76 61 2F 6C 61 6E 67 2F 53 74 72 69 6E 67 3B 01 00 15 28 4C 6A 61 76 61 2F 6C 61 6E 67 2F 53 74 72 69 6E 67 3B 29 56 01 00 22 28 4C 6A 61 76 61 2F 6C 61 6E 67 2F 72 65 66 6C 65 63 74 2F 43 6F 6E 73 74 72 75 63 74 6F 72 3B 29 56 01 | success or wait | 708122794 |
File read | Path: C:\Program Files\Java\jre6\lib\plugin.jar Offset: unknown Length: 65536 Value: 69 6F 6E 44 65 6C 65 67 61 74 65 01 00 15 4A 61 76 61 4E 61 6D 65 53 70 61 63 65 44 65 6C 65 67 61 74 65 01 00 11 4C 69 76 65 43 6F 6E 6E 65 63 74 57 6F 72 6B 65 72 01 00 0D 50 65 72 41 70 70 6C 65 74 49 6E 66 6F 00 20 00 E1 00 CC 00 00 00 0F 00 02 00 43 00 29 00 00 00 02 00 93 00 F8 00 00 00 02 00 | success or wait | 708213257 |
File read | Path: C:\Program Files\Java\jre6\lib\plugin.jar Offset: unknown Length: 28672 Value: 69 6E 32 2F 6D 61 69 6E 2F 63 6C 69 65 6E 74 2F 50 6C 75 67 69 6E 4D 61 69 6E 3B 01 00 7A 28 4C 73 75 6E 2F 70 6C 75 67 69 6E 32 2F 6D 61 69 6E 2F 63 6C 69 65 6E 74 2F 50 6C 75 67 69 6E 4D 61 69 6E 24 50 6C 75 67 69 6E 4D 61 69 6E 44 72 61 67 4C 69 73 74 65 6E 65 72 24 31 3B 29 4C 73 75 6E 2F 70 6C | success or wait | 708288653 |
File read | Path: C:\Program Files\Java\jre6\lib\plugin.jar Offset: unknown Length: 65536 Value: 6E 74 72 6F 6C 57 69 6E 64 6F 77 01 00 07 68 61 6E 64 6C 65 72 01 00 06 68 65 69 67 68 74 01 00 17 69 43 72 65 61 74 65 64 4D 61 69 6E 54 68 72 65 61 64 45 76 65 6E 74 01 00 12 69 64 65 6E 74 69 66 69 65 72 54 6F 53 74 72 69 6E 67 01 00 07 69 6E 64 65 78 4F 66 01 00 09 69 6E 69 74 43 61 75 73 65 01 | success or wait | 708333687 |
File read | Path: C:\Program Files\Java\jre6\lib\plugin.jar Offset: unknown Length: 65536 Value: 01 00 05 73 74 61 72 74 01 00 20 73 75 6E 2F 70 6C 75 67 69 6E 32 2F 6D 65 73 73 61 67 65 2F 43 6F 6E 76 65 72 73 61 74 69 6F 6E 01 00 18 73 75 6E 2F 70 6C 75 67 69 6E 32 2F 6D 65 73 73 61 67 65 2F 50 69 70 65 01 00 25 73 75 6E 2F 70 6C 75 67 69 6E 32 2F 6D 65 73 73 61 67 65 2F 50 69 70 65 24 57 6F | success or wait | 708753937 |
File read | Path: C:\Program Files\Java\jre6\lib\plugin.jar Offset: unknown Length: 57344 Value: 0C 00 30 00 5D 0C 00 2E 00 5E 0C 00 2F 00 5E 0C 00 4E 00 5E 0C 00 4F 00 5E 0C 00 31 00 5F 0C 00 48 00 60 0C 00 1E 00 61 0C 00 3E 00 61 0C 00 44 00 61 0C 00 29 00 62 0C 00 47 00 62 0C 00 1E 00 64 0C 00 2D 00 65 0C 00 32 00 65 0C 00 33 00 65 0C 00 46 00 66 0C 00 27 00 67 0C 00 50 00 68 0C 00 2C 00 69 | success or wait | 708787579 |
File opened | Path: C:\Program Files\Java\jre6\lib\resources.jar Access: read attributes and synchronize and generic read Options: sequential only and synchronous io non alert and non directory file Attributes: normal Content Overwritten: true | success or wait | 708814065 |
File read | Path: C:\Program Files\Java\jre6\lib\resources.jar Offset: unknown Length: 16384 Value: 6D 65 64 20 6F 67 69 6C 74 69 67 20 73 74 61 74 75 73 20 28 6D E5 73 74 65 20 76 61 72 61 20 77 61 69 74 29 0A 72 6D 69 64 2E 65 78 65 63 2E 70 6F 6C 69 63 79 2E 65 78 63 65 70 74 69 6F 6E 3D 72 6D 69 64 5C 3A 20 66 F6 72 73 F6 6B 20 61 74 74 20 68 E4 6D 74 61 20 74 68 72 6F 77 73 20 66 F6 72 20 65 | success or wait | 708815536 |
File read | Path: C:\Program Files\Java\jre6\lib\resources.jar Offset: unknown Length: 65536 Value: 08 08 08 08 08 08 FF FF FF 0C 08 09 09 09 09 09 09 09 09 09 09 08 08 08 08 08 08 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 | success or wait | 708825982 |
Mutant created | Name: \BaseNamedObjects\ofjwkwufhdjfgki | object name exists | 708860193 |
File read | Path: C:\Program Files\Java\jre6\lib\resources.jar Offset: unknown Length: 36864 Value: 61 DD ED 00 01 90 94 00 01 90 F1 00 01 91 11 00 02 D8 61 DF 2E 00 01 91 1B 00 01 92 38 00 01 92 D7 00 01 92 D8 00 01 92 7C 00 01 93 F9 00 01 94 15 00 02 D8 62 DF FA 00 01 95 8B 00 01 49 95 00 01 95 B7 00 02 D8 63 DD 77 00 01 49 E6 00 01 96 C3 00 01 5D B2 00 01 97 23 00 02 D8 64 DD 45 00 02 D8 64 DE | success or wait | 708861344 |
File read | Path: C:\Program Files\Java\jre6\lib\resources.jar Offset: unknown Length: 28672 Value: 03 CC 03 CF 03 D5 03 D2 03 CC 03 CF 03 D5 03 D2 03 CC 03 CF 03 D5 03 D2 03 CC 03 CF 03 D5 03 D2 03 CC 03 CF 03 D5 03 D2 03 CC 03 CF 03 D5 03 D2 03 CC 03 CF 03 D5 03 D2 03 CC 03 CF 03 D5 03 D2 03 CC 03 D2 03 CC 03 D2 03 CC 03 D2 03 CC 03 D2 03 CC 03 D2 03 CC 03 D2 03 CC 03 CF 03 D5 03 D2 03 CC 03 CF | success or wait | 708879430 |
File opened | Path: \pipe\globpluginspipe Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: none Content Overwritten: true | success or wait | 708879757 |
File read | Path: \globpluginspipe Offset: unknown Length: 4 Value: 41 0C 02 00 | success or wait | 708879951 |
File read | Path: \globpluginspipe Offset: unknown Length: 134209 Value: 67 6C 6F 62 70 6C 75 67 69 6E 73 00 04 00 00 00 72 73 74 5F 31 5F 31 00 00 0C 02 00 4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF 00 00 B8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 E8 00 00 00 0E 1F BA 0E 00 B4 09 CD | success or wait | 708882667 |
File opened | Path: C:\Program Files\Java\jre6\lib\rt.jar Access: read attributes and synchronize and generic read Options: sequential only and synchronous io non alert and non directory file Attributes: normal Content Overwritten: true | success or wait | 709234073 |
File read | Path: C:\Program Files\Java\jre6\lib\rt.jar Offset: unknown Length: 20480 Value: 69 2F 74 72 61 6E 73 70 6F 72 74 2F 54 72 61 6E 73 70 6F 72 74 44 65 66 61 75 6C 74 24 32 01 00 31 63 6F 6D 2F 73 75 6E 2F 63 6F 72 62 61 2F 73 65 2F 73 70 69 2F 74 72 61 6E 73 70 6F 72 74 2F 54 72 61 6E 73 70 6F 72 74 44 65 66 61 75 6C 74 24 33 01 00 10 6A 61 76 61 2F 6C 61 6E 67 2F 4F 62 6A 65 63 | success or wait | 709234711 |
File read | Path: C:\Program Files\Java\jre6\lib\rt.jar Offset: unknown Length: 32768 Value: 69 6F 6E 20 6D 65 74 68 6F 64 20 28 6E 6F 74 20 30 29 21 01 00 1E 55 6E 6B 6E 6F 77 6E 20 66 69 6C 74 65 72 20 6D 65 74 68 6F 64 20 28 6E 6F 74 20 30 29 21 01 00 26 55 6E 6B 6E 6F 77 6E 20 69 6E 74 65 72 6C 61 63 65 20 6D 65 74 68 6F 64 20 28 6E 6F 74 20 30 20 6F 72 20 31 29 21 01 00 1B 55 6E 6B 6E | success or wait | 709246534 |
File read | Path: C:\Program Files\Java\jre6\lib\rt.jar Offset: unknown Length: 24576 Value: 00 18 00 26 0A 00 18 00 2B 0A 00 19 00 25 0A 00 1A 00 27 0A 00 1A 00 29 0A 00 1B 00 25 0A 00 1B 00 28 0A 00 1B 00 2A 01 00 04 49 6D 70 6C 04 21 00 18 00 19 00 01 00 17 00 01 00 42 00 14 00 1D 00 01 00 09 00 00 00 02 00 1E 00 05 00 01 00 05 00 02 00 01 00 06 00 00 00 11 00 01 00 01 00 00 00 05 2A B7 | success or wait | 709263937 |
File read | Path: C:\Program Files\Java\jre6\lib\rt.jar Offset: unknown Length: 12288 Value: 3E 9D 27 58 76 3A 1A 00 00 3A 1A 00 00 36 00 00 00 63 6F 6D 2F 73 75 6E 2F 6A 61 76 61 2F 73 77 69 6E 67 2F 70 6C 61 66 2F 6D 6F 74 69 66 2F 4D 6F 74 69 66 47 72 61 70 68 69 63 73 55 74 69 6C 73 2E 63 6C 61 73 73 CA FE BA BE 00 00 00 31 01 44 08 00 06 08 00 0F 08 00 16 08 00 45 08 00 68 01 00 00 01 | success or wait | 709276685 |
File read | Path: C:\Program Files\Java\jre6\lib\rt.jar Offset: unknown Length: 8192 Value: 79 42 69 6E 64 69 6E 67 52 65 67 69 73 74 65 72 65 64 01 00 0A 69 73 53 65 6C 65 63 74 65 64 01 00 0E 6A 61 76 61 2F 61 77 74 2F 43 6F 6C 6F 72 01 00 10 6A 61 76 61 2F 61 77 74 2F 54 6F 6F 6C 6B 69 74 01 00 15 6A 61 76 61 78 2F 73 77 69 6E 67 2F 41 63 74 69 6F 6E 4D 61 70 01 00 1A 6A 61 76 61 78 2F | success or wait | 709282828 |
File read | Path: C:\Program Files\Java\jre6\lib\rt.jar Offset: unknown Length: 4096 Value: 02 08 02 03 08 02 04 08 02 05 08 02 07 08 02 08 08 02 09 08 02 0A 08 02 0B 08 02 0C 08 02 0D 08 02 0E 08 02 0F 08 02 10 08 02 11 08 02 12 08 02 13 08 02 14 08 02 16 08 02 17 08 02 18 08 02 19 08 02 1A 08 02 1B 08 02 1C 08 02 1D 08 02 1E 08 02 1F 08 02 21 08 02 22 08 02 23 08 02 24 08 02 25 08 02 26 | success or wait | 709287170 |
File read | Path: C:\Program Files\Java\jre6\lib\rt.jar Offset: unknown Length: 28672 Value: 04 12 21 53 53 59 10 07 05 BD 00 51 59 03 12 0A 53 59 04 12 16 53 53 59 10 08 05 BD 00 51 59 03 12 0B 53 59 04 12 02 53 53 59 10 09 05 BD 00 51 59 03 12 0C 53 59 04 12 23 53 53 59 10 0A 05 BD 00 51 59 03 12 0D 53 59 04 12 18 53 53 59 10 0B 05 BD 00 51 59 03 12 0E 53 59 04 12 1B 53 53 59 10 0C 05 BD | success or wait | 709289232 |
File read | Path: C:\Program Files\Java\jre6\lib\rt.jar Offset: unknown Length: 28672 Value: 64 45 64 69 74 61 62 6C 65 01 00 22 70 61 69 6E 74 42 61 63 6B 67 72 6F 75 6E 64 4D 6F 75 73 65 4F 76 65 72 41 6E 64 46 6F 63 75 73 65 64 01 00 16 70 61 69 6E 74 42 61 63 6B 67 72 6F 75 6E 64 50 72 65 73 73 65 64 01 00 21 70 61 69 6E 74 42 61 63 6B 67 72 6F 75 6E 64 50 72 65 73 73 65 64 41 6E 64 45 | success or wait | 709303801 |
File read | Path: C:\Program Files\Java\jre6\lib\rt.jar Offset: unknown Length: 65536 Value: 65 72 2F 49 6E 61 63 63 65 73 73 69 62 6C 65 57 53 44 4C 45 78 63 65 70 74 69 6F 6E 01 00 45 63 6F 6D 2F 73 75 6E 2F 78 6D 6C 2F 69 6E 74 65 72 6E 61 6C 2F 77 73 2F 77 73 64 6C 2F 70 61 72 73 65 72 2F 49 6E 61 63 63 65 73 73 69 62 6C 65 57 53 44 4C 45 78 63 65 70 74 69 6F 6E 24 42 75 69 6C 64 65 72 | success or wait | 709319097 |
File read | Path: C:\Program Files\Java\jre6\lib\rt.jar Offset: unknown Length: 65536 Value: 06 BE 36 07 03 36 08 15 08 15 07 A2 00 46 19 06 15 08 32 3A 09 19 09 B9 00 F8 01 00 B6 00 D6 2D B9 00 ED 01 00 B6 00 D6 B6 00 D8 99 00 20 19 09 B9 00 F9 01 00 12 01 B6 00 D8 99 00 04 B1 2A 2B 19 09 B9 00 F9 01 00 B7 00 D4 B1 84 08 01 A7 FF B9 B1 00 00 00 00 00 02 00 1F 00 8E 00 01 00 15 00 00 00 1A | success or wait | 709352119 |
File read | Path: C:\Program Files\Java\jre6\lib\rt.jar Offset: unknown Length: 65536 Value: 11 4C 6A 61 76 61 2F 61 77 74 2F 42 75 74 74 6F 6E 3B 01 00 24 4C 6A 61 76 61 78 2F 61 63 63 65 73 73 69 62 69 6C 69 74 79 2F 41 63 63 65 73 73 69 62 6C 65 52 6F 6C 65 3B 01 00 16 28 4C 6A 61 76 61 2F 61 77 74 2F 41 57 54 45 76 65 6E 74 3B 29 56 01 00 14 28 4C 6A 61 76 61 2F 61 77 74 2F 42 75 74 74 | success or wait | 709384135 |
File read | Path: C:\Program Files\Java\jre6\lib\rt.jar Offset: unknown Length: 65536 Value: 2A 2B 2C 2D 19 04 B7 00 55 2A 15 05 B5 00 4C B1 00 00 00 00 00 01 00 18 00 35 00 01 00 0A 00 00 00 22 00 04 00 01 00 00 00 16 BB 00 2F 59 2A B4 00 4F B4 00 51 2A B4 00 4F B4 00 52 B7 00 59 B0 00 00 00 00 00 01 00 16 00 34 00 01 00 0A 00 00 00 11 00 01 00 01 00 00 00 05 2A B4 00 4D B0 00 00 00 00 00 | success or wait | 709411648 |
File read | Path: C:\Program Files\Java\jre6\lib\rt.jar Offset: unknown Length: 28672 Value: 00 11 00 01 00 00 00 00 00 05 03 B3 01 3E B1 00 00 00 00 00 01 00 1F 00 00 00 0A 00 01 00 AF 00 AE 01 9A 00 04 50 4B 03 04 0A 00 00 00 00 00 81 90 42 3E DE 7E C5 C8 7C 02 00 00 7C 02 00 00 25 00 00 00 6A 61 76 61 2F 61 77 74 2F 4D 65 6E 75 24 41 63 63 65 73 73 69 62 6C 65 41 57 54 4D 65 6E 75 2E 63 | success or wait | 709688715 |
File read | Path: C:\Program Files\Java\jre6\lib\rt.jar Offset: unknown Length: 65536 Value: 61 76 61 2F 61 77 74 2F 50 6F 6C 79 67 6F 6E 24 50 6F 6C 79 67 6F 6E 50 61 74 68 49 74 65 72 61 74 6F 72 01 00 1D 6A 61 76 61 2F 61 77 74 2F 67 65 6F 6D 2F 41 66 66 69 6E 65 54 72 61 6E 73 66 6F 72 6D 01 00 1A 6A 61 76 61 2F 61 77 74 2F 67 65 6F 6D 2F 50 61 74 68 49 74 65 72 61 74 6F 72 01 00 10 6A | success or wait | 709706285 |
File read | Path: C:\Program Files\Java\jre6\lib\rt.jar Offset: unknown Length: 65536 Value: 0C 00 22 00 C0 0C 00 6A 00 C0 0C 00 3D 00 C1 0C 00 6D 00 C2 09 00 8A 00 C3 09 00 90 00 CD 09 00 91 00 C4 09 00 91 00 C5 09 00 91 00 C6 09 00 91 00 C7 09 00 91 00 C8 09 00 91 00 C9 09 00 91 00 CA 09 00 91 00 CB 09 00 91 00 CC 09 00 91 00 CE 09 00 91 00 CF 09 00 91 00 D0 09 00 91 00 D1 0A 00 8B 00 FE | success or wait | 709736240 |
File read | Path: C:\Program Files\Java\jre6\lib\rt.jar Offset: unknown Length: 65536 Value: 2F 61 77 74 2F 64 6E 64 2F 44 72 61 67 47 65 73 74 75 72 65 45 76 65 6E 74 2E 63 6C 61 73 73 CA FE BA BE 00 00 00 31 00 A8 03 40 00 00 00 08 00 1A 08 00 1B 08 00 1C 08 00 1E 08 00 1F 08 00 3A 08 00 3B 08 00 3C 08 00 3D 08 00 3E 01 00 03 28 29 49 01 00 03 28 29 56 01 00 03 28 29 5A 01 00 15 28 4C 6A | success or wait | 709767977 |
File read | Path: C:\Program Files\Java\jre6\lib\rt.jar Offset: unknown Length: 65536 Value: B4 00 60 B6 00 6B B8 00 6F 90 AE 00 00 00 00 00 01 00 19 00 02 00 01 00 0A 00 00 00 19 00 04 00 01 00 00 00 0D 0E 2A B4 00 60 B6 00 6A B8 00 6F 90 AE 00 00 00 00 00 01 00 13 00 41 00 01 00 0A 00 00 00 5C 00 03 00 05 00 00 00 40 2B 24 8B 25 8B B6 00 63 2A B4 00 5E 04 A0 00 0E 2B 2A B4 00 5F B6 00 64 | success or wait | 709792851 |
File read | Path: C:\Program Files\Java\jre6\lib\rt.jar Offset: unknown Length: 65536 Value: 00 01 00 33 00 08 00 01 00 0E 00 00 00 3B 00 03 00 0E 00 00 00 2F 2A 15 0D B6 00 68 2A 27 90 B5 00 64 2A 29 90 B5 00 65 2A 18 05 90 B5 00 63 2A 18 07 90 B5 00 61 2A 18 09 90 B5 00 62 2A 18 0B 90 B5 00 60 B1 00 00 00 00 00 01 00 32 00 07 00 01 00 0E 00 00 00 13 00 03 00 03 00 00 00 07 2A 27 90 B5 00 | success or wait | 709828015 |
File read | Path: C:\Program Files\Java\jre6\lib\rt.jar Offset: unknown Length: 20480 Value: 6F 72 20 6F 75 74 20 6F 66 20 62 6F 75 6E 64 73 01 00 09 74 72 61 6E 73 66 6F 72 6D 01 00 01 77 01 00 01 78 01 00 01 79 07 00 19 07 00 1A 07 00 1B 07 00 1C 07 00 1D 07 00 1E 01 00 1F 4C 6A 61 76 61 2F 61 77 74 2F 67 65 6F 6D 2F 41 66 66 69 6E 65 54 72 61 6E 73 66 6F 72 6D 3B 01 00 3D 28 4C 6A 61 76 | success or wait | 709859383 |
File read | Path: C:\Program Files\Java\jre6\lib\rt.jar Offset: unknown Length: 8192 Value: 2F 6C 61 6E 67 2F 4F 62 6A 65 63 74 3B 29 56 01 00 31 28 4C 6A 61 76 61 2F 69 6F 2F 49 6E 70 75 74 53 74 72 65 61 6D 3B 4C 6F 72 67 2F 78 6D 6C 2F 73 61 78 2F 48 61 6E 64 6C 65 72 42 61 73 65 3B 29 56 01 00 48 28 4C 6A 61 76 61 2F 69 6F 2F 49 6E 70 75 74 53 74 72 65 61 6D 3B 4C 6A 61 76 61 2F 6C 61 | success or wait | 709870127 |
File read | Path: C:\Program Files\Java\jre6\lib\rt.jar Offset: unknown Length: 8192 Value: 62 65 61 6E 73 2F 62 65 61 6E 63 6F 6E 74 65 78 74 2F 42 65 61 6E 43 6F 6E 74 65 78 74 53 65 72 76 69 63 65 73 01 00 31 6A 61 76 61 2F 62 65 61 6E 73 2F 62 65 61 6E 63 6F 6E 74 65 78 74 2F 42 65 61 6E 43 6F 6E 74 65 78 74 53 65 72 76 69 63 65 73 53 75 70 70 6F 72 74 01 00 3B 6A 61 76 61 2F 62 65 61 | success or wait | 709876521 |
File read | Path: C:\Program Files\Java\jre6\lib\rt.jar Offset: unknown Length: 8192 Value: 04 73 69 7A 65 01 00 0F 77 72 69 74 65 45 78 70 72 65 73 73 69 6F 6E 07 00 14 07 00 15 07 00 16 07 00 17 07 00 18 07 00 19 07 00 1A 07 00 1B 07 00 1C 07 00 1D 01 00 20 28 29 4C 6A 61 76 61 2F 62 65 61 6E 73 2F 45 78 63 65 70 74 69 6F 6E 4C 69 73 74 65 6E 65 72 3B 01 00 1A 28 4C 6A 61 76 61 2F 62 65 | success or wait | 709883050 |
File read | Path: C:\Program Files\Java\jre6\lib\rt.jar Offset: unknown Length: 32768 Value: 01 00 1B 6A 61 76 61 2F 69 6F 2F 53 79 6E 63 46 61 69 6C 65 64 45 78 63 65 70 74 69 6F 6E 07 00 04 07 00 05 0C 00 02 00 01 0A 00 06 00 08 00 21 00 07 00 06 00 00 00 00 00 01 00 01 00 02 00 01 00 01 00 03 00 00 00 12 00 02 00 02 00 00 00 06 2A 2B B7 00 09 B1 00 00 00 00 00 00 50 4B 03 04 0A 00 00 00 | success or wait | 709886972 |
File read | Path: C:\Program Files\Java\jre6\lib\rt.jar Offset: unknown Length: 16384 Value: 4E 49 4E 47 5F 43 4C 41 53 53 5F 41 42 4F 56 45 01 00 04 43 6F 64 65 01 00 0D 43 6F 6E 73 74 61 6E 74 56 61 6C 75 65 01 00 05 45 6E 74 72 79 01 00 0B 46 49 4E 41 4C 5F 43 41 53 45 44 01 00 01 49 01 00 0C 49 6E 6E 65 72 43 6C 61 73 73 65 73 01 00 0A 4D 4F 52 45 5F 41 42 4F 56 45 01 00 0E 4E 4F 54 5F | success or wait | 709904038 |
File read | Path: C:\Program Files\Java\jre6\lib\rt.jar Offset: unknown Length: 32768 Value: 0C 00 1B 00 01 0C 00 1D 00 01 0C 00 07 00 02 0C 00 07 00 04 0C 00 07 00 05 0C 00 07 00 06 0C 00 18 00 23 0C 00 0F 00 24 09 00 21 00 29 09 00 21 00 2A 09 00 21 00 2B 0A 00 1F 00 35 0A 00 20 00 32 0A 00 20 00 33 0A 00 20 00 34 0A 00 21 00 2C 0A 00 21 00 2D 0A 00 21 00 2E 0A 00 21 00 2F 0A 00 21 00 30 | success or wait | 709912148 |
File read | Path: C:\Program Files\Java\jre6\lib\rt.jar Offset: unknown Length: 65536 Value: BD 00 2A B5 00 3F 2C 03 2A B4 00 3F 03 2C BE B8 00 45 B1 00 00 00 00 00 01 00 13 00 02 00 01 00 06 00 00 00 11 00 01 00 01 00 00 00 05 2A B4 00 3E B0 00 00 00 00 00 01 00 12 00 31 00 01 00 06 00 00 00 1A 00 01 00 01 00 00 00 0E 2A B4 00 3F B6 00 40 C0 00 24 C0 00 24 B0 00 00 00 00 00 01 00 11 00 04 | success or wait | 710175022 |
File read | Path: C:\Program Files\Java\jre6\lib\rt.jar Offset: unknown Length: 12288 Value: 00 02 00 01 00 00 00 19 2A B4 00 2A C6 00 10 2A B4 00 2A 2A B4 00 29 B9 00 2D 02 00 2A B4 00 29 B0 00 00 00 00 00 05 00 00 00 04 00 01 00 1C 00 02 00 15 00 20 00 02 00 03 00 00 00 25 00 02 00 02 00 00 00 19 2A B4 00 2A C6 00 10 2A B4 00 2A 2A B4 00 29 B9 00 2D 02 00 2B B6 00 2B B1 00 00 00 00 00 05 | success or wait | 710205230 |
File read | Path: C:\Program Files\Java\jre6\lib\rt.jar Offset: unknown Length: 28672 Value: 75 72 69 74 79 2F 4B 65 79 53 74 6F 72 65 24 50 72 6F 74 65 63 74 69 6F 6E 50 61 72 61 6D 65 74 65 72 3B 01 00 2E 28 29 4C 6A 61 76 61 2F 73 65 63 75 72 69 74 79 2F 4B 65 79 53 74 6F 72 65 24 50 72 6F 74 65 63 74 69 6F 6E 50 61 72 61 6D 65 74 65 72 3B 01 00 2F 28 4C 6A 61 76 61 2F 73 65 63 75 72 69 | success or wait | 710211270 |
File read | Path: C:\Program Files\Java\jre6\lib\rt.jar Offset: unknown Length: 65536 Value: 01 00 00 00 05 2A B4 01 06 B0 00 00 00 00 00 01 00 8C 00 1F 00 01 00 2D 00 00 01 07 00 03 00 03 00 00 00 FB BB 00 98 59 B7 01 14 4C 2B 12 11 B6 01 16 57 2A B4 01 08 C6 00 40 2B 12 04 B6 01 16 57 2A B4 01 08 B6 01 2E 4D 2C B9 01 3D 01 00 99 00 28 2B BB 00 99 59 B7 01 17 12 02 B6 01 1A 2C B9 01 3E 01 | success or wait | 710226104 |
File read | Path: C:\Program Files\Java\jre6\lib\rt.jar Offset: unknown Length: 24576 Value: 40 00 01 00 44 00 05 00 19 00 0F 00 0D 00 01 00 0B 00 00 00 02 00 3B 00 19 00 11 00 0D 00 01 00 0B 00 00 00 02 00 3C 00 19 00 10 00 0D 00 01 00 0B 00 00 00 02 00 3D 00 19 00 12 00 0D 00 01 00 0B 00 00 00 02 00 3E 00 19 00 13 00 0D 00 01 00 0B 00 00 00 02 00 3F 00 2F 04 01 00 1C 00 4D 00 01 00 0C 00 | success or wait | 710261663 |
File read | Path: C:\Program Files\Java\jre6\lib\rt.jar Offset: unknown Length: 8192 Value: 2F 53 74 72 69 6E 67 01 00 25 6A 61 76 61 2F 74 65 78 74 2F 41 74 74 72 69 62 75 74 65 64 43 68 61 72 61 63 74 65 72 49 74 65 72 61 74 6F 72 01 00 2F 6A 61 76 61 2F 74 65 78 74 2F 41 74 74 72 69 62 75 74 65 64 43 68 61 72 61 63 74 65 72 49 74 65 72 61 74 6F 72 24 41 74 74 72 69 62 75 74 65 01 00 1A | success or wait | 710273461 |
File read | Path: C:\Program Files\Java\jre6\lib\rt.jar Offset: unknown Length: 40960 Value: 66 6F 72 6D 61 74 20 61 72 72 61 79 73 20 6F 66 20 64 69 66 66 65 72 65 6E 74 20 6C 65 6E 67 74 68 2E 01 00 10 6C 6F 6E 67 42 69 74 73 54 6F 44 6F 75 62 6C 65 01 00 0A 6E 65 78 74 44 6F 75 62 6C 65 01 00 05 70 61 72 73 65 01 00 0E 70 72 65 76 69 6F 75 73 44 6F 75 62 6C 65 01 00 0A 72 65 61 64 4F 62 | success or wait | 710279340 |
File read | Path: C:\Program Files\Java\jre6\lib\rt.jar Offset: unknown Length: 20480 Value: 54 79 70 65 01 00 07 68 61 73 4E 65 78 74 01 00 08 68 61 73 68 43 6F 64 65 01 00 07 69 73 45 6D 70 74 79 01 00 0A 69 73 49 6E 73 74 61 6E 63 65 01 00 08 69 74 65 72 61 74 6F 72 01 00 0F 6A 61 76 61 2F 6C 61 6E 67 2F 43 6C 61 73 73 01 00 10 6A 61 76 61 2F 6C 61 6E 67 2F 4F 62 6A 65 63 74 01 00 10 6A | success or wait | 710298291 |
File read | Path: C:\Program Files\Java\jre6\lib\rt.jar Offset: unknown Length: 12288 Value: 7A 61 62 6C 65 3B 4C 6A 61 76 61 2F 6C 61 6E 67 2F 43 6C 6F 6E 65 61 62 6C 65 3B 01 00 1E 28 4C 6A 61 76 61 2F 69 6F 2F 4F 62 6A 65 63 74 49 6E 70 75 74 53 74 72 65 61 6D 3B 29 56 01 00 1F 28 4C 6A 61 76 61 2F 69 6F 2F 4F 62 6A 65 63 74 4F 75 74 70 75 74 53 74 72 65 61 6D 3B 29 56 01 00 13 28 29 4C | success or wait | 710308909 |
File read | Path: C:\Program Files\Java\jre6\lib\rt.jar Offset: unknown Length: 40960 Value: 0C 00 A3 01 50 0C 00 64 01 51 0C 00 65 01 51 0C 00 66 01 51 0C 00 E4 01 51 0C 00 E9 01 51 0C 00 EC 01 51 0C 00 E3 01 52 0C 00 80 01 53 0C 00 98 01 53 0C 00 AD 01 53 0C 00 82 01 54 0C 00 8C 01 54 0C 00 A5 01 54 0C 00 AE 01 54 0C 00 D9 01 55 0C 00 7D 01 56 0C 00 87 01 57 0C 00 89 01 58 0C 00 90 01 59 | success or wait | 710316203 |
File read | Path: C:\Program Files\Java\jre6\lib\rt.jar Offset: unknown Length: 65536 Value: 3B 01 00 1A 4C 6A 61 76 61 2F 75 74 69 6C 2F 54 72 65 65 4D 61 70 24 4B 65 79 53 65 74 3B 01 00 1F 4C 6A 61 76 61 2F 75 74 69 6C 2F 54 72 65 65 4D 61 70 24 4B 65 79 53 65 74 3C 54 4B 3B 3E 3B 01 00 38 4C 6A 61 76 61 2F 75 74 69 6C 2F 54 72 65 65 4D 61 70 24 4E 61 76 69 67 61 62 6C 65 53 75 62 4D 61 | success or wait | 710335106 |
File read | Path: C:\Program Files\Java\jre6\lib\rt.jar Offset: unknown Length: 12288 Value: 28 28 5B 4C 6A 61 76 61 2F 6C 61 6E 67 2F 4F 62 6A 65 63 74 3B 29 5B 4C 6A 61 76 61 2F 6C 61 6E 67 2F 4F 62 6A 65 63 74 3B 01 00 2C 28 4C 6A 61 76 61 2F 6C 61 6E 67 2F 54 68 72 6F 77 61 62 6C 65 3B 29 4C 6A 61 76 61 2F 6C 61 6E 67 2F 54 68 72 6F 77 61 62 6C 65 3B 01 00 2D 28 4C 6A 61 76 61 2F 6C 61 | success or wait | 710364239 |
File read | Path: C:\Program Files\Java\jre6\lib\rt.jar Offset: unknown Length: 65536 Value: 03 00 06 00 00 00 99 2A B4 01 27 99 00 16 1C 05 7E 9A 00 0A 1C 05 80 3D A7 00 09 1C 05 02 82 7E 3D 2A 2B B7 01 4D 99 00 1D 1C 05 7E 9A 00 15 2A B7 01 55 4E 2A 2D B7 01 56 99 00 08 2D B4 01 24 B0 01 B0 2A 2B B7 01 4C 99 00 26 1C 05 7E 99 00 1E 2A B7 01 54 4E 2D C6 00 15 2D B4 01 24 3A 04 2A 19 04 B7 | success or wait | 710370869 |
File read | Path: C:\Program Files\Java\jre6\lib\rt.jar Offset: unknown Length: 4096 Value: 00 9D 2A 10 20 BD 00 51 B5 00 96 2A BB 00 54 59 B7 00 B6 B5 00 97 B1 00 00 00 00 00 01 00 26 00 62 00 03 00 11 00 00 00 42 00 05 00 03 00 00 00 36 B8 00 A2 9A 00 2B 2A 2B C7 00 09 B2 00 95 A7 00 04 2B 03 09 B7 00 A7 4D 2C B2 00 95 A6 00 05 01 B0 2C B2 00 94 A5 00 05 2C B0 B8 00 A2 57 BB 00 48 59 B7 | success or wait | 710401607 |
File read | Path: C:\Program Files\Java\jre6\lib\rt.jar Offset: unknown Length: 40960 Value: 6C 2F 63 6F 6E 63 75 72 72 65 6E 74 2F 45 78 65 63 75 74 6F 72 73 24 52 75 6E 6E 61 62 6C 65 41 64 61 70 74 65 72 01 00 28 6A 61 76 61 2F 75 74 69 6C 2F 63 6F 6E 63 75 72 72 65 6E 74 2F 4C 69 6E 6B 65 64 42 6C 6F 63 6B 69 6E 67 51 75 65 75 65 01 00 30 6A 61 76 61 2F 75 74 69 6C 2F 63 6F 6E 63 75 72 | success or wait | 710404916 |
File read | Path: C:\Program Files\Java\jre6\lib\rt.jar Offset: unknown Length: 65536 Value: 01 00 06 28 54 54 3B 29 56 01 00 07 28 54 54 3B 49 29 56 01 00 08 28 54 54 3B 49 49 29 5A 01 00 08 3C 63 6C 69 6E 69 74 3E 01 00 06 3C 69 6E 69 74 3E 01 00 06 43 6C 61 73 73 20 01 00 04 43 6F 64 65 01 00 0C 49 6E 6E 65 72 43 6C 61 73 73 65 73 01 00 01 4A 01 00 11 4C 6A 61 76 61 2F 6C 61 6E 67 2F 43 | success or wait | 710679836 |
File read | Path: C:\Program Files\Java\jre6\lib\rt.jar Offset: unknown Length: 4096 Value: 66 6C 75 73 68 01 00 13 6A 61 76 61 2F 69 6F 2F 49 4F 45 78 63 65 70 74 69 6F 6E 01 00 14 6A 61 76 61 2F 69 6F 2F 4F 75 74 70 75 74 53 74 72 65 61 6D 01 00 1D 6A 61 76 61 2F 75 74 69 6C 2F 6C 6F 67 67 69 6E 67 2F 46 69 6C 65 48 61 6E 64 6C 65 72 01 00 2B 6A 61 76 61 2F 75 74 69 6C 2F 6C 6F 67 67 69 | success or wait | 710719879 |
File read | Path: C:\Program Files\Java\jre6\lib\rt.jar Offset: unknown Length: 4096 Value: 61 76 61 2F 75 74 69 6C 2F 44 61 74 65 01 00 18 6A 61 76 61 2F 75 74 69 6C 2F 52 65 73 6F 75 72 63 65 42 75 6E 64 6C 65 01 00 1B 6A 61 76 61 2F 75 74 69 6C 2F 6C 6F 67 67 69 6E 67 2F 46 6F 72 6D 61 74 74 65 72 01 00 19 6A 61 76 61 2F 75 74 69 6C 2F 6C 6F 67 67 69 6E 67 2F 48 61 6E 64 6C 65 72 01 00 | success or wait | 710722565 |
File read | Path: C:\Program Files\Java\jre6\lib\rt.jar Offset: unknown Length: 20480 Value: 00 D6 00 01 00 33 00 00 00 A4 00 03 00 05 00 00 00 98 BB 00 B3 59 B7 01 2D 4D 2B C6 00 0B 2B B2 01 11 B6 01 26 4C 03 3E 1D 2A B4 01 13 BE A2 00 2D 2A B4 01 13 1D 32 C7 00 06 A7 00 1B 2A B4 01 13 1D 32 2B B6 01 1E 3A 04 19 04 C6 00 0A 2A 19 04 2C B7 01 37 84 03 01 A7 FF D0 03 3E 1D 2A B4 01 13 BE A2 | success or wait | 710724647 |
File read | Path: C:\Program Files\Java\jre6\lib\rt.jar Offset: unknown Length: 4096 Value: 00 62 00 01 00 1A 00 00 00 20 00 01 00 01 00 00 00 14 2A B4 00 89 C7 00 05 01 B0 2A B4 00 89 B6 00 90 C0 00 56 B0 00 00 00 00 00 01 00 40 00 15 00 01 00 1A 00 00 00 8E 00 03 00 05 00 00 00 82 1B 9D 00 0D BB 00 57 59 12 0C B7 00 91 BF 1C 9D 00 0D BB 00 57 59 12 0D B7 00 91 BF 1D 9B 00 08 1D 1B A1 00 | success or wait | 710735486 |
File read | Path: C:\Program Files\Java\jre6\lib\rt.jar Offset: unknown Length: 65536 Value: 6E 67 2F 53 74 72 69 6E 67 3B 5B 4C 6A 61 76 61 2F 6C 61 6E 67 2F 53 74 72 69 6E 67 3B 4C 6A 61 76 61 2F 6C 61 6E 67 2F 53 74 72 69 6E 67 3B 5A 4C 6A 61 76 61 2F 6C 61 6E 67 2F 53 74 72 69 6E 67 3B 4C 6A 61 76 61 2F 6C 61 6E 67 2F 53 74 72 69 6E 67 3B 5B 4C 6A 61 76 61 2F 6C 61 6E 67 2F 53 74 72 69 | success or wait | 710737023 |
File read | Path: C:\Program Files\Java\jre6\lib\rt.jar Offset: unknown Length: 65536 Value: 07 69 73 43 6C 61 73 73 01 00 07 69 73 46 69 65 6C 64 01 00 0B 69 73 49 6E 74 65 72 66 61 63 65 01 00 0E 6A 61 76 61 2F 6C 61 6E 67 2F 45 6E 75 6D 01 00 24 6A 61 76 61 78 2F 6C 61 6E 67 2F 6D 6F 64 65 6C 2F 65 6C 65 6D 65 6E 74 2F 45 6C 65 6D 65 6E 74 4B 69 6E 64 01 00 07 76 61 6C 75 65 4F 66 01 00 | success or wait | 710770978 |
File read | Path: C:\Program Files\Java\jre6\lib\rt.jar Offset: unknown Length: 49152 Value: 08 18 0C 98 9D 00 07 04 A7 00 04 03 AC 2C C0 00 3A B6 00 5B 3A 05 2D C0 00 3A B6 00 5B 3A 06 19 04 C0 00 3A B6 00 5B 3A 07 19 06 19 05 B6 00 52 9D 00 11 19 05 19 07 B6 00 52 9D 00 07 04 A7 00 04 03 AC 00 00 00 00 00 12 00 00 00 0A 00 04 00 34 00 33 00 32 00 36 00 01 00 2D 00 08 00 01 00 10 00 00 00 | success or wait | 710796919 |
File read | Path: C:\Program Files\Java\jre6\lib\rt.jar Offset: unknown Length: 24576 Value: 78 2F 6D 61 6E 61 67 65 6D 65 6E 74 2F 4D 42 65 61 6E 53 65 72 76 65 72 3B 4C 6A 61 76 61 78 2F 6D 61 6E 61 67 65 6D 65 6E 74 2F 4D 42 65 61 6E 53 65 72 76 65 72 44 65 6C 65 67 61 74 65 3B 5A 29 4C 6A 61 76 61 78 2F 6D 61 6E 61 67 65 6D 65 6E 74 2F 4D 42 65 61 6E 53 65 72 76 65 72 3B 0C 00 02 00 01 | success or wait | 710824480 |
File read | Path: C:\Program Files\Java\jre6\lib\rt.jar Offset: unknown Length: 49152 Value: 72 69 62 75 74 65 4C 69 73 74 3B 01 00 3C 28 4C 6A 61 76 61 78 2F 6D 61 6E 61 67 65 6D 65 6E 74 2F 4D 42 65 61 6E 49 6E 66 6F 3B 5A 29 4C 6A 61 76 61 78 2F 6D 61 6E 61 67 65 6D 65 6E 74 2F 44 65 73 63 72 69 70 74 6F 72 3B 01 00 4E 28 4C 6A 61 76 61 78 2F 6D 61 6E 61 67 65 6D 65 6E 74 2F 49 6D 6D 75 | success or wait | 710837214 |
File opened | Path: C:\Program Files\Java\jre6\lib\security\blacklist Access: read attributes and synchronize and generic read Options: sequential only and synchronous io non alert and non directory file Attributes: normal Content Overwritten: true | success or wait | 715163519 |
File read | Path: C:\Program Files\Java\jre6\lib\security\blacklist Offset: unknown Length: 92 Value: 23 20 4A 4E 4C 50 41 70 70 6C 65 74 4C 61 75 6E 63 68 65 72 20 61 70 70 6C 65 74 2D 6C 61 75 6E 63 68 65 72 2E 6A 61 72 0A 53 48 41 31 2D 44 69 67 65 73 74 2D 4D 61 6E 69 66 65 73 74 3A 20 35 42 6F 35 2F 65 67 38 39 32 68 51 39 6D 67 62 55 57 35 36 69 44 6D 73 70 31 6B 3D 0A | success or wait | 715164417 |
File opened | Path: C:\Program Files\Java\jre6\lib\security\java.policy Access: read attributes and synchronize and generic read Options: sequential only and synchronous io non alert and non directory file Attributes: normal Content Overwritten: true | success or wait | 715165490 |
File read | Path: C:\Program Files\Java\jre6\lib\security\java.policy Offset: unknown Length: 2253 Value: 0A 2F 2F 20 53 74 61 6E 64 61 72 64 20 65 78 74 65 6E 73 69 6F 6E 73 20 67 65 74 20 61 6C 6C 20 70 65 72 6D 69 73 73 69 6F 6E 73 20 62 79 20 64 65 66 61 75 6C 74 0A 0A 67 72 61 6E 74 20 63 6F 64 65 42 61 73 65 20 22 66 69 6C 65 3A 24 7B 7B 6A 61 76 61 2E 65 78 74 2E 64 69 72 73 7D 7D 2F 2A 22 20 7B | success or wait | 715166211 |
File opened | Path: C:\Program Files\Java\jre6\lib\security\java.security Access: read attributes and synchronize and generic read Options: sequential only and synchronous io non alert and non directory file Attributes: normal Content Overwritten: true | success or wait | 715169137 |
File read | Path: C:\Program Files\Java\jre6\lib\security\java.security Offset: unknown Length: 9979 Value: 23 0A 23 20 54 68 69 73 20 69 73 20 74 68 65 20 22 6D 61 73 74 65 72 20 73 65 63 75 72 69 74 79 20 70 72 6F 70 65 72 74 69 65 73 20 66 69 6C 65 22 2E 0A 23 0A 23 20 49 6E 20 74 68 69 73 20 66 69 6C 65 2C 20 76 61 72 69 6F 75 73 20 73 65 63 75 72 69 74 79 20 70 72 6F 70 65 72 74 69 65 73 20 61 72 65 | success or wait | 715169855 |
File opened | Path: C:\Program Files\Java\jre6\lib\security\javaws.policy Access: read attributes and synchronize and generic read Options: sequential only and synchronous io non alert and non directory file Attributes: normal Content Overwritten: true | success or wait | 715428528 |
File read | Path: C:\Program Files\Java\jre6\lib\security\javaws.policy Offset: unknown Length: 109 Value: 2F 2F 20 25 57 25 20 25 45 25 0A 0A 67 72 61 6E 74 20 63 6F 64 65 42 61 73 65 20 22 66 69 6C 65 3A 24 7B 6A 6E 6C 70 78 2E 68 6F 6D 65 7D 2F 6A 61 76 61 77 73 2E 6A 61 72 22 20 7B 0A 20 20 20 20 70 65 72 6D 69 73 73 69 6F 6E 20 6A 61 76 61 2E 73 65 63 75 72 69 74 79 2E 41 6C 6C 50 65 72 6D 69 73 73 | success or wait | 715429270 |
File opened | Path: C:\Program Files\Java\jre6\lib\tzmappings Access: read attributes and synchronize and generic read Options: sequential only and synchronous io non alert and non directory file Attributes: normal Content Overwritten: true | success or wait | 715430382 |
File read | Path: C:\Program Files\Java\jre6\lib\tzmappings Offset: unknown Length: 7961 Value: 23 0A 23 20 25 57 25 20 25 45 25 0A 23 20 0A 23 20 54 68 69 73 20 66 69 6C 65 20 64 65 73 63 72 69 62 65 73 20 6D 61 70 70 69 6E 67 20 69 6E 66 6F 72 6D 61 74 69 6F 6E 20 62 65 74 77 65 65 6E 20 57 69 6E 64 6F 77 73 20 61 6E 64 20 4A 61 76 61 0A 23 20 74 69 6D 65 20 7A 6F 6E 65 73 2E 0A 23 20 46 6F | success or wait | 715431098 |
File opened | Path: C:\Program Files\Java\jre6\lib\zi\gmt Access: read attributes and synchronize and generic read Options: sequential only and synchronous io non alert and non directory file Attributes: normal Content Overwritten: true | success or wait | 715436245 |
File read | Path: C:\Program Files\Java\jre6\lib\zi\GMT Offset: unknown Length: 27 Value: 6A 61 76 61 7A 69 00 01 01 00 04 00 00 00 00 02 00 02 00 00 03 00 04 00 00 00 00 | success or wait | 715437160 |
File opened | Path: C:\Program Files\Java\jre6\bin\awt.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: normal Content Overwritten: true | success or wait | 715439070 |
Section loaded | Path: C:\Program Files\Java\jre6\bin\awt.dll Access: write and read and execute Type: commit Baseaddress: 1620000 Size: 1208320 Protection: execute Mapped to pid: own pid | success or wait | 715440762 |
Section loaded | Path: C:\Program Files\Java\jre6\bin\awt.dll Access: query and write and read and execute Type: image Baseaddress: 6D000000 Size: 1351680 Protection: read write Mapped to pid: own pid | success or wait | 715442654 |
Process information queried | PID: 400 Info Class: BasicInformation | success or wait | 715443328 |
Section loaded | Path: \KnownDlls\SETUPAPI.DLL Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 715448902 |
Section loaded | Path: C:\WINDOWS\system32\setupapi.dll Access: query and write and read and execute Type: image Baseaddress: 77920000 Size: 995328 Protection: read write Mapped to pid: own pid | success or wait | 715449538 |
Process information queried | PID: 400 Info Class: Wow64Information | success or wait | 715454074 |
Section loaded | Path: \KnownDlls\SETUPAPI.DLL Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 715515297 |
Section loaded | Path: C:\WINDOWS\system32\setupapi.dll Access: query and write and read and execute Type: image Baseaddress: 77920000 Size: 995328 Protection: read write Mapped to pid: own pid | success or wait | 715516009 |
Process information queried | PID: 400 Info Class: Wow64Information | success or wait | 715519059 |
File opened | Path: C:\Program Files\Java\jre6\bin\client\jvm.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: normal Content Overwritten: true | success or wait | 715551685 |
Section loaded | Path: C:\Program Files\Java\jre6\bin\client\jvm.dll Access: write and read and execute Type: commit Baseaddress: 1620000 Size: 2695168 Protection: execute Mapped to pid: own pid | success or wait | 715553112 |
Section loaded | Path: C:\Program Files\Java\jre6\bin\client\jvm.dll Access: query and write and read and execute Type: image Baseaddress: 6D7F0000 Size: 2777088 Protection: read write Mapped to pid: own pid | success or wait | 715554932 |
Process information queried | PID: 400 Info Class: BasicInformation | success or wait | 715555573 |
Section loaded | Path: \KnownDlls\SETUPAPI.DLL Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 715561128 |
Section loaded | Path: C:\WINDOWS\system32\setupapi.dll Access: query and write and read and execute Type: image Baseaddress: 77920000 Size: 995328 Protection: read write Mapped to pid: own pid | success or wait | 715561756 |
Process information queried | PID: 400 Info Class: Wow64Information | success or wait | 715564507 |
Section loaded | Path: \KnownDlls\SETUPAPI.DLL Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 715650541 |
Section loaded | Path: C:\WINDOWS\system32\setupapi.dll Access: query and write and read and execute Type: image Baseaddress: 77920000 Size: 995328 Protection: read write Mapped to pid: own pid | success or wait | 715651271 |
Process information queried | PID: 400 Info Class: Wow64Information | success or wait | 715654354 |
File opened | Path: C:\Program Files\Java\jre6\bin\dcpr.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: normal Content Overwritten: true | success or wait | 715745960 |
Section loaded | Path: C:\Program Files\Java\jre6\bin\dcpr.dll Access: write and read and execute Type: commit Baseaddress: 1210000 Size: 143360 Protection: execute Mapped to pid: own pid | success or wait | 715747748 |
Section loaded | Path: C:\Program Files\Java\jre6\bin\dcpr.dll Access: query and write and read and execute Type: image Baseaddress: 6D1A0000 Size: 143360 Protection: read write Mapped to pid: own pid | success or wait | 715749556 |
Process information queried | PID: 400 Info Class: BasicInformation | success or wait | 715750186 |
Section loaded | Path: \KnownDlls\SETUPAPI.DLL Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 715755508 |
Section loaded | Path: C:\WINDOWS\system32\setupapi.dll Access: query and write and read and execute Type: image Baseaddress: 77920000 Size: 995328 Protection: read write Mapped to pid: own pid | success or wait | 715756114 |
Process information queried | PID: 400 Info Class: Wow64Information | success or wait | 715758825 |
Section loaded | Path: \KnownDlls\SETUPAPI.DLL Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 715796851 |
Section loaded | Path: C:\WINDOWS\system32\setupapi.dll Access: query and write and read and execute Type: image Baseaddress: 77920000 Size: 995328 Protection: read write Mapped to pid: own pid | success or wait | 715797476 |
Process information queried | PID: 400 Info Class: Wow64Information | success or wait | 715800144 |
File opened | Path: C:\Program Files\Java\jre6\bin\deploy.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: normal Content Overwritten: true | success or wait | 715829188 |
Section loaded | Path: C:\Program Files\Java\jre6\bin\deploy.dll Access: write and read and execute Type: commit Baseaddress: 1210000 Size: 77824 Protection: execute Mapped to pid: own pid | success or wait | 715830028 |
Section loaded | Path: C:\Program Files\Java\jre6\bin\deploy.dll Access: query and write and read and execute Type: image Baseaddress: 6D1D0000 Size: 77824 Protection: read write Mapped to pid: own pid | success or wait | 715831738 |
Process information queried | PID: 400 Info Class: BasicInformation | success or wait | 715832339 |
Section loaded | Path: \KnownDlls\SETUPAPI.DLL Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 715837907 |
Section loaded | Path: C:\WINDOWS\system32\setupapi.dll Access: query and write and read and execute Type: image Baseaddress: 77920000 Size: 995328 Protection: read write Mapped to pid: own pid | success or wait | 715838533 |
Process information queried | PID: 400 Info Class: Wow64Information | success or wait | 715841294 |
Section loaded | Path: \KnownDlls\SETUPAPI.DLL Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 715875777 |
Section loaded | Path: C:\WINDOWS\system32\setupapi.dll Access: query and write and read and execute Type: image Baseaddress: 77920000 Size: 995328 Protection: read write Mapped to pid: own pid | success or wait | 715876401 |
Process information queried | PID: 400 Info Class: Wow64Information | success or wait | 715879059 |
File opened | Path: C:\Program Files\Java\jre6\bin\fontmanager.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: normal Content Overwritten: true | success or wait | 715908034 |
Section loaded | Path: C:\Program Files\Java\jre6\bin\fontmanager.dll Access: write and read and execute Type: commit Baseaddress: 1210000 Size: 323584 Protection: execute Mapped to pid: own pid | success or wait | 715909599 |
Section loaded | Path: C:\Program Files\Java\jre6\bin\fontmanager.dll Access: query and write and read and execute Type: image Baseaddress: 6D230000 Size: 323584 Protection: read write Mapped to pid: own pid | success or wait | 715911320 |
Process information queried | PID: 400 Info Class: BasicInformation | success or wait | 715911921 |
Section loaded | Path: \KnownDlls\SETUPAPI.DLL Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 715917473 |
Section loaded | Path: C:\WINDOWS\system32\setupapi.dll Access: query and write and read and execute Type: image Baseaddress: 77920000 Size: 995328 Protection: read write Mapped to pid: own pid | success or wait | 715918097 |
Process information queried | PID: 400 Info Class: Wow64Information | success or wait | 715920877 |
Section loaded | Path: \KnownDlls\SETUPAPI.DLL Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 715959398 |
Section loaded | Path: C:\WINDOWS\system32\setupapi.dll Access: query and write and read and execute Type: image Baseaddress: 77920000 Size: 995328 Protection: read write Mapped to pid: own pid | success or wait | 715960103 |
Process information queried | PID: 400 Info Class: Wow64Information | success or wait | 715963116 |
File opened | Path: C:\Program Files\Java\jre6\bin\hpi.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: normal Content Overwritten: true | success or wait | 715995928 |
Section loaded | Path: C:\Program Files\Java\jre6\bin\hpi.dll Access: write and read and execute Type: commit Baseaddress: 1210000 Size: 16384 Protection: execute Mapped to pid: own pid | success or wait | 715997378 |
Section loaded | Path: C:\Program Files\Java\jre6\bin\hpi.dll Access: query and write and read and execute Type: image Baseaddress: 6D280000 Size: 32768 Protection: read write Mapped to pid: own pid | success or wait | 715999044 |
Process information queried | PID: 400 Info Class: BasicInformation | success or wait | 715999569 |
Section loaded | Path: \KnownDlls\SETUPAPI.DLL Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 716005168 |
Section loaded | Path: C:\WINDOWS\system32\setupapi.dll Access: query and write and read and execute Type: image Baseaddress: 77920000 Size: 995328 Protection: read write Mapped to pid: own pid | success or wait | 716005796 |
Process information queried | PID: 400 Info Class: Wow64Information | success or wait | 716008541 |
Section loaded | Path: \KnownDlls\SETUPAPI.DLL Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 716040478 |
Section loaded | Path: C:\WINDOWS\system32\setupapi.dll Access: query and write and read and execute Type: image Baseaddress: 77920000 Size: 995328 Protection: read write Mapped to pid: own pid | success or wait | 716041101 |
Process information queried | PID: 400 Info Class: Wow64Information | success or wait | 716043775 |
File opened | Path: C:\Program Files\Java\jre6\bin\java.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: normal Content Overwritten: true | success or wait | 716072543 |
Section loaded | Path: C:\Program Files\Java\jre6\bin\java.dll Access: write and read and execute Type: commit Baseaddress: 1210000 Size: 126976 Protection: execute Mapped to pid: own pid | success or wait | 716073899 |
Section loaded | Path: C:\Program Files\Java\jre6\bin\java.dll Access: query and write and read and execute Type: image Baseaddress: 6D320000 Size: 126976 Protection: read write Mapped to pid: own pid | success or wait | 716075580 |
Process information queried | PID: 400 Info Class: BasicInformation | success or wait | 716076179 |
Section loaded | Path: \KnownDlls\SETUPAPI.DLL Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 716081722 |
Section loaded | Path: C:\WINDOWS\system32\setupapi.dll Access: query and write and read and execute Type: image Baseaddress: 77920000 Size: 995328 Protection: read write Mapped to pid: own pid | success or wait | 716082346 |
Process information queried | PID: 400 Info Class: Wow64Information | success or wait | 716085096 |
Section loaded | Path: \KnownDlls\SETUPAPI.DLL Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 716119797 |
Section loaded | Path: C:\WINDOWS\system32\setupapi.dll Access: query and write and read and execute Type: image Baseaddress: 77920000 Size: 995328 Protection: read write Mapped to pid: own pid | success or wait | 716120420 |
Process information queried | PID: 400 Info Class: Wow64Information | success or wait | 716123076 |
File opened | Path: C:\Program Files\Java\jre6\bin\javaw.exe Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: normal Content Overwritten: true | success or wait | 716151411 |
Section loaded | Path: C:\Program Files\Java\jre6\bin\javaw.exe Access: write and read and execute Type: commit Baseaddress: 1210000 Size: 147456 Protection: execute Mapped to pid: own pid | success or wait | 716152252 |
Section loaded | Path: C:\Program Files\Java\jre6\bin\javaw.exe Access: query and write and read and execute Type: image Baseaddress: 1210000 Size: 147456 Protection: read write Mapped to pid: own pid | conflicting addresses | 716154088 |
Process information queried | PID: 400 Info Class: BasicInformation | success or wait | 716155536 |
Section loaded | Path: \KnownDlls\SETUPAPI.DLL Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 716161080 |
Section loaded | Path: C:\WINDOWS\system32\setupapi.dll Access: query and write and read and execute Type: image Baseaddress: 77920000 Size: 995328 Protection: read write Mapped to pid: own pid | success or wait | 716162078 |
Section loaded | Path: \KnownDlls\SETUPAPI.DLL Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 716200136 |
Section loaded | Path: C:\WINDOWS\system32\setupapi.dll Access: query and write and read and execute Type: image Baseaddress: 77920000 Size: 995328 Protection: read write Mapped to pid: own pid | success or wait | 716200760 |
File opened | Path: C:\Program Files\Java\jre6\bin\jp2native.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: normal Content Overwritten: true | success or wait | 716232524 |
Section loaded | Path: C:\Program Files\Java\jre6\bin\jp2native.dll Access: write and read and execute Type: commit Baseaddress: 1210000 Size: 8192 Protection: execute Mapped to pid: own pid | success or wait | 716234105 |
Section loaded | Path: C:\Program Files\Java\jre6\bin\jp2native.dll Access: query and write and read and execute Type: image Baseaddress: 6D420000 Size: 24576 Protection: read write Mapped to pid: own pid | success or wait | 716235794 |
Process information queried | PID: 400 Info Class: BasicInformation | success or wait | 716236367 |
Section loaded | Path: \KnownDlls\SETUPAPI.DLL Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 716241735 |
Section loaded | Path: C:\WINDOWS\system32\setupapi.dll Access: query and write and read and execute Type: image Baseaddress: 77920000 Size: 995328 Protection: read write Mapped to pid: own pid | success or wait | 716242341 |
Section loaded | Path: \KnownDlls\SETUPAPI.DLL Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 716281027 |
Section loaded | Path: C:\WINDOWS\system32\setupapi.dll Access: query and write and read and execute Type: image Baseaddress: 77920000 Size: 995328 Protection: read write Mapped to pid: own pid | success or wait | 716283117 |
File opened | Path: C:\Program Files\Java\jre6\bin\jpeg.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: normal Content Overwritten: true | success or wait | 716319407 |
Section loaded | Path: C:\Program Files\Java\jre6\bin\jpeg.dll Access: write and read and execute Type: commit Baseaddress: 1210000 Size: 151552 Protection: execute Mapped to pid: own pid | success or wait | 716320214 |
Section loaded | Path: C:\Program Files\Java\jre6\bin\jpeg.dll Access: query and write and read and execute Type: image Baseaddress: 6D440000 Size: 151552 Protection: read write Mapped to pid: own pid | success or wait | 716321920 |
Process information queried | PID: 400 Info Class: BasicInformation | success or wait | 716322577 |
Section loaded | Path: \KnownDlls\SETUPAPI.DLL Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 716327955 |
Section loaded | Path: C:\WINDOWS\system32\setupapi.dll Access: query and write and read and execute Type: image Baseaddress: 77920000 Size: 995328 Protection: read write Mapped to pid: own pid | success or wait | 716328563 |
Section loaded | Path: \KnownDlls\SETUPAPI.DLL Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 716609714 |
Section loaded | Path: C:\WINDOWS\system32\setupapi.dll Access: query and write and read and execute Type: image Baseaddress: 77920000 Size: 995328 Protection: read write Mapped to pid: own pid | success or wait | 716610344 |
File opened | Path: C:\Program Files\Java\jre6\bin\msvcr71.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: normal Content Overwritten: true | success or wait | 716641824 |
Process information queried | PID: 400 Info Class: BasicInformation | success or wait | 716642220 |
Section loaded | Path: \KnownDlls\SETUPAPI.DLL Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 716644387 |
Section loaded | Path: C:\WINDOWS\system32\setupapi.dll Access: query and write and read and execute Type: image Baseaddress: 77920000 Size: 995328 Protection: read write Mapped to pid: own pid | success or wait | 716645018 |
Section loaded | Path: \KnownDlls\SETUPAPI.DLL Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 716936089 |
Section loaded | Path: C:\WINDOWS\system32\setupapi.dll Access: query and write and read and execute Type: image Baseaddress: 77920000 Size: 995328 Protection: read write Mapped to pid: own pid | success or wait | 716936718 |
File opened | Path: C:\Program Files\Java\jre6\bin\net.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: normal Content Overwritten: true | success or wait | 716969428 |
Section loaded | Path: C:\Program Files\Java\jre6\bin\net.dll Access: write and read and execute Type: commit Baseaddress: 1210000 Size: 77824 Protection: execute Mapped to pid: own pid | success or wait | 716971003 |
Section loaded | Path: C:\Program Files\Java\jre6\bin\net.dll Access: query and write and read and execute Type: image Baseaddress: 6D600000 Size: 77824 Protection: read write Mapped to pid: own pid | success or wait | 716972774 |
Process information queried | PID: 400 Info Class: BasicInformation | success or wait | 716973373 |
Section loaded | Path: \KnownDlls\SETUPAPI.DLL Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 716978972 |
Section loaded | Path: C:\WINDOWS\system32\setupapi.dll Access: query and write and read and execute Type: image Baseaddress: 77920000 Size: 995328 Protection: read write Mapped to pid: own pid | success or wait | 716979600 |
Section loaded | Path: \KnownDlls\SETUPAPI.DLL Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 717015902 |
Section loaded | Path: C:\WINDOWS\system32\setupapi.dll Access: query and write and read and execute Type: image Baseaddress: 77920000 Size: 995328 Protection: read write Mapped to pid: own pid | success or wait | 717016574 |
File opened | Path: C:\Program Files\Java\jre6\bin\nio.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: normal Content Overwritten: true | success or wait | 717048349 |
Section loaded | Path: C:\Program Files\Java\jre6\bin\nio.dll Access: write and read and execute Type: commit Baseaddress: 1210000 Size: 20480 Protection: execute Mapped to pid: own pid | success or wait | 717049192 |
Section loaded | Path: C:\Program Files\Java\jre6\bin\nio.dll Access: query and write and read and execute Type: image Baseaddress: 6D620000 Size: 36864 Protection: read write Mapped to pid: own pid | success or wait | 717050938 |
Process information queried | PID: 400 Info Class: BasicInformation | success or wait | 717051530 |
Section loaded | Path: \KnownDlls\SETUPAPI.DLL Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 717057359 |
Section loaded | Path: C:\WINDOWS\system32\setupapi.dll Access: query and write and read and execute Type: image Baseaddress: 77920000 Size: 995328 Protection: read write Mapped to pid: own pid | success or wait | 717057989 |
Section loaded | Path: \KnownDlls\SETUPAPI.DLL Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 717094255 |
Section loaded | Path: C:\WINDOWS\system32\setupapi.dll Access: query and write and read and execute Type: image Baseaddress: 77920000 Size: 995328 Protection: read write Mapped to pid: own pid | success or wait | 717094880 |
File opened | Path: C:\Program Files\Java\jre6\bin\regutils.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: normal Content Overwritten: true | success or wait | 717126905 |
Section loaded | Path: C:\Program Files\Java\jre6\bin\regutils.dll Access: write and read and execute Type: commit Baseaddress: 1210000 Size: 278528 Protection: execute Mapped to pid: own pid | success or wait | 717128397 |
Section loaded | Path: C:\Program Files\Java\jre6\bin\regutils.dll Access: query and write and read and execute Type: image Baseaddress: 6D6A0000 Size: 286720 Protection: read write Mapped to pid: own pid | success or wait | 717130111 |
Process information queried | PID: 400 Info Class: BasicInformation | success or wait | 717130689 |
Section loaded | Path: \KnownDlls\SETUPAPI.DLL Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 717136028 |
Section loaded | Path: C:\WINDOWS\system32\setupapi.dll Access: query and write and read and execute Type: image Baseaddress: 77920000 Size: 995328 Protection: read write Mapped to pid: own pid | success or wait | 717136632 |
Section loaded | Path: \KnownDlls\SETUPAPI.DLL Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 717181577 |
Section loaded | Path: C:\WINDOWS\system32\setupapi.dll Access: query and write and read and execute Type: image Baseaddress: 77920000 Size: 995328 Protection: read write Mapped to pid: own pid | success or wait | 717182225 |
File opened | Path: C:\Program Files\Java\jre6\bin\verify.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: normal Content Overwritten: true | success or wait | 717212581 |
Section loaded | Path: C:\Program Files\Java\jre6\bin\verify.dll Access: write and read and execute Type: commit Baseaddress: 1210000 Size: 32768 Protection: execute Mapped to pid: own pid | success or wait | 717214075 |
Section loaded | Path: C:\Program Files\Java\jre6\bin\verify.dll Access: query and write and read and execute Type: image Baseaddress: 6D7A0000 Size: 49152 Protection: read write Mapped to pid: own pid | success or wait | 717215789 |
Process information queried | PID: 400 Info Class: BasicInformation | success or wait | 717216378 |
Section loaded | Path: \KnownDlls\SETUPAPI.DLL Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 717221850 |
Section loaded | Path: C:\WINDOWS\system32\setupapi.dll Access: query and write and read and execute Type: image Baseaddress: 77920000 Size: 995328 Protection: read write Mapped to pid: own pid | success or wait | 717222458 |
Section loaded | Path: \KnownDlls\SETUPAPI.DLL Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 717256571 |
Section loaded | Path: C:\WINDOWS\system32\setupapi.dll Access: query and write and read and execute Type: image Baseaddress: 77920000 Size: 995328 Protection: read write Mapped to pid: own pid | success or wait | 717257183 |
File opened | Path: C:\Program Files\Java\jre6\bin\zip.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: normal Content Overwritten: true | success or wait | 717287967 |
Section loaded | Path: C:\Program Files\Java\jre6\bin\zip.dll Access: write and read and execute Type: commit Baseaddress: 1210000 Size: 49152 Protection: execute Mapped to pid: own pid | success or wait | 717288719 |
Section loaded | Path: C:\Program Files\Java\jre6\bin\zip.dll Access: query and write and read and execute Type: image Baseaddress: 6D7E0000 Size: 61440 Protection: read write Mapped to pid: own pid | success or wait | 717290757 |
Process information queried | PID: 400 Info Class: BasicInformation | success or wait | 717291391 |
Section loaded | Path: \KnownDlls\SETUPAPI.DLL Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 717296768 |
Section loaded | Path: C:\WINDOWS\system32\setupapi.dll Access: query and write and read and execute Type: image Baseaddress: 77920000 Size: 995328 Protection: read write Mapped to pid: own pid | success or wait | 717297375 |
Section loaded | Path: \KnownDlls\SETUPAPI.DLL Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 717331824 |
Section loaded | Path: C:\WINDOWS\system32\setupapi.dll Access: query and write and read and execute Type: image Baseaddress: 77920000 Size: 995328 Protection: read write Mapped to pid: own pid | success or wait | 717332425 |
Mutant created | Name: \BaseNamedObjects\ofjwkwufhdjfgki | object name exists | 826792653 |
File opened | Path: \pipe\globpluginspipe Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: none Content Overwritten: true | success or wait | 826792920 |
File read | Path: \globpluginspipe Offset: unknown Length: 4 Value: 41 0C 02 00 | success or wait | 826793104 |
File read | Path: \globpluginspipe Offset: unknown Length: 134209 Value: 67 6C 6F 62 70 6C 75 67 69 6E 73 00 04 00 00 00 72 73 74 5F 31 5F 31 00 00 0C 02 00 4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF 00 00 B8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 E8 00 00 00 0E 1F BA 0E 00 B4 09 CD | success or wait | 826797001 |
Sections | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
File Activities:
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Section Activities:
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Mutant Activities:
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Process Activities:
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Thread Activities:
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Memory Activities:
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
System Activities:
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
User Activities:
|
Chronological sections | |||
Operation | Data | Completion | Time |
Section loaded | Path: \KnownDlls\CRYPT32.dll Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 554575197 |
Section loaded | Path: C:\WINDOWS\system32\crypt32.dll Access: query and write and read and execute Type: image Baseaddress: 77A80000 Size: 610304 Protection: read write Mapped to pid: own pid | success or wait | 554583367 |
Section loaded | Path: \KnownDlls\MSASN1.dll Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 555072716 |
Section loaded | Path: C:\WINDOWS\system32\msasn1.dll Access: query and write and read and execute Type: image Baseaddress: 77B20000 Size: 73728 Protection: read write Mapped to pid: own pid | success or wait | 555089906 |
System info queried | Type: ProcessInformation | success or wait | 555380534 |
Message posted | TID: 1B4 Message: 402 WParam: 1780 LParam: 0 | success | 555396517 |
Section loaded | Path: \KnownDlls\WS2_32.dll Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 556164145 |
Section loaded | Path: C:\WINDOWS\system32\ws2_32.dll Access: query and write and read and execute Type: image Baseaddress: 71AB0000 Size: 94208 Protection: read write Mapped to pid: own pid | success or wait | 556172063 |
Section loaded | Path: \KnownDlls\WS2HELP.dll Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 556800249 |
Section loaded | Path: C:\WINDOWS\system32\ws2help.dll Access: query and write and read and execute Type: image Baseaddress: 71AA0000 Size: 32768 Protection: read write Mapped to pid: own pid | success or wait | 556809406 |
Section loaded | Path: \KnownDlls\WININET.dll Access: write and read and execute Type: unknown Baseaddress: 3D930000 Size: 942080 Protection: read write Mapped to pid: own pid | success or wait | 556921080 |
Section loaded | Path: \KnownDlls\Normaliz.dll Access: write and read and execute Type: unknown Baseaddress: 920000 Size: 36864 Protection: read write Mapped to pid: own pid | conflicting addresses | 558139625 |
Section loaded | Path: \KnownDlls\urlmon.dll Access: write and read and execute Type: unknown Baseaddress: 78130000 Size: 1257472 Protection: read write Mapped to pid: own pid | success or wait | 558253270 |
Section loaded | Path: \KnownDlls\iertutil.dll Access: write and read and execute Type: unknown Baseaddress: 3DFD0000 Size: 2002944 Protection: read write Mapped to pid: own pid | success or wait | 559761440 |
System info queried | Type: ProcessInformation | success or wait | 563795009 |
Memory attributes changed | PID: 420 Path: C:\Program Files\Common Files\Microsoft Shared\VS7Debug\MDM.EXE Base: 7C90D76E Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 564549582 |
File opened | Path: C:\WINDOWS\system32\ntdll.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 564677847 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@e20459 | success or wait | 564690974 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 4 Value: D0 00 00 00 | success or wait | 564701166 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@8b915d | success or wait | 564717371 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 20 Value: 4C 01 04 00 7D F2 00 4D 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 564742601 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 D0 07 00 00 3C 03 00 00 00 00 00 F8 20 01 00 00 10 00 00 00 90 07 00 00 00 90 7C 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 0A 00 00 00 00 00 00 20 0B 00 00 04 00 00 30 FD 0A 00 03 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 34 00 00 | success or wait | 564751075 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@f472ff | success or wait | 564769270 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 DA CE 07 00 00 10 00 00 00 D0 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 20 4A 00 00 00 E0 07 00 00 32 00 00 00 D4 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 78 BE 02 00 00 30 08 00 00 C0 02 00 | success or wait | 564777447 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@a9f827 | success or wait | 564788297 |
Section loaded | Path: C:\WINDOWS\system32\ntdll.dll Access: query and read Type: commit Baseaddress: 950000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 564797830 |
Memory attributes changed | PID: 420 Path: C:\Program Files\Common Files\Microsoft Shared\VS7Debug\MDM.EXE Base: 7C90D76E Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 565740340 |
Memory attributes changed | PID: 420 Path: C:\Program Files\Common Files\Microsoft Shared\VS7Debug\MDM.EXE Base: BAFCD70 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 565755140 |
Memory attributes changed | PID: 420 Path: C:\Program Files\Common Files\Microsoft Shared\VS7Debug\MDM.EXE Base: 7C90DF1E Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 565765883 |
File opened | Path: C:\WINDOWS\system32\ntdll.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 565791052 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@e20459 | success or wait | 565802972 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 4 Value: D0 00 00 00 | success or wait | 565811738 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@8b915d | success or wait | 565922809 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 20 Value: 4C 01 04 00 7D F2 00 4D 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 565932726 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 D0 07 00 00 3C 03 00 00 00 00 00 F8 20 01 00 00 10 00 00 00 90 07 00 00 00 90 7C 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 0A 00 00 00 00 00 00 20 0B 00 00 04 00 00 30 FD 0A 00 03 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 34 00 00 | success or wait | 565961611 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@f472ff | success or wait | 565974421 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 DA CE 07 00 00 10 00 00 00 D0 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 20 4A 00 00 00 E0 07 00 00 32 00 00 00 D4 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 78 BE 02 00 00 30 08 00 00 C0 02 00 | success or wait | 566002753 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@a9f827 | success or wait | 566013463 |
Section loaded | Path: C:\WINDOWS\system32\ntdll.dll Access: query and read Type: commit Baseaddress: 950000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 566022678 |
Memory attributes changed | PID: 420 Path: C:\Program Files\Common Files\Microsoft Shared\VS7Debug\MDM.EXE Base: 7C90DF1E Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 566662988 |
Memory attributes changed | PID: 420 Path: C:\Program Files\Common Files\Microsoft Shared\VS7Debug\MDM.EXE Base: BB17110 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 566673485 |
Memory attributes changed | PID: 420 Path: C:\Program Files\Common Files\Microsoft Shared\VS7Debug\MDM.EXE Base: 7C90D2EE Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 566716384 |
File opened | Path: C:\WINDOWS\system32\ntdll.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 566763411 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@e20459 | success or wait | 566771823 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 4 Value: D0 00 00 00 | success or wait | 567730284 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@8b915d | success or wait | 567771399 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 20 Value: 4C 01 04 00 7D F2 00 4D 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 567780499 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 D0 07 00 00 3C 03 00 00 00 00 00 F8 20 01 00 00 10 00 00 00 90 07 00 00 00 90 7C 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 0A 00 00 00 00 00 00 20 0B 00 00 04 00 00 30 FD 0A 00 03 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 34 00 00 | success or wait | 567790935 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@f472ff | success or wait | 567838085 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 DA CE 07 00 00 10 00 00 00 D0 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 20 4A 00 00 00 E0 07 00 00 32 00 00 00 D4 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 78 BE 02 00 00 30 08 00 00 C0 02 00 | success or wait | 567856398 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@a9f827 | success or wait | 567866149 |
Section loaded | Path: C:\WINDOWS\system32\ntdll.dll Access: query and read Type: commit Baseaddress: 950000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 567881844 |
Memory attributes changed | PID: 420 Path: C:\Program Files\Common Files\Microsoft Shared\VS7Debug\MDM.EXE Base: 7C90D2EE Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 568118593 |
Memory attributes changed | PID: 420 Path: C:\Program Files\Common Files\Microsoft Shared\VS7Debug\MDM.EXE Base: BB02A80 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 568139651 |
Memory attributes changed | PID: 420 Path: C:\Program Files\Common Files\Microsoft Shared\VS7Debug\MDM.EXE Base: 7C90DB3E Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 568158488 |
File opened | Path: C:\WINDOWS\system32\ntdll.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 568214907 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@e20459 | success or wait | 568224404 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 4 Value: D0 00 00 00 | success or wait | 568356474 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@8b915d | success or wait | 568367569 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 20 Value: 4C 01 04 00 7D F2 00 4D 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 568376388 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 D0 07 00 00 3C 03 00 00 00 00 00 F8 20 01 00 00 10 00 00 00 90 07 00 00 00 90 7C 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 0A 00 00 00 00 00 00 20 0B 00 00 04 00 00 30 FD 0A 00 03 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 34 00 00 | success or wait | 568622191 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@f472ff | success or wait | 568632373 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 DA CE 07 00 00 10 00 00 00 D0 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 20 4A 00 00 00 E0 07 00 00 32 00 00 00 D4 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 78 BE 02 00 00 30 08 00 00 C0 02 00 | success or wait | 568640473 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@a9f827 | success or wait | 568650907 |
Section loaded | Path: C:\WINDOWS\system32\ntdll.dll Access: query and read Type: commit Baseaddress: 950000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 568659749 |
Memory attributes changed | PID: 420 Path: C:\Program Files\Common Files\Microsoft Shared\VS7Debug\MDM.EXE Base: 7C90DB3E Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 568773076 |
Memory attributes changed | PID: 420 Path: C:\Program Files\Common Files\Microsoft Shared\VS7Debug\MDM.EXE Base: BB169A8 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 568784043 |
Memory attributes changed | PID: 420 Path: C:\Program Files\Common Files\Microsoft Shared\VS7Debug\MDM.EXE Base: 7C91632D Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 568793875 |
File opened | Path: C:\WINDOWS\system32\ntdll.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 568864365 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@e20459 | success or wait | 568876349 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 4 Value: D0 00 00 00 | success or wait | 568934606 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@8b915d | success or wait | 568948176 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 20 Value: 4C 01 04 00 7D F2 00 4D 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 568994397 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 D0 07 00 00 3C 03 00 00 00 00 00 F8 20 01 00 00 10 00 00 00 90 07 00 00 00 90 7C 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 0A 00 00 00 00 00 00 20 0B 00 00 04 00 00 30 FD 0A 00 03 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 34 00 00 | success or wait | 569020315 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@f472ff | success or wait | 569151838 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 DA CE 07 00 00 10 00 00 00 D0 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 20 4A 00 00 00 E0 07 00 00 32 00 00 00 D4 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 78 BE 02 00 00 30 08 00 00 C0 02 00 | success or wait | 569163663 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@a9f827 | success or wait | 569172686 |
Section loaded | Path: C:\WINDOWS\system32\ntdll.dll Access: query and read Type: commit Baseaddress: 950000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 569187200 |
Memory attributes changed | PID: 420 Path: C:\Program Files\Common Files\Microsoft Shared\VS7Debug\MDM.EXE Base: 7C91632D Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 569273187 |
Memory attributes changed | PID: 420 Path: C:\Program Files\Common Files\Microsoft Shared\VS7Debug\MDM.EXE Base: BB031F0 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 569281988 |
Memory attributes changed | PID: 420 Path: C:\Program Files\Common Files\Microsoft Shared\VS7Debug\MDM.EXE Base: 7E418BF6 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 569293188 |
File opened | Path: C:\WINDOWS\system32\USER32.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 569321703 |
File other op | Path: C:\WINDOWS\system32\user32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@e2e687 | success or wait | 569334838 |
File read | Path: C:\WINDOWS\system32\user32.dll Offset: unknown Length: 4 Value: D8 00 00 00 | success or wait | 569366304 |
File other op | Path: C:\WINDOWS\system32\user32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@8ce0ea | success or wait | 569447638 |
File read | Path: C:\WINDOWS\system32\user32.dll Offset: unknown Length: 20 Value: 4C 01 04 00 1B A1 02 48 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 569610283 |
File read | Path: C:\WINDOWS\system32\user32.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 F4 05 00 00 E2 02 00 00 00 00 00 17 B2 00 00 00 10 00 00 00 B0 05 00 00 00 41 7E 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 00 00 00 00 00 00 00 10 09 00 00 04 00 00 76 FC 08 00 02 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 39 00 00 | success or wait | 569734165 |
System info queried | Type: ProcessInformation | success or wait | 569734807 |
File other op | Path: C:\WINDOWS\system32\user32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1023565 | success or wait | 569794044 |
File read | Path: C:\WINDOWS\system32\user32.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 83 F2 05 00 00 10 00 00 00 F4 05 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 80 11 00 00 00 10 06 00 00 0C 00 00 00 F8 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 88 A0 02 00 00 30 06 00 00 A2 02 00 | success or wait | 570230046 |
File other op | Path: C:\WINDOWS\system32\user32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1ff88c3 | success or wait | 570243768 |
Section loaded | Path: C:\WINDOWS\system32\user32.dll Access: query and read Type: commit Baseaddress: 950000 Size: 57344 Protection: readonly Mapped to pid: own pid | success or wait | 570255567 |
Memory attributes changed | PID: 420 Path: C:\Program Files\Common Files\Microsoft Shared\VS7Debug\MDM.EXE Base: 7E418BF6 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 570341691 |
Memory attributes changed | PID: 420 Path: C:\Program Files\Common Files\Microsoft Shared\VS7Debug\MDM.EXE Base: BB02140 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 570400517 |
File opened | Path: C:\skhfushjflw\config.bin Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: normal Content Overwritten: true | success or wait | 570414122 |
File read | Path: C:\skhfushjflw\config.bin Offset: unknown Length: 74019 Value: 50 5F A6 6E 46 82 4F 8B 57 93 A9 9E 12 94 50 94 50 94 50 94 50 94 65 A2 66 A2 68 AC 79 BD E4 97 C1 E3 88 2B 9D C5 E2 92 23 B3 04 C0 03 7C B1 2A B3 BE CE AD 37 FD 39 FD 3B 6B 1F 81 21 06 02 04 95 44 7B 58 4F 33 E4 CF A8 3F D4 7E 21 05 7D B3 67 3E 96 B1 22 34 C2 F2 16 A5 36 26 B2 39 84 48 E5 22 EE 43 | success or wait | 570553300 |
Memory attributes changed | PID: 420 Path: C:\Program Files\Common Files\Microsoft Shared\VS7Debug\MDM.EXE Base: 3D949088 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 571025519 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 571046533 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@16bf9ce | success or wait | 571053907 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 571064091 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1dd66fd | success or wait | 571067765 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 571071399 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 571075184 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@9486a5 | success or wait | 571089409 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 571103837 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@113c116 | success or wait | 571107552 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: 950000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 571110471 |
Memory attributes changed | PID: 420 Path: C:\Program Files\Common Files\Microsoft Shared\VS7Debug\MDM.EXE Base: 3D949088 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 571142630 |
Memory attributes changed | PID: 420 Path: C:\Program Files\Common Files\Microsoft Shared\VS7Debug\MDM.EXE Base: BB17598 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 571151644 |
Memory attributes changed | PID: 420 Path: C:\Program Files\Common Files\Microsoft Shared\VS7Debug\MDM.EXE Base: 3D95EE89 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 571160764 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 571185969 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@16bf9ce | success or wait | 571194383 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 571202241 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1dd66fd | success or wait | 571209333 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 571218317 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 571275423 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@9486a5 | success or wait | 571287681 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 571881663 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@113c116 | success or wait | 571891021 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: 950000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 571896115 |
Memory attributes changed | PID: 420 Path: C:\Program Files\Common Files\Microsoft Shared\VS7Debug\MDM.EXE Base: 3D95EE89 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 571975526 |
Memory attributes changed | PID: 420 Path: C:\Program Files\Common Files\Microsoft Shared\VS7Debug\MDM.EXE Base: BB16B68 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 571979490 |
Memory attributes changed | PID: 420 Path: C:\Program Files\Common Files\Microsoft Shared\VS7Debug\MDM.EXE Base: 3D94FABE Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 571982203 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 571991695 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@16bf9ce | success or wait | 571995582 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 571998187 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1dd66fd | success or wait | 572013718 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 572016745 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 572056845 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@9486a5 | success or wait | 572060597 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 572077503 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@113c116 | success or wait | 572080240 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: 950000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 572082982 |
Memory attributes changed | PID: 420 Path: C:\Program Files\Common Files\Microsoft Shared\VS7Debug\MDM.EXE Base: 3D94FABE Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 572110169 |
Memory attributes changed | PID: 420 Path: C:\Program Files\Common Files\Microsoft Shared\VS7Debug\MDM.EXE Base: BAFC6D0 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 572123076 |
Memory attributes changed | PID: 420 Path: C:\Program Files\Common Files\Microsoft Shared\VS7Debug\MDM.EXE Base: 3D9A608E Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 572126706 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 572144842 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@16bf9ce | success or wait | 572149267 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 572187682 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1dd66fd | success or wait | 572189962 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 572192502 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 572194546 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@9486a5 | success or wait | 572197318 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 572200115 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@113c116 | success or wait | 572202574 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: 950000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 572206426 |
Memory attributes changed | PID: 420 Path: C:\Program Files\Common Files\Microsoft Shared\VS7Debug\MDM.EXE Base: 3D9A608E Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 572263444 |
Memory attributes changed | PID: 420 Path: C:\Program Files\Common Files\Microsoft Shared\VS7Debug\MDM.EXE Base: BB05EA0 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 572266553 |
File opened | Path: C:\skhfushjflw\config.bin Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: normal Content Overwritten: true | success or wait | 572269291 |
File read | Path: C:\skhfushjflw\config.bin Offset: unknown Length: 74019 Value: 50 5F A6 6E 46 82 4F 8B 57 93 A9 9E 12 94 50 94 50 94 50 94 50 94 65 A2 66 A2 68 AC 79 BD E4 97 C1 E3 88 2B 9D C5 E2 92 23 B3 04 C0 03 7C B1 2A B3 BE CE AD 37 FD 39 FD 3B 6B 1F 81 21 06 02 04 95 44 7B 58 4F 33 E4 CF A8 3F D4 7E 21 05 7D B3 67 3E 96 B1 22 34 C2 F2 16 A5 36 26 B2 39 84 48 E5 22 EE 43 | success or wait | 572296926 |
Memory attributes changed | PID: 420 Path: C:\Program Files\Common Files\Microsoft Shared\VS7Debug\MDM.EXE Base: 3D94D508 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 572713111 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 572721335 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@16bf9ce | success or wait | 572723718 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 572727629 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1dd66fd | success or wait | 573048593 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 573053695 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 573056447 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@9486a5 | success or wait | 573095333 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 573097746 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@113c116 | success or wait | 573100023 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: 950000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 573102912 |
Memory attributes changed | PID: 420 Path: C:\Program Files\Common Files\Microsoft Shared\VS7Debug\MDM.EXE Base: 3D94D508 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 573135670 |
Memory attributes changed | PID: 420 Path: C:\Program Files\Common Files\Microsoft Shared\VS7Debug\MDM.EXE Base: BB06620 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 573137863 |
Memory attributes changed | PID: 420 Path: C:\Program Files\Common Files\Microsoft Shared\VS7Debug\MDM.EXE Base: 3D94CF4E Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 573154019 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 573162085 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@16bf9ce | success or wait | 573164945 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 573202326 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1dd66fd | success or wait | 573206070 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 573208169 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 573210917 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@9486a5 | success or wait | 573213842 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 573216499 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@113c116 | success or wait | 573219295 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: 950000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 573257461 |
Memory attributes changed | PID: 420 Path: C:\Program Files\Common Files\Microsoft Shared\VS7Debug\MDM.EXE Base: 3D94CF4E Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 573284854 |
Memory attributes changed | PID: 420 Path: C:\Program Files\Common Files\Microsoft Shared\VS7Debug\MDM.EXE Base: BB17758 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 573289597 |
Memory attributes changed | PID: 420 Path: C:\Program Files\Common Files\Microsoft Shared\VS7Debug\MDM.EXE Base: 3D94878D Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 573303345 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 573310809 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@16bf9ce | success or wait | 573365723 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 573373018 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1dd66fd | success or wait | 573380585 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 573386885 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 573395906 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@9486a5 | success or wait | 573401870 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 573408971 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@113c116 | success or wait | 573416634 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: 950000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 573422401 |
Memory attributes changed | PID: 420 Path: C:\Program Files\Common Files\Microsoft Shared\VS7Debug\MDM.EXE Base: 3D94878D Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 573489912 |
Memory attributes changed | PID: 420 Path: C:\Program Files\Common Files\Microsoft Shared\VS7Debug\MDM.EXE Base: BB033B0 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 573495500 |
Memory attributes changed | PID: 420 Path: C:\Program Files\Common Files\Microsoft Shared\VS7Debug\MDM.EXE Base: 3D940049 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 573542717 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 573582637 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@16bf9ce | success or wait | 573591594 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 573598980 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1dd66fd | success or wait | 573605916 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 573611814 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 573618408 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@9486a5 | success or wait | 573625567 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 573630659 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@113c116 | success or wait | 573669787 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: 950000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 573690908 |
Memory attributes changed | PID: 420 Path: C:\Program Files\Common Files\Microsoft Shared\VS7Debug\MDM.EXE Base: 3D940049 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 574517491 |
Memory attributes changed | PID: 420 Path: C:\Program Files\Common Files\Microsoft Shared\VS7Debug\MDM.EXE Base: BB17AA8 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 574528171 |
Memory attributes changed | PID: 420 Path: C:\Program Files\Common Files\Microsoft Shared\VS7Debug\MDM.EXE Base: 3D94BF83 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 574554168 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 574583813 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@16bf9ce | success or wait | 574610695 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 574617048 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1dd66fd | success or wait | 574622606 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 574627770 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 574634615 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@9486a5 | success or wait | 574640430 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 574646379 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@113c116 | success or wait | 574653182 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: 950000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 574658632 |
Memory attributes changed | PID: 420 Path: C:\Program Files\Common Files\Microsoft Shared\VS7Debug\MDM.EXE Base: 3D94BF83 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 574841986 |
Memory attributes changed | PID: 420 Path: C:\Program Files\Common Files\Microsoft Shared\VS7Debug\MDM.EXE Base: BB02C30 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 574848243 |
Memory attributes changed | PID: 420 Path: C:\Program Files\Common Files\Microsoft Shared\VS7Debug\MDM.EXE Base: 3D94654B Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 574874995 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 574915602 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@16bf9ce | success or wait | 574945687 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 574951210 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1dd66fd | success or wait | 574956974 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 574962770 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 574969250 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@9486a5 | success or wait | 574973762 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 574980752 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@113c116 | success or wait | 574985511 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: 950000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 574990085 |
Memory attributes changed | PID: 420 Path: C:\Program Files\Common Files\Microsoft Shared\VS7Debug\MDM.EXE Base: 3D94654B Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 575030836 |
Memory attributes changed | PID: 420 Path: C:\Program Files\Common Files\Microsoft Shared\VS7Debug\MDM.EXE Base: BB035C0 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 575035379 |
Memory attributes changed | PID: 420 Path: C:\Program Files\Common Files\Microsoft Shared\VS7Debug\MDM.EXE Base: 3D963381 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 575041337 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 575079891 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@16bf9ce | success or wait | 575087233 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 575092216 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1dd66fd | success or wait | 575097359 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 575101514 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 575104816 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@9486a5 | success or wait | 575113307 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 575122162 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@113c116 | success or wait | 575126733 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: 950000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 575131012 |
Memory attributes changed | PID: 420 Path: C:\Program Files\Common Files\Microsoft Shared\VS7Debug\MDM.EXE Base: 3D963381 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 575172083 |
Memory attributes changed | PID: 420 Path: C:\Program Files\Common Files\Microsoft Shared\VS7Debug\MDM.EXE Base: BAFCB48 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 575176094 |
Memory attributes changed | PID: 420 Path: C:\Program Files\Common Files\Microsoft Shared\VS7Debug\MDM.EXE Base: 71AB4C27 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 575180428 |
File opened | Path: C:\WINDOWS\system32\WS2_32.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 575201516 |
File other op | Path: C:\WINDOWS\system32\ws2_32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1e9c245 | success or wait | 575233038 |
File read | Path: C:\WINDOWS\system32\ws2_32.dll Offset: unknown Length: 4 Value: F0 00 00 00 | success or wait | 575240358 |
File other op | Path: C:\WINDOWS\system32\ws2_32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1d1702e | success or wait | 575248029 |
File read | Path: C:\WINDOWS\system32\ws2_32.dll Offset: unknown Length: 20 Value: 4C 01 04 00 63 A1 02 48 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 575262803 |
File read | Path: C:\WINDOWS\system32\ws2_32.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 22 01 00 00 1C 00 00 00 00 00 00 73 12 00 00 00 10 00 00 00 20 01 00 00 00 AB 71 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 0A 00 00 00 00 00 00 70 01 00 00 04 00 00 20 F0 01 00 03 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 04 14 00 00 | success or wait | 575267785 |
File other op | Path: C:\WINDOWS\system32\ws2_32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@11beb4d | success or wait | 575271859 |
File read | Path: C:\WINDOWS\system32\ws2_32.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 53 21 01 00 00 10 00 00 00 22 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 14 09 00 00 00 40 01 00 00 0A 00 00 00 26 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 F8 03 00 00 00 50 01 00 00 04 00 00 | success or wait | 575278188 |
File other op | Path: C:\WINDOWS\system32\ws2_32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1f51d36 | success or wait | 575284625 |
Section loaded | Path: C:\WINDOWS\system32\ws2_32.dll Access: query and read Type: commit Baseaddress: 950000 Size: 20480 Protection: readonly Mapped to pid: own pid | success or wait | 575289334 |
Memory attributes changed | PID: 420 Path: C:\Program Files\Common Files\Microsoft Shared\VS7Debug\MDM.EXE Base: 71AB4C27 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 575327254 |
File opened | Path: C:\WINDOWS\system32\ADVAPI32.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 575353724 |
File other op | Path: C:\WINDOWS\system32\advapi32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@150dcd3 | success or wait | 575379841 |
File read | Path: C:\WINDOWS\system32\advapi32.dll Offset: unknown Length: 4 Value: F0 00 00 00 | success or wait | 575383452 |
File other op | Path: C:\WINDOWS\system32\advapi32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1d1a35e | success or wait | 575387714 |
File read | Path: C:\WINDOWS\system32\advapi32.dll Offset: unknown Length: 20 Value: 4C 01 04 00 48 1D 90 49 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 575392619 |
File read | Path: C:\WINDOWS\system32\advapi32.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 46 07 00 00 3E 02 00 00 00 00 00 0B 71 00 00 00 10 00 00 00 20 07 00 00 00 DD 77 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 00 00 00 00 00 00 00 B0 09 00 00 04 00 00 B8 5B 0A 00 03 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 A4 16 00 00 | success or wait | 575396759 |
File other op | Path: C:\WINDOWS\system32\advapi32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@3cb1e1 | success or wait | 575402285 |
File read | Path: C:\WINDOWS\system32\advapi32.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 C9 45 07 00 00 10 00 00 00 46 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 28 46 00 00 00 60 07 00 00 2C 00 00 00 4A 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 80 A9 01 00 00 B0 07 00 00 AA 01 00 | success or wait | 575409396 |
File other op | Path: C:\WINDOWS\system32\advapi32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@c23942 | success or wait | 575414358 |
Section loaded | Path: C:\WINDOWS\system32\advapi32.dll Access: query and read Type: commit Baseaddress: 950000 Size: 28672 Protection: readonly Mapped to pid: own pid | success or wait | 575418415 |
File opened | Path: C:\WINDOWS\system32\CRYPT32.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 576747465 |
File other op | Path: C:\WINDOWS\system32\crypt32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@13d4787 | success or wait | 576753792 |
File read | Path: C:\WINDOWS\system32\crypt32.dll Offset: unknown Length: 4 Value: F0 00 00 00 | success or wait | 576758316 |
File other op | Path: C:\WINDOWS\system32\crypt32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@22fe09 | success or wait | 576762650 |
File read | Path: C:\WINDOWS\system32\crypt32.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D7 A0 02 48 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 576766941 |
File read | Path: C:\WINDOWS\system32\crypt32.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 44 08 00 00 DC 00 00 00 00 00 00 32 16 00 00 00 10 00 00 00 20 08 00 00 00 A8 77 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 00 00 00 00 00 00 00 50 09 00 00 04 00 00 30 C5 09 00 02 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 9C 1A 00 00 | success or wait | 576772221 |
File other op | Path: C:\WINDOWS\system32\crypt32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1542c06 | success or wait | 576778469 |
File read | Path: C:\WINDOWS\system32\crypt32.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 C4 43 08 00 00 10 00 00 00 44 08 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 E8 23 00 00 00 60 08 00 00 24 00 00 00 48 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 50 67 00 00 00 90 08 00 00 68 00 00 | success or wait | 576783569 |
System info queried | Type: ProcessInformation | success or wait | 576785159 |
File other op | Path: C:\WINDOWS\system32\crypt32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1166179 | success or wait | 576795539 |
Section loaded | Path: C:\WINDOWS\system32\crypt32.dll Access: query and read Type: commit Baseaddress: 1040000 Size: 77824 Protection: readonly Mapped to pid: own pid | success or wait | 576800457 |
Mutant created | Name: \BaseNamedObjects\WTFGQ7AIWawyMYWWRAk3SWXkgj39MdG | object name exists | 577239601 |
Thread created | PID: 420 TID: 4076 EIP: 7C8106F9 Imagepath: C:\Program Files\Common Files\Microsoft Shared\VS7Debug\MDM.EXE | success or wait | 577288123 |
Thread resumed | TID: 4076 PID: 420 Path: C:\Program Files\Common Files\Microsoft Shared\VS7Debug\MDM.EXE | success or wait | 577293419 |
File opened | Path: \pipe\globpluginspipe Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: none Content Overwritten: true | pipe not available | 577301124 |
File opened | Path: \pipe\globpluginspipe Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: none Content Overwritten: true | success or wait | 577325003 |
Thread created | PID: 420 TID: 4088 EIP: 7C8106F9 Imagepath: C:\Program Files\Common Files\Microsoft Shared\VS7Debug\MDM.EXE | success or wait | 577326319 |
File read | Path: \globpluginspipe Offset: unknown Length: 4 Value: 41 0C 02 00 | success or wait | 577515979 |
Thread resumed | TID: 4088 PID: 420 Path: C:\Program Files\Common Files\Microsoft Shared\VS7Debug\MDM.EXE | success or wait | 577518284 |
Thread delayed | Time: 0 TID: 4088 | success or wait | 578395161 |
File read | Path: \globpluginspipe Offset: unknown Length: 134209 Value: 67 6C 6F 62 70 6C 75 67 69 6E 73 00 04 00 00 00 72 73 74 5F 31 5F 31 00 00 0C 02 00 4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF 00 00 B8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 E8 00 00 00 0E 1F BA 0E 00 B4 09 CD | success or wait | 578728693 |
Memory allocated | PID: 420 Path: C:\Program Files\Common Files\Microsoft Shared\VS7Debug\MDM.EXE Base: 8E0000 Length: 12CFF2C Allocation Type: unknown Protection: page execute and read and write | success or wait | 578937465 |
Memory allocated | PID: 420 Path: C:\Program Files\Common Files\Microsoft Shared\VS7Debug\MDM.EXE Base: 950000 Length: 12CFE78 Allocation Type: unknown Protection: page read and write | success or wait | 578950111 |
Memory allocated | PID: 420 Path: C:\Program Files\Common Files\Microsoft Shared\VS7Debug\MDM.EXE Base: 950000 Length: 12CFE7C Allocation Type: unknown Protection: page read and write | success or wait | 578955366 |
Memory allocated | PID: 420 Path: C:\Program Files\Common Files\Microsoft Shared\VS7Debug\MDM.EXE Base: 951000 Length: 12CFB58 Allocation Type: unknown Protection: page read and write | success or wait | 578960731 |
Process information queried | PID: 420 Info Class: Cookie | success or wait | 578964094 |
Process information queried | PID: 420 Info Class: Cookie | success or wait | 578968188 |
Process information queried | PID: 420 Info Class: Cookie | success or wait | 578972720 |
Process information queried | PID: 420 Info Class: Cookie | success or wait | 578977561 |
Process information queried | PID: 420 Info Class: Cookie | success or wait | 578982631 |
Process information queried | PID: 420 Info Class: Cookie | success or wait | 578985851 |
Process information queried | PID: 420 Info Class: Cookie | success or wait | 578989407 |
Process information queried | PID: 420 Info Class: Cookie | success or wait | 578997067 |
Process information queried | PID: 420 Info Class: Cookie | success or wait | 579001617 |
Process information queried | PID: 420 Info Class: Cookie | success or wait | 579009475 |
Process information queried | PID: 420 Info Class: Cookie | success or wait | 579014125 |
Process information queried | PID: 420 Info Class: Cookie | success or wait | 579018339 |
Process information queried | PID: 420 Info Class: Cookie | success or wait | 579022525 |
Process information queried | PID: 420 Info Class: Cookie | success or wait | 579025506 |
Process information queried | PID: 420 Info Class: Cookie | success or wait | 579029869 |
Process information queried | PID: 420 Info Class: Cookie | success or wait | 579034427 |
Process information queried | PID: 420 Info Class: Cookie | success or wait | 579040305 |
Process information queried | PID: 420 Info Class: Cookie | success or wait | 579047114 |
Process information queried | PID: 420 Info Class: Cookie | success or wait | 579051504 |
Process information queried | PID: 420 Info Class: Cookie | success or wait | 579055870 |
Process information queried | PID: 420 Info Class: Cookie | success or wait | 579060815 |
Process information queried | PID: 420 Info Class: Cookie | success or wait | 579066003 |
Process information queried | PID: 420 Info Class: Cookie | success or wait | 579070462 |
Process information queried | PID: 420 Info Class: Cookie | success or wait | 579074484 |
Process information queried | PID: 420 Info Class: Cookie | success or wait | 579081155 |
Process information queried | PID: 420 Info Class: Cookie | success or wait | 579085429 |
Process information queried | PID: 420 Info Class: Cookie | success or wait | 579088852 |
Process information queried | PID: 420 Info Class: Cookie | success or wait | 579098622 |
Process information queried | PID: 420 Info Class: Cookie | success or wait | 579101026 |
Process information queried | PID: 420 Info Class: Cookie | success or wait | 579104665 |
Process information queried | PID: 420 Info Class: Cookie | success or wait | 579108130 |
Process information queried | PID: 420 Info Class: Cookie | success or wait | 579110946 |
Process information queried | PID: 420 Info Class: Cookie | success or wait | 579113007 |
Process information queried | PID: 420 Info Class: Cookie | success or wait | 579115468 |
Process information queried | PID: 420 Info Class: Cookie | success or wait | 579118775 |
Process information queried | PID: 420 Info Class: Cookie | success or wait | 579122158 |
Process information queried | PID: 420 Info Class: Cookie | success or wait | 579125407 |
Process information queried | PID: 420 Info Class: Cookie | success or wait | 579128633 |
Process information queried | PID: 420 Info Class: Cookie | success or wait | 579131029 |
Process information queried | PID: 420 Info Class: Cookie | success or wait | 579135171 |
Process information queried | PID: 420 Info Class: Cookie | success or wait | 579137928 |
Process information queried | PID: 420 Info Class: Cookie | success or wait | 579140752 |
Process information queried | PID: 420 Info Class: Cookie | success or wait | 579153660 |
Process information queried | PID: 420 Info Class: Cookie | success or wait | 579155791 |
Process information queried | PID: 420 Info Class: Cookie | success or wait | 579158811 |
Process information queried | PID: 420 Info Class: Cookie | success or wait | 579161833 |
Process information queried | PID: 420 Info Class: Cookie | success or wait | 579164182 |
Process information queried | PID: 420 Info Class: Cookie | success or wait | 579167065 |
Process information queried | PID: 420 Info Class: Cookie | success or wait | 579169865 |
Process information queried | PID: 420 Info Class: Cookie | success or wait | 580081340 |
Thread delayed | Time: 0 TID: 4088 | success or wait | 580083770 |
Thread delayed | Time: 0 TID: 4088 | success or wait | 582417774 |
Thread delayed | Time: 0 TID: 4088 | success or wait | 583829153 |
System info queried | Type: ProcessInformation | success or wait | 584019930 |
Thread delayed | Time: 0 TID: 4088 | success or wait | 585035903 |
Thread delayed | Time: 0 TID: 4088 | success or wait | 586635643 |
Thread created | PID: 420 TID: 1396 EIP: 7C8106F9 Imagepath: C:\Program Files\Common Files\Microsoft Shared\VS7Debug\MDM.EXE | success or wait | 586851413 |
Thread resumed | TID: 1396 PID: 420 Path: C:\Program Files\Common Files\Microsoft Shared\VS7Debug\MDM.EXE | success or wait | 586854399 |
Thread created | PID: 420 TID: 160 EIP: 7C8106F9 Imagepath: C:\Program Files\Common Files\Microsoft Shared\VS7Debug\MDM.EXE | success or wait | 586864452 |
Thread resumed | TID: 160 PID: 420 Path: C:\Program Files\Common Files\Microsoft Shared\VS7Debug\MDM.EXE | success or wait | 586868821 |
Thread delayed | Time: 0 TID: 4088 | success or wait | 587745865 |
Thread delayed | Time: 0 TID: 4088 | success or wait | 588864669 |
Thread delayed | Time: 0 TID: 4088 | success or wait | 589983240 |
Thread delayed | Time: 0 TID: 4088 | success or wait | 591101888 |
System info queried | Type: ProcessInformation | success or wait | 591108493 |
Thread delayed | Time: 0 TID: 4088 | success or wait | 592220255 |
Thread delayed | Time: 0 TID: 4088 | success or wait | 593338776 |
Thread delayed | Time: 0 TID: 4088 | success or wait | 594646012 |
Thread delayed | Time: 0 TID: 4088 | success or wait | 596040097 |
Thread delayed | Time: 0 TID: 4088 | success or wait | 597143249 |
System info queried | Type: ProcessInformation | success or wait | 598273981 |
Thread delayed | Time: 0 TID: 4088 | success or wait | 598274085 |
Thread delayed | Time: 0 TID: 4088 | success or wait | 599577703 |
Thread delayed | Time: 0 TID: 4088 | success or wait | 600671870 |
Thread delayed | Time: 0 TID: 4088 | success or wait | 601793226 |
Thread delayed | Time: 0 TID: 4088 | success or wait | 602913877 |
Thread delayed | Time: 0 TID: 4088 | success or wait | 604210259 |
Thread delayed | Time: 0 TID: 4088 | success or wait | 605417435 |
System info queried | Type: ProcessInformation | success or wait | 605420733 |
Thread delayed | Time: 0 TID: 4088 | success or wait | 606485926 |
Thread delayed | Time: 0 TID: 4088 | success or wait | 607604147 |
Thread delayed | Time: 0 TID: 4088 | success or wait | 608742881 |
Thread delayed | Time: 0 TID: 4088 | success or wait | 609841390 |
Thread delayed | Time: 0 TID: 4088 | success or wait | 610957744 |
Thread delayed | Time: 0 TID: 4088 | success or wait | 612076026 |
System info queried | Type: ProcessInformation | success or wait | 612586546 |
Thread delayed | Time: 0 TID: 4088 | success or wait | 613194863 |
Thread delayed | Time: 0 TID: 4088 | success or wait | 614316062 |
Thread delayed | Time: 0 TID: 4088 | success or wait | 615431906 |
Thread delayed | Time: 0 TID: 4088 | success or wait | 616550521 |
Thread delayed | Time: 0 TID: 4088 | success or wait | 617672032 |
Thread delayed | Time: 0 TID: 4088 | success or wait | 618787684 |
System info queried | Type: ProcessInformation | success or wait | 619738171 |
Thread delayed | Time: 0 TID: 4088 | success or wait | 619913208 |
Thread delayed | Time: 0 TID: 4088 | success or wait | 621024887 |
Thread delayed | Time: 0 TID: 4088 | success or wait | 622143737 |
Thread delayed | Time: 0 TID: 4088 | success or wait | 623262125 |
Thread delayed | Time: 0 TID: 4088 | success or wait | 624383430 |
Thread delayed | Time: 0 TID: 4088 | success or wait | 625499349 |
Thread delayed | Time: 0 TID: 4088 | success or wait | 626619571 |
System info queried | Type: ProcessInformation | success or wait | 626900033 |
Thread delayed | Time: 0 TID: 4088 | success or wait | 627736580 |
Thread delayed | Time: 0 TID: 4088 | success or wait | 628859535 |
Thread delayed | Time: 0 TID: 4088 | success or wait | 629974505 |
Thread delayed | Time: 0 TID: 4088 | success or wait | 631092706 |
Thread delayed | Time: 0 TID: 4088 | success or wait | 632210963 |
Thread delayed | Time: 0 TID: 4088 | success or wait | 633329601 |
System info queried | Type: ProcessInformation | success or wait | 634056356 |
Thread delayed | Time: 0 TID: 4088 | success or wait | 634455374 |
Thread delayed | Time: 0 TID: 4088 | success or wait | 635566812 |
Thread delayed | Time: 0 TID: 4088 | success or wait | 636685421 |
System info queried | Type: ProcessInformation | success or wait | 641215114 |
Message posted | TID: 1B4 Message: 401 WParam: 2472 LParam: 0 | success | 641222882 |
System info queried | Type: ProcessInformation | success or wait | 648843731 |
System info queried | Type: ProcessInformation | info length mismatch | 655533370 |
Memory allocated | PID: 420 Path: C:\Program Files\Common Files\Microsoft Shared\VS7Debug\MDM.EXE Base: 18F000 Length: B6FBDC Allocation Type: unknown Protection: page read and write | success or wait | 655539481 |
System info queried | Type: ProcessInformation | success or wait | 655539946 |
Message posted | TID: 1B4 Message: 401 WParam: 2948 LParam: 0 | success | 655546898 |
System info queried | Type: ProcessInformation | success or wait | 662692559 |
System info queried | Type: ProcessInformation | success or wait | 669851812 |
System info queried | Type: ProcessInformation | success or wait | 677010751 |
System info queried | Type: ProcessInformation | success or wait | 684394424 |
System info queried | Type: ProcessInformation | success or wait | 691328443 |
System info queried | Type: ProcessInformation | success or wait | 698720918 |
Mutant created | Name: \BaseNamedObjects\ofjwkwufhdjfgki | object name exists | 700911191 |
File opened | Path: \pipe\globpluginspipe Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: none Content Overwritten: true | pipe not available | 700933409 |
File opened | Path: \pipe\globpluginspipe Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: none Content Overwritten: true | pipe not available | 701097348 |
File opened | Path: \pipe\globpluginspipe Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: none Content Overwritten: true | success or wait | 701547265 |
File read | Path: \globpluginspipe Offset: unknown Length: 4 Value: 41 0C 02 00 | success or wait | 701877419 |
File read | Path: \globpluginspipe Offset: unknown Length: 134209 Value: 67 6C 6F 62 70 6C 75 67 69 6E 73 00 04 00 00 00 72 73 74 5F 31 5F 31 00 00 0C 02 00 4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF 00 00 B8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 E8 00 00 00 0E 1F BA 0E 00 B4 09 CD | success or wait | 702087879 |
System info queried | Type: ProcessInformation | success or wait | 706196813 |
System info queried | Type: ProcessInformation | success or wait | 712808508 |
System info queried | Type: ProcessInformation | success or wait | 719965425 |
System info queried | Type: ProcessInformation | success or wait | 727127622 |
System info queried | Type: ProcessInformation | success or wait | 734425347 |
System info queried | Type: ProcessInformation | success or wait | 741554623 |
System info queried | Type: ProcessInformation | success or wait | 748769602 |
System info queried | Type: ProcessInformation | success or wait | 755930988 |
System info queried | Type: ProcessInformation | success or wait | 763087227 |
System info queried | Type: ProcessInformation | success or wait | 770246947 |
System info queried | Type: ProcessInformation | success or wait | 777461958 |
System info queried | Type: ProcessInformation | success or wait | 784621070 |
System info queried | Type: ProcessInformation | success or wait | 791780113 |
System info queried | Type: ProcessInformation | success or wait | 798998456 |
System info queried | Type: ProcessInformation | success or wait | 806210113 |
System info queried | Type: ProcessInformation | success or wait | 813369314 |
System info queried | Type: ProcessInformation | success or wait | 820635033 |
Mutant created | Name: \BaseNamedObjects\ofjwkwufhdjfgki | object name exists | 820690661 |
File opened | Path: \pipe\globpluginspipe Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: none Content Overwritten: true | pipe not available | 820694018 |
File opened | Path: \pipe\globpluginspipe Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: none Content Overwritten: true | pipe not available | 821152896 |
File opened | Path: \pipe\globpluginspipe Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: none Content Overwritten: true | pipe not available | 822139355 |
File opened | Path: \pipe\globpluginspipe Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: none Content Overwritten: true | pipe not available | 823107079 |
File opened | Path: \pipe\globpluginspipe Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: none Content Overwritten: true | success or wait | 823506764 |
File read | Path: \globpluginspipe Offset: unknown Length: 4 Value: 41 0C 02 00 | success or wait | 823581452 |
File read | Path: \globpluginspipe Offset: unknown Length: 134209 Value: 67 6C 6F 62 70 6C 75 67 69 6E 73 00 04 00 00 00 72 73 74 5F 31 5F 31 00 00 0C 02 00 4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF 00 00 B8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 E8 00 00 00 0E 1F BA 0E 00 B4 09 CD | success or wait | 824568870 |
Sections | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
File Activities:
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Section Activities:
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Registry Activities:
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Mutant Activities:
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Process Activities:
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Thread Activities:
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Memory Activities:
|
Chronological sections | |||
Operation | Data | Completion | Time |
Section loaded | Path: \KnownDlls\CRYPT32.dll Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 555072929 |
Section loaded | Path: C:\WINDOWS\system32\crypt32.dll Access: query and write and read and execute Type: image Baseaddress: 77A80000 Size: 610304 Protection: read write Mapped to pid: own pid | success or wait | 555088748 |
Section loaded | Path: \KnownDlls\MSASN1.dll Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 555450843 |
Section loaded | Path: C:\WINDOWS\system32\msasn1.dll Access: query and write and read and execute Type: image Baseaddress: 77B20000 Size: 73728 Protection: read write Mapped to pid: own pid | success or wait | 555460332 |
Section loaded | Path: \KnownDlls\WININET.dll Access: write and read and execute Type: unknown Baseaddress: 3D930000 Size: 942080 Protection: read write Mapped to pid: own pid | success or wait | 556764358 |
Section loaded | Path: \KnownDlls\Normaliz.dll Access: write and read and execute Type: unknown Baseaddress: 990000 Size: 36864 Protection: read write Mapped to pid: own pid | conflicting addresses | 556891546 |
Section loaded | Path: \KnownDlls\urlmon.dll Access: write and read and execute Type: unknown Baseaddress: 78130000 Size: 1257472 Protection: read write Mapped to pid: own pid | success or wait | 558153554 |
Section loaded | Path: \KnownDlls\iertutil.dll Access: write and read and execute Type: unknown Baseaddress: 3DFD0000 Size: 2002944 Protection: read write Mapped to pid: own pid | success or wait | 559434155 |
Memory attributes changed | PID: 1840 Path: C:\WINDOWS\system32\alg.exe Base: 7C90D76E Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 564209509 |
File opened | Path: C:\WINDOWS\system32\ntdll.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 564270696 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@4c4a0d | success or wait | 564285640 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 4 Value: D0 00 00 00 | success or wait | 564289166 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@91a0c3 | success or wait | 564291872 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 20 Value: 4C 01 04 00 7D F2 00 4D 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 564294962 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 D0 07 00 00 3C 03 00 00 00 00 00 F8 20 01 00 00 10 00 00 00 90 07 00 00 00 90 7C 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 0A 00 00 00 00 00 00 20 0B 00 00 04 00 00 30 FD 0A 00 03 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 34 00 00 | success or wait | 564299270 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@d16dc8 | success or wait | 564304232 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 DA CE 07 00 00 10 00 00 00 D0 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 20 4A 00 00 00 E0 07 00 00 32 00 00 00 D4 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 78 BE 02 00 00 30 08 00 00 C0 02 00 | success or wait | 564308142 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@17e7f88 | success or wait | 564323046 |
Section loaded | Path: C:\WINDOWS\system32\ntdll.dll Access: query and read Type: commit Baseaddress: 9C0000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 564348541 |
Memory attributes changed | PID: 1840 Path: C:\WINDOWS\system32\alg.exe Base: 7C90D76E Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 564584681 |
Memory attributes changed | PID: 1840 Path: C:\WINDOWS\system32\alg.exe Base: BAFCD70 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 564630850 |
Memory attributes changed | PID: 1840 Path: C:\WINDOWS\system32\alg.exe Base: 7C90DF1E Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 564684252 |
File opened | Path: C:\WINDOWS\system32\ntdll.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 564721234 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@4c4a0d | success or wait | 564746792 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 4 Value: D0 00 00 00 | success or wait | 564761881 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@91a0c3 | success or wait | 564769997 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 20 Value: 4C 01 04 00 7D F2 00 4D 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 564778929 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 D0 07 00 00 3C 03 00 00 00 00 00 F8 20 01 00 00 10 00 00 00 90 07 00 00 00 90 7C 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 0A 00 00 00 00 00 00 20 0B 00 00 04 00 00 30 FD 0A 00 03 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 34 00 00 | success or wait | 564789561 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@d16dc8 | success or wait | 564798757 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 DA CE 07 00 00 10 00 00 00 D0 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 20 4A 00 00 00 E0 07 00 00 32 00 00 00 D4 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 78 BE 02 00 00 30 08 00 00 C0 02 00 | success or wait | 564807486 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@17e7f88 | success or wait | 564842781 |
Section loaded | Path: C:\WINDOWS\system32\ntdll.dll Access: query and read Type: commit Baseaddress: 9C0000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 564871526 |
Memory attributes changed | PID: 1840 Path: C:\WINDOWS\system32\alg.exe Base: 7C90DF1E Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 565780066 |
Memory attributes changed | PID: 1840 Path: C:\WINDOWS\system32\alg.exe Base: BB17110 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 565788280 |
Memory attributes changed | PID: 1840 Path: C:\WINDOWS\system32\alg.exe Base: 7C90D2EE Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 565800098 |
File opened | Path: C:\WINDOWS\system32\ntdll.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 565929701 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@4c4a0d | success or wait | 565963751 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 4 Value: D0 00 00 00 | success or wait | 565976090 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@91a0c3 | success or wait | 566006411 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 20 Value: 4C 01 04 00 7D F2 00 4D 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 566014700 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 D0 07 00 00 3C 03 00 00 00 00 00 F8 20 01 00 00 10 00 00 00 90 07 00 00 00 90 7C 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 0A 00 00 00 00 00 00 20 0B 00 00 04 00 00 30 FD 0A 00 03 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 34 00 00 | success or wait | 566024021 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@d16dc8 | success or wait | 566052956 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 DA CE 07 00 00 10 00 00 00 D0 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 20 4A 00 00 00 E0 07 00 00 32 00 00 00 D4 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 78 BE 02 00 00 30 08 00 00 C0 02 00 | success or wait | 566061409 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@17e7f88 | success or wait | 566209875 |
Section loaded | Path: C:\WINDOWS\system32\ntdll.dll Access: query and read Type: commit Baseaddress: 9C0000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 566263462 |
Memory attributes changed | PID: 1840 Path: C:\WINDOWS\system32\alg.exe Base: 7C90D2EE Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 566755518 |
Memory attributes changed | PID: 1840 Path: C:\WINDOWS\system32\alg.exe Base: BB02A80 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 566766124 |
Memory attributes changed | PID: 1840 Path: C:\WINDOWS\system32\alg.exe Base: 7C90DB3E Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 567673797 |
File opened | Path: C:\WINDOWS\system32\ntdll.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 567785861 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@4c4a0d | success or wait | 567833946 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 4 Value: D0 00 00 00 | success or wait | 567847648 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@91a0c3 | success or wait | 567865375 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 20 Value: 4C 01 04 00 7D F2 00 4D 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 567873487 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 D0 07 00 00 3C 03 00 00 00 00 00 F8 20 01 00 00 10 00 00 00 90 07 00 00 00 90 7C 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 0A 00 00 00 00 00 00 20 0B 00 00 04 00 00 30 FD 0A 00 03 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 34 00 00 | success or wait | 567920026 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@d16dc8 | success or wait | 567931926 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 DA CE 07 00 00 10 00 00 00 D0 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 20 4A 00 00 00 E0 07 00 00 32 00 00 00 D4 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 78 BE 02 00 00 30 08 00 00 C0 02 00 | success or wait | 568049487 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@17e7f88 | success or wait | 568061139 |
Section loaded | Path: C:\WINDOWS\system32\ntdll.dll Access: query and read Type: commit Baseaddress: 9C0000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 568069440 |
Memory attributes changed | PID: 1840 Path: C:\WINDOWS\system32\alg.exe Base: 7C90DB3E Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 568179896 |
Memory attributes changed | PID: 1840 Path: C:\WINDOWS\system32\alg.exe Base: BB169A8 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 568211411 |
Memory attributes changed | PID: 1840 Path: C:\WINDOWS\system32\alg.exe Base: 7C91632D Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 568221790 |
File opened | Path: C:\WINDOWS\system32\ntdll.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 568372721 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@4c4a0d | success or wait | 568618494 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 4 Value: D0 00 00 00 | success or wait | 568627884 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@91a0c3 | success or wait | 568636489 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 20 Value: 4C 01 04 00 7D F2 00 4D 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 568647068 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 D0 07 00 00 3C 03 00 00 00 00 00 F8 20 01 00 00 10 00 00 00 90 07 00 00 00 90 7C 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 0A 00 00 00 00 00 00 20 0B 00 00 04 00 00 30 FD 0A 00 03 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 34 00 00 | success or wait | 568659350 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@d16dc8 | success or wait | 568672712 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 DA CE 07 00 00 10 00 00 00 D0 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 20 4A 00 00 00 E0 07 00 00 32 00 00 00 D4 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 78 BE 02 00 00 30 08 00 00 C0 02 00 | success or wait | 568687257 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@17e7f88 | success or wait | 568702118 |
Section loaded | Path: C:\WINDOWS\system32\ntdll.dll Access: query and read Type: commit Baseaddress: 9C0000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 568711619 |
Memory attributes changed | PID: 1840 Path: C:\WINDOWS\system32\alg.exe Base: 7C91632D Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 568854443 |
Memory attributes changed | PID: 1840 Path: C:\WINDOWS\system32\alg.exe Base: BB031F0 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 568867179 |
Memory attributes changed | PID: 1840 Path: C:\WINDOWS\system32\alg.exe Base: 7E418BF6 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 568882620 |
File other op | Path: C:\WINDOWS\system32\user32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1e6e48b | success or wait | 569020025 |
File read | Path: C:\WINDOWS\system32\user32.dll Offset: unknown Length: 4 Value: D8 00 00 00 | success or wait | 569150553 |
File other op | Path: C:\WINDOWS\system32\user32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1a66ce8 | success or wait | 569162479 |
File read | Path: C:\WINDOWS\system32\user32.dll Offset: unknown Length: 20 Value: 4C 01 04 00 1B A1 02 48 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 569172992 |
File read | Path: C:\WINDOWS\system32\user32.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 F4 05 00 00 E2 02 00 00 00 00 00 17 B2 00 00 00 10 00 00 00 B0 05 00 00 00 41 7E 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 00 00 00 00 00 00 00 10 09 00 00 04 00 00 76 FC 08 00 02 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 39 00 00 | success or wait | 569181252 |
File other op | Path: C:\WINDOWS\system32\user32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1382988 | success or wait | 569190806 |
File read | Path: C:\WINDOWS\system32\user32.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 83 F2 05 00 00 10 00 00 00 F4 05 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 80 11 00 00 00 10 06 00 00 0C 00 00 00 F8 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 88 A0 02 00 00 30 06 00 00 A2 02 00 | success or wait | 569200355 |
File other op | Path: C:\WINDOWS\system32\user32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@2eb6e9 | success or wait | 569208680 |
Section loaded | Path: C:\WINDOWS\system32\user32.dll Access: query and read Type: commit Baseaddress: 9C0000 Size: 57344 Protection: readonly Mapped to pid: own pid | success or wait | 569215812 |
Memory attributes changed | PID: 1840 Path: C:\WINDOWS\system32\alg.exe Base: 7E418BF6 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 569307899 |
Memory attributes changed | PID: 1840 Path: C:\WINDOWS\system32\alg.exe Base: BB02140 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 569318455 |
File opened | Path: C:\skhfushjflw\config.bin Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: normal Content Overwritten: true | success or wait | 569329461 |
File read | Path: C:\skhfushjflw\config.bin Offset: unknown Length: 74019 Value: 50 5F A6 6E 46 82 4F 8B 57 93 A9 9E 12 94 50 94 50 94 50 94 50 94 65 A2 66 A2 68 AC 79 BD E4 97 C1 E3 88 2B 9D C5 E2 92 23 B3 04 C0 03 7C B1 2A B3 BE CE AD 37 FD 39 FD 3B 6B 1F 81 21 06 02 04 95 44 7B 58 4F 33 E4 CF A8 3F D4 7E 21 05 7D B3 67 3E 96 B1 22 34 C2 F2 16 A5 36 26 B2 39 84 48 E5 22 EE 43 | success or wait | 569409570 |
Memory attributes changed | PID: 1840 Path: C:\WINDOWS\system32\alg.exe Base: 3D949088 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 570245182 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 570275462 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@ea9cf1 | success or wait | 570287860 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 570306140 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@e596c9 | success or wait | 570315682 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 570329642 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 570341220 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@10e98d8 | success or wait | 570402357 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 570415866 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@154b574 | success or wait | 570424941 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: 9C0000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 570554825 |
Memory attributes changed | PID: 1840 Path: C:\WINDOWS\system32\alg.exe Base: 3D949088 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 571037425 |
Memory attributes changed | PID: 1840 Path: C:\WINDOWS\system32\alg.exe Base: BB17598 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 571043346 |
Memory attributes changed | PID: 1840 Path: C:\WINDOWS\system32\alg.exe Base: 3D95EE89 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 571050474 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 571068920 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@ea9cf1 | success or wait | 571072517 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 571087226 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@e596c9 | success or wait | 571091028 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 571105906 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 571109022 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@10e98d8 | success or wait | 571113488 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 571116843 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@154b574 | success or wait | 571119408 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: 9C0000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 571122794 |
Memory attributes changed | PID: 1840 Path: C:\WINDOWS\system32\alg.exe Base: 3D95EE89 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 571166736 |
Memory attributes changed | PID: 1840 Path: C:\WINDOWS\system32\alg.exe Base: BB16B68 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 571173534 |
Memory attributes changed | PID: 1840 Path: C:\WINDOWS\system32\alg.exe Base: 3D94FABE Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 571182221 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 571207043 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@ea9cf1 | success or wait | 571213606 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 571265299 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@e596c9 | success or wait | 571280701 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 571291257 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 571886321 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@10e98d8 | success or wait | 571893670 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 571898921 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@154b574 | success or wait | 571904361 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: 9C0000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 571908623 |
Memory attributes changed | PID: 1840 Path: C:\WINDOWS\system32\alg.exe Base: 3D94FABE Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 571983169 |
Memory attributes changed | PID: 1840 Path: C:\WINDOWS\system32\alg.exe Base: BAFC6D0 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 571986002 |
Memory attributes changed | PID: 1840 Path: C:\WINDOWS\system32\alg.exe Base: 3D9A608E Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 571989854 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 571999010 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@ea9cf1 | success or wait | 572014586 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 572017763 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@e596c9 | success or wait | 572058008 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 572061746 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 572077750 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@10e98d8 | success or wait | 572082355 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 572086062 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@154b574 | success or wait | 572088628 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: 9C0000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 572092207 |
Memory attributes changed | PID: 1840 Path: C:\WINDOWS\system32\alg.exe Base: 3D9A608E Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 572127978 |
Memory attributes changed | PID: 1840 Path: C:\WINDOWS\system32\alg.exe Base: BB05EA0 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 572129987 |
File opened | Path: C:\skhfushjflw\config.bin Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: normal Content Overwritten: true | success or wait | 572132642 |
File read | Path: C:\skhfushjflw\config.bin Offset: unknown Length: 74019 Value: 50 5F A6 6E 46 82 4F 8B 57 93 A9 9E 12 94 50 94 50 94 50 94 50 94 65 A2 66 A2 68 AC 79 BD E4 97 C1 E3 88 2B 9D C5 E2 92 23 B3 04 C0 03 7C B1 2A B3 BE CE AD 37 FD 39 FD 3B 6B 1F 81 21 06 02 04 95 44 7B 58 4F 33 E4 CF A8 3F D4 7E 21 05 7D B3 67 3E 96 B1 22 34 C2 F2 16 A5 36 26 B2 39 84 48 E5 22 EE 43 | success or wait | 572148847 |
Memory attributes changed | PID: 1840 Path: C:\WINDOWS\system32\alg.exe Base: 3D94D508 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 572212378 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 572219829 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@ea9cf1 | success or wait | 572224510 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 572226916 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@e596c9 | success or wait | 572264635 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 572267457 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 572281738 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@10e98d8 | success or wait | 572295104 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 572297763 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@154b574 | success or wait | 572613762 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: 9C0000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 572618961 |
Memory attributes changed | PID: 1840 Path: C:\WINDOWS\system32\alg.exe Base: 3D94D508 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 572687972 |
Memory attributes changed | PID: 1840 Path: C:\WINDOWS\system32\alg.exe Base: BB06620 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 572692019 |
Memory attributes changed | PID: 1840 Path: C:\WINDOWS\system32\alg.exe Base: 3D94CF4E Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 572699040 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 572717714 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@ea9cf1 | success or wait | 572720128 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 572722443 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@e596c9 | success or wait | 572727494 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 573048464 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 573053571 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@10e98d8 | success or wait | 573057428 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 573095867 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@154b574 | success or wait | 573098457 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: 9C0000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 573100800 |
Memory attributes changed | PID: 1840 Path: C:\WINDOWS\system32\alg.exe Base: 3D94CF4E Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 573132691 |
Memory attributes changed | PID: 1840 Path: C:\WINDOWS\system32\alg.exe Base: BB17758 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 573135120 |
Memory attributes changed | PID: 1840 Path: C:\WINDOWS\system32\alg.exe Base: 3D94878D Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 573137791 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 573158189 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@ea9cf1 | success or wait | 573161185 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 573163778 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@e596c9 | success or wait | 573201640 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 573204793 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 573207003 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@10e98d8 | success or wait | 573209436 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 573212507 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@154b574 | success or wait | 573215296 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: 9C0000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 573218381 |
Memory attributes changed | PID: 1840 Path: C:\WINDOWS\system32\alg.exe Base: 3D94878D Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 573279772 |
Memory attributes changed | PID: 1840 Path: C:\WINDOWS\system32\alg.exe Base: BB033B0 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 573283851 |
Memory attributes changed | PID: 1840 Path: C:\WINDOWS\system32\alg.exe Base: 3D940049 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 573301507 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 573308455 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@ea9cf1 | success or wait | 573311191 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 573366999 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@e596c9 | success or wait | 573374693 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 573382757 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 573388336 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@10e98d8 | success or wait | 573397849 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 573403662 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@154b574 | success or wait | 573410396 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: 9C0000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 573419510 |
Memory attributes changed | PID: 1840 Path: C:\WINDOWS\system32\alg.exe Base: 3D940049 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 573484830 |
Memory attributes changed | PID: 1840 Path: C:\WINDOWS\system32\alg.exe Base: BB17AA8 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 573490269 |
Memory attributes changed | PID: 1840 Path: C:\WINDOWS\system32\alg.exe Base: 3D94BF83 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 573521707 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 573581107 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@ea9cf1 | success or wait | 573590833 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 573596701 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@e596c9 | success or wait | 573605217 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 573611064 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 573616635 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@10e98d8 | success or wait | 573628678 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 573635005 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@154b574 | success or wait | 573684097 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: 9C0000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 573700304 |
Memory attributes changed | PID: 1840 Path: C:\WINDOWS\system32\alg.exe Base: 3D94BF83 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 574521058 |
Memory attributes changed | PID: 1840 Path: C:\WINDOWS\system32\alg.exe Base: BB02C30 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 574551742 |
Memory attributes changed | PID: 1840 Path: C:\WINDOWS\system32\alg.exe Base: 3D94654B Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 574565667 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 574582931 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@ea9cf1 | success or wait | 574609660 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 574615031 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@e596c9 | success or wait | 574622316 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 574627364 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 574632470 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@10e98d8 | success or wait | 574639698 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 574645228 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@154b574 | success or wait | 574651498 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: 9C0000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 574657904 |
Memory attributes changed | PID: 1840 Path: C:\WINDOWS\system32\alg.exe Base: 3D94654B Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 574841480 |
Memory attributes changed | PID: 1840 Path: C:\WINDOWS\system32\alg.exe Base: BB035C0 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 574846802 |
Memory attributes changed | PID: 1840 Path: C:\WINDOWS\system32\alg.exe Base: 3D963381 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 574894254 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 574943485 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@ea9cf1 | success or wait | 574950329 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 574955950 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@e596c9 | success or wait | 574961859 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 574968192 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 574972929 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@10e98d8 | success or wait | 574979280 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 574983684 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@154b574 | success or wait | 574988643 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: 9C0000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 574995110 |
Memory attributes changed | PID: 1840 Path: C:\WINDOWS\system32\alg.exe Base: 3D963381 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 575033590 |
Memory attributes changed | PID: 1840 Path: C:\WINDOWS\system32\alg.exe Base: BAFCB48 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 575039402 |
Memory attributes changed | PID: 1840 Path: C:\WINDOWS\system32\alg.exe Base: 71AB4C27 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 575063525 |
File other op | Path: C:\WINDOWS\system32\ws2_32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@54f742 | success or wait | 575089159 |
File read | Path: C:\WINDOWS\system32\ws2_32.dll Offset: unknown Length: 4 Value: F0 00 00 00 | success or wait | 575094680 |
File other op | Path: C:\WINDOWS\system32\ws2_32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@35135a | success or wait | 575099071 |
File read | Path: C:\WINDOWS\system32\ws2_32.dll Offset: unknown Length: 20 Value: 4C 01 04 00 63 A1 02 48 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 575102495 |
File read | Path: C:\WINDOWS\system32\ws2_32.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 22 01 00 00 1C 00 00 00 00 00 00 73 12 00 00 00 10 00 00 00 20 01 00 00 00 AB 71 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 0A 00 00 00 00 00 00 70 01 00 00 04 00 00 20 F0 01 00 03 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 04 14 00 00 | success or wait | 575109808 |
File other op | Path: C:\WINDOWS\system32\ws2_32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@89a2d9 | success or wait | 575115519 |
File read | Path: C:\WINDOWS\system32\ws2_32.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 53 21 01 00 00 10 00 00 00 22 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 14 09 00 00 00 40 01 00 00 0A 00 00 00 26 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 F8 03 00 00 00 50 01 00 00 04 00 00 | success or wait | 575119173 |
File other op | Path: C:\WINDOWS\system32\ws2_32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@227bd0 | success or wait | 575123122 |
Section loaded | Path: C:\WINDOWS\system32\ws2_32.dll Access: query and read Type: commit Baseaddress: 9C0000 Size: 20480 Protection: readonly Mapped to pid: own pid | success or wait | 575127515 |
Memory attributes changed | PID: 1840 Path: C:\WINDOWS\system32\alg.exe Base: 71AB4C27 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 575165411 |
File other op | Path: C:\WINDOWS\system32\advapi32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1eec5fe | success or wait | 575232127 |
File read | Path: C:\WINDOWS\system32\advapi32.dll Offset: unknown Length: 4 Value: F0 00 00 00 | success or wait | 575238370 |
File other op | Path: C:\WINDOWS\system32\advapi32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@108e435 | success or wait | 575246416 |
File read | Path: C:\WINDOWS\system32\advapi32.dll Offset: unknown Length: 20 Value: 4C 01 04 00 48 1D 90 49 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 575257686 |
File read | Path: C:\WINDOWS\system32\advapi32.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 46 07 00 00 3E 02 00 00 00 00 00 0B 71 00 00 00 10 00 00 00 20 07 00 00 00 DD 77 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 00 00 00 00 00 00 00 B0 09 00 00 04 00 00 B8 5B 0A 00 03 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 A4 16 00 00 | success or wait | 575261888 |
File other op | Path: C:\WINDOWS\system32\advapi32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@be834a | success or wait | 575269081 |
File read | Path: C:\WINDOWS\system32\advapi32.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 C9 45 07 00 00 10 00 00 00 46 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 28 46 00 00 00 60 07 00 00 2C 00 00 00 4A 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 80 A9 01 00 00 B0 07 00 00 AA 01 00 | success or wait | 575273320 |
File other op | Path: C:\WINDOWS\system32\advapi32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@19daa20 | success or wait | 575279077 |
Section loaded | Path: C:\WINDOWS\system32\advapi32.dll Access: query and read Type: commit Baseaddress: 9C0000 Size: 28672 Protection: readonly Mapped to pid: own pid | success or wait | 575285364 |
File opened | Path: C:\WINDOWS\System32\CRYPT32.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 575378185 |
File other op | Path: C:\WINDOWS\system32\crypt32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@c386d | success or wait | 575382111 |
File read | Path: C:\WINDOWS\system32\crypt32.dll Offset: unknown Length: 4 Value: F0 00 00 00 | success or wait | 575386337 |
File other op | Path: C:\WINDOWS\system32\crypt32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@4c8b84 | success or wait | 575390497 |
File read | Path: C:\WINDOWS\system32\crypt32.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D7 A0 02 48 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 575395556 |
File read | Path: C:\WINDOWS\system32\crypt32.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 44 08 00 00 DC 00 00 00 00 00 00 32 16 00 00 00 10 00 00 00 20 08 00 00 00 A8 77 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 00 00 00 00 00 00 00 50 09 00 00 04 00 00 30 C5 09 00 02 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 9C 1A 00 00 | success or wait | 575400525 |
File other op | Path: C:\WINDOWS\system32\crypt32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@15ba1ef | success or wait | 575407553 |
File read | Path: C:\WINDOWS\system32\crypt32.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 C4 43 08 00 00 10 00 00 00 44 08 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 E8 23 00 00 00 60 08 00 00 24 00 00 00 48 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 50 67 00 00 00 90 08 00 00 68 00 00 | success or wait | 575411496 |
File other op | Path: C:\WINDOWS\system32\crypt32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@e458c2 | success or wait | 575416262 |
Section loaded | Path: C:\WINDOWS\system32\crypt32.dll Access: query and read Type: commit Baseaddress: BD0000 Size: 77824 Protection: readonly Mapped to pid: own pid | success or wait | 575421558 |
Mutant created | Name: \BaseNamedObjects\WTFGQ7AIWawyMYWWRAk3SWXkgj39MdG | access denied | 576686656 |
Thread created | PID: 1840 TID: 4032 EIP: 7C8106F9 Imagepath: C:\WINDOWS\system32\alg.exe | success or wait | 576742341 |
Thread resumed | TID: 4032 PID: 1840 Path: C:\WINDOWS\system32\alg.exe | success or wait | 576746549 |
File opened | Path: \pipe\globpluginspipe Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: none Content Overwritten: true | success or wait | 576750972 |
File read | Path: \globpluginspipe Offset: unknown Length: 4 Value: 41 0C 02 00 | success or wait | 576756864 |
Thread created | PID: 1840 TID: 4040 EIP: 7C8106F9 Imagepath: C:\WINDOWS\system32\alg.exe | success or wait | 576771809 |
Thread resumed | TID: 4040 PID: 1840 Path: C:\WINDOWS\system32\alg.exe | success or wait | 576778029 |
Thread delayed | Time: 0 TID: 4040 | success or wait | 576796267 |
File read | Path: \globpluginspipe Offset: unknown Length: 134209 Value: 67 6C 6F 62 70 6C 75 67 69 6E 73 00 04 00 00 00 72 73 74 5F 31 5F 31 00 00 0C 02 00 4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF 00 00 B8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 E8 00 00 00 0E 1F BA 0E 00 B4 09 CD | success or wait | 576994429 |
Memory allocated | PID: 1840 Path: C:\WINDOWS\system32\alg.exe Base: 950000 Length: C0FF2C Allocation Type: unknown Protection: page execute and read and write | success or wait | 577198944 |
Memory allocated | PID: 1840 Path: C:\WINDOWS\system32\alg.exe Base: 9C0000 Length: C0FE78 Allocation Type: unknown Protection: page read and write | success or wait | 577212054 |
Memory allocated | PID: 1840 Path: C:\WINDOWS\system32\alg.exe Base: 9C0000 Length: C0FE7C Allocation Type: unknown Protection: page read and write | success or wait | 577237872 |
Memory allocated | PID: 1840 Path: C:\WINDOWS\system32\alg.exe Base: 9C1000 Length: C0FB58 Allocation Type: unknown Protection: page read and write | success or wait | 577246488 |
Process information queried | PID: 1840 Info Class: Cookie | success or wait | 577249962 |
Process information queried | PID: 1840 Info Class: Cookie | success or wait | 577277007 |
Process information queried | PID: 1840 Info Class: Cookie | success or wait | 577284243 |
Process information queried | PID: 1840 Info Class: Cookie | success or wait | 577289086 |
Process information queried | PID: 1840 Info Class: Cookie | success or wait | 577296502 |
Process information queried | PID: 1840 Info Class: Cookie | success or wait | 577302637 |
Process information queried | PID: 1840 Info Class: Cookie | success or wait | 577307556 |
Process information queried | PID: 1840 Info Class: Cookie | success or wait | 577316480 |
Process information queried | PID: 1840 Info Class: Cookie | success or wait | 577320709 |
Process information queried | PID: 1840 Info Class: Cookie | success or wait | 577518827 |
Process information queried | PID: 1840 Info Class: Cookie | success or wait | 577525786 |
Process information queried | PID: 1840 Info Class: Cookie | success or wait | 578408634 |
Thread delayed | Time: 0 TID: 4040 | success or wait | 578412515 |
Process information queried | PID: 1840 Info Class: Cookie | success or wait | 578417154 |
Process information queried | PID: 1840 Info Class: Cookie | success or wait | 578431100 |
Process information queried | PID: 1840 Info Class: Cookie | success or wait | 578446974 |
Process information queried | PID: 1840 Info Class: Cookie | success or wait | 578455270 |
Process information queried | PID: 1840 Info Class: Cookie | success or wait | 578460721 |
Process information queried | PID: 1840 Info Class: Cookie | success or wait | 578475007 |
Process information queried | PID: 1840 Info Class: Cookie | success or wait | 578479294 |
Process information queried | PID: 1840 Info Class: Cookie | success or wait | 578484823 |
Process information queried | PID: 1840 Info Class: Cookie | success or wait | 578515687 |
Process information queried | PID: 1840 Info Class: Cookie | success or wait | 578720708 |
Process information queried | PID: 1840 Info Class: Cookie | success or wait | 578913770 |
Process information queried | PID: 1840 Info Class: Cookie | success or wait | 578926601 |
Process information queried | PID: 1840 Info Class: Cookie | success or wait | 578936319 |
Process information queried | PID: 1840 Info Class: Cookie | success or wait | 578942370 |
Process information queried | PID: 1840 Info Class: Cookie | success or wait | 578948544 |
Process information queried | PID: 1840 Info Class: Cookie | success or wait | 578954306 |
Process information queried | PID: 1840 Info Class: Cookie | success or wait | 578958764 |
Process information queried | PID: 1840 Info Class: Cookie | success or wait | 578963002 |
Process information queried | PID: 1840 Info Class: Cookie | success or wait | 578966937 |
Process information queried | PID: 1840 Info Class: Cookie | success or wait | 578971302 |
Process information queried | PID: 1840 Info Class: Cookie | success or wait | 578982428 |
Process information queried | PID: 1840 Info Class: Cookie | success or wait | 578985653 |
Process information queried | PID: 1840 Info Class: Cookie | success or wait | 578989203 |
Process information queried | PID: 1840 Info Class: Cookie | success or wait | 578993946 |
Process information queried | PID: 1840 Info Class: Cookie | success or wait | 578998049 |
Process information queried | PID: 1840 Info Class: Cookie | success or wait | 579002639 |
Process information queried | PID: 1840 Info Class: Cookie | success or wait | 579009269 |
Process information queried | PID: 1840 Info Class: Cookie | success or wait | 579013945 |
Process information queried | PID: 1840 Info Class: Cookie | success or wait | 579018155 |
Process information queried | PID: 1840 Info Class: Cookie | success or wait | 579022349 |
Process information queried | PID: 1840 Info Class: Cookie | success or wait | 579028120 |
Process information queried | PID: 1840 Info Class: Cookie | success or wait | 579032416 |
Process information queried | PID: 1840 Info Class: Cookie | success or wait | 579036721 |
Process information queried | PID: 1840 Info Class: Cookie | success or wait | 579044147 |
Process information queried | PID: 1840 Info Class: Cookie | success or wait | 579049562 |
Process information queried | PID: 1840 Info Class: Cookie | success or wait | 579053783 |
Process information queried | PID: 1840 Info Class: Cookie | success or wait | 579059364 |
Process information queried | PID: 1840 Info Class: Cookie | success or wait | 579063057 |
Thread delayed | Time: 0 TID: 4040 | success or wait | 580085919 |
Thread delayed | Time: 0 TID: 4040 | success or wait | 582419848 |
Thread delayed | Time: 0 TID: 4040 | success or wait | 583831480 |
Thread delayed | Time: 0 TID: 4040 | success or wait | 585037960 |
Thread delayed | Time: 0 TID: 4040 | success or wait | 586636417 |
Thread created | PID: 1840 TID: 188 EIP: 7C8106F9 Imagepath: C:\WINDOWS\system32\alg.exe | success or wait | 586801276 |
Thread resumed | TID: 188 PID: 1840 Path: C:\WINDOWS\system32\alg.exe | success or wait | 586803783 |
Thread created | PID: 1840 TID: 1816 EIP: 7C8106F9 Imagepath: C:\WINDOWS\system32\alg.exe | success or wait | 586815365 |
Thread resumed | TID: 1816 PID: 1840 Path: C:\WINDOWS\system32\alg.exe | success or wait | 586819759 |
Key created | Path: HKEY_USERS\Software\Microsoft\Internet Explorer\DBControl | success or wait | 586826936 |
Thread delayed | Time: 0 TID: 4040 | success or wait | 587747395 |
Thread delayed | Time: 0 TID: 4040 | success or wait | 588868420 |
Thread delayed | Time: 0 TID: 4040 | success or wait | 589987066 |
Thread delayed | Time: 0 TID: 4040 | success or wait | 591105841 |
Thread delayed | Time: 0 TID: 4040 | success or wait | 592224278 |
Thread delayed | Time: 0 TID: 4040 | success or wait | 593342775 |
Thread delayed | Time: 0 TID: 4040 | success or wait | 594648072 |
Thread delayed | Time: 0 TID: 4040 | success or wait | 596042163 |
Thread delayed | Time: 0 TID: 4040 | success or wait | 597143996 |
Thread delayed | Time: 0 TID: 4040 | success or wait | 598274806 |
Thread delayed | Time: 0 TID: 4040 | success or wait | 599578449 |
Thread delayed | Time: 0 TID: 4040 | success or wait | 600672825 |
Thread delayed | Time: 0 TID: 4040 | success or wait | 601794229 |
Thread delayed | Time: 0 TID: 4040 | success or wait | 602914875 |
Thread delayed | Time: 0 TID: 4040 | success or wait | 604211008 |
Thread delayed | Time: 0 TID: 4040 | success or wait | 605418157 |
Thread delayed | Time: 0 TID: 4040 | success or wait | 606487995 |
Thread delayed | Time: 0 TID: 4040 | success or wait | 607605997 |
Thread delayed | Time: 0 TID: 4040 | success or wait | 608744794 |
Thread delayed | Time: 0 TID: 4040 | success or wait | 609842754 |
Thread delayed | Time: 0 TID: 4040 | success or wait | 610959066 |
Thread delayed | Time: 0 TID: 4040 | success or wait | 612079473 |
Thread delayed | Time: 0 TID: 4040 | success or wait | 613198857 |
Thread delayed | Time: 0 TID: 4040 | success or wait | 614319805 |
Thread delayed | Time: 0 TID: 4040 | success or wait | 615435806 |
Thread delayed | Time: 0 TID: 4040 | success or wait | 616554253 |
Thread delayed | Time: 0 TID: 4040 | success or wait | 617675865 |
Thread delayed | Time: 0 TID: 4040 | success or wait | 618791523 |
Thread delayed | Time: 0 TID: 4040 | success or wait | 619918119 |
Thread delayed | Time: 0 TID: 4040 | success or wait | 621028632 |
Thread delayed | Time: 0 TID: 4040 | success or wait | 622147865 |
Thread delayed | Time: 0 TID: 4040 | success or wait | 623265871 |
Thread delayed | Time: 0 TID: 4040 | success or wait | 624387172 |
Thread delayed | Time: 0 TID: 4040 | success or wait | 625503134 |
Thread delayed | Time: 0 TID: 4040 | success or wait | 626624726 |
Thread delayed | Time: 0 TID: 4040 | success or wait | 627740469 |
Thread delayed | Time: 0 TID: 4040 | success or wait | 628863274 |
Thread delayed | Time: 0 TID: 4040 | success or wait | 629978307 |
Thread delayed | Time: 0 TID: 4040 | success or wait | 631096588 |
Thread delayed | Time: 0 TID: 4040 | success or wait | 632214703 |
Thread delayed | Time: 0 TID: 4040 | success or wait | 633333398 |
Thread delayed | Time: 0 TID: 4040 | success or wait | 634461434 |
Thread delayed | Time: 0 TID: 4040 | success or wait | 635570657 |
Mutant created | Name: \BaseNamedObjects\ofjwkwufhdjfgki | access denied | 698769011 |
File opened | Path: \pipe\globpluginspipe Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: none Content Overwritten: true | pipe not available | 698770405 |
File opened | Path: \pipe\globpluginspipe Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: none Content Overwritten: true | pipe not available | 698867910 |
File opened | Path: \pipe\globpluginspipe Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: none Content Overwritten: true | pipe not available | 699076735 |
File opened | Path: \pipe\globpluginspipe Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: none Content Overwritten: true | success or wait | 699654057 |
File read | Path: \globpluginspipe Offset: unknown Length: 4 Value: 41 0C 02 00 | success or wait | 699869121 |
File read | Path: \globpluginspipe Offset: unknown Length: 134209 Value: 67 6C 6F 62 70 6C 75 67 69 6E 73 00 04 00 00 00 72 73 74 5F 31 5F 31 00 00 0C 02 00 4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF 00 00 B8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 E8 00 00 00 0E 1F BA 0E 00 B4 09 CD | success or wait | 701404578 |
Mutant created | Name: \BaseNamedObjects\ofjwkwufhdjfgki | access denied | 819557416 |
File opened | Path: \pipe\globpluginspipe Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: none Content Overwritten: true | pipe not available | 819561037 |
File opened | Path: \pipe\globpluginspipe Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: none Content Overwritten: true | pipe not available | 820564995 |
File opened | Path: \pipe\globpluginspipe Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: none Content Overwritten: true | success or wait | 821147868 |
File read | Path: \globpluginspipe Offset: unknown Length: 4 Value: 41 0C 02 00 | success or wait | 821148447 |
File read | Path: \globpluginspipe Offset: unknown Length: 134209 Value: 67 6C 6F 62 70 6C 75 67 69 6E 73 00 04 00 00 00 72 73 74 5F 31 5F 31 00 00 0C 02 00 4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF 00 00 B8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 E8 00 00 00 0E 1F BA 0E 00 B4 09 CD | success or wait | 822323317 |
Sections | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
File Activities:
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Section Activities:
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Mutant Activities:
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Process Activities:
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Thread Activities:
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Memory Activities:
|
Chronological sections | |||
Operation | Data | Completion | Time |
Section loaded | Path: \KnownDlls\CRYPT32.dll Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 555457145 |
Section loaded | Path: C:\WINDOWS\system32\crypt32.dll Access: query and write and read and execute Type: image Baseaddress: 77A80000 Size: 610304 Protection: read write Mapped to pid: own pid | success or wait | 555465276 |
Section loaded | Path: \KnownDlls\MSASN1.dll Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 556162483 |
Section loaded | Path: C:\WINDOWS\system32\msasn1.dll Access: query and write and read and execute Type: image Baseaddress: 77B20000 Size: 73728 Protection: read write Mapped to pid: own pid | success or wait | 556170437 |
Section loaded | Path: \KnownDlls\WS2_32.dll Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 556824237 |
Section loaded | Path: C:\WINDOWS\system32\ws2_32.dll Access: query and write and read and execute Type: image Baseaddress: 71AB0000 Size: 94208 Protection: read write Mapped to pid: own pid | success or wait | 556877529 |
Section loaded | Path: \KnownDlls\WS2HELP.dll Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 558055726 |
Section loaded | Path: C:\WINDOWS\system32\ws2help.dll Access: query and write and read and execute Type: image Baseaddress: 71AA0000 Size: 32768 Protection: read write Mapped to pid: own pid | success or wait | 558075373 |
Section loaded | Path: \KnownDlls\WININET.dll Access: write and read and execute Type: unknown Baseaddress: 3D930000 Size: 942080 Protection: read write Mapped to pid: own pid | success or wait | 558191696 |
Section loaded | Path: \KnownDlls\Normaliz.dll Access: write and read and execute Type: unknown Baseaddress: B20000 Size: 36864 Protection: read write Mapped to pid: own pid | conflicting addresses | 559428350 |
Section loaded | Path: \KnownDlls\urlmon.dll Access: write and read and execute Type: unknown Baseaddress: 78130000 Size: 1257472 Protection: read write Mapped to pid: own pid | success or wait | 559778847 |
Section loaded | Path: \KnownDlls\OLEAUT32.dll Access: write and read and execute Type: unknown Baseaddress: 77120000 Size: 569344 Protection: read write Mapped to pid: own pid | success or wait | 559929463 |
Section loaded | Path: \KnownDlls\iertutil.dll Access: write and read and execute Type: unknown Baseaddress: 3DFD0000 Size: 2002944 Protection: read write Mapped to pid: own pid | success or wait | 564180644 |
Memory attributes changed | PID: 1924 Path: C:\WINDOWS\system32\wscntfy.exe Base: 7C90D76E Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 566524741 |
File opened | Path: C:\WINDOWS\system32\ntdll.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 566673735 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@169bc15 | success or wait | 566714879 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 4 Value: D0 00 00 00 | success or wait | 566743902 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@bb2f6e | success or wait | 566753518 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 20 Value: 4C 01 04 00 7D F2 00 4D 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 566762989 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 D0 07 00 00 3C 03 00 00 00 00 00 F8 20 01 00 00 10 00 00 00 90 07 00 00 00 90 7C 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 0A 00 00 00 00 00 00 20 0B 00 00 04 00 00 30 FD 0A 00 03 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 34 00 00 | success or wait | 566771267 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@126f29f | success or wait | 567729962 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 DA CE 07 00 00 10 00 00 00 D0 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 20 4A 00 00 00 E0 07 00 00 32 00 00 00 D4 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 78 BE 02 00 00 30 08 00 00 C0 02 00 | success or wait | 567770894 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@2cb44 | success or wait | 567779983 |
Section loaded | Path: C:\WINDOWS\system32\ntdll.dll Access: query and read Type: commit Baseaddress: C90000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 567790458 |
Memory attributes changed | PID: 1924 Path: C:\WINDOWS\system32\wscntfy.exe Base: 7C90D76E Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 568050220 |
Memory attributes changed | PID: 1924 Path: C:\WINDOWS\system32\wscntfy.exe Base: BAFCD70 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 568061297 |
Memory attributes changed | PID: 1924 Path: C:\WINDOWS\system32\wscntfy.exe Base: 7C90DF1E Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 568070526 |
File opened | Path: C:\WINDOWS\system32\ntdll.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 568120340 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@169bc15 | success or wait | 568141630 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 4 Value: D0 00 00 00 | success or wait | 568155645 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@bb2f6e | success or wait | 568172578 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 20 Value: 4C 01 04 00 7D F2 00 4D 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 568180962 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 D0 07 00 00 3C 03 00 00 00 00 00 F8 20 01 00 00 10 00 00 00 90 07 00 00 00 90 7C 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 0A 00 00 00 00 00 00 20 0B 00 00 04 00 00 30 FD 0A 00 03 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 34 00 00 | success or wait | 568212363 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@126f29f | success or wait | 568222013 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 DA CE 07 00 00 10 00 00 00 D0 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 20 4A 00 00 00 E0 07 00 00 32 00 00 00 D4 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 78 BE 02 00 00 30 08 00 00 C0 02 00 | success or wait | 568352713 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@2cb44 | success or wait | 568364460 |
Section loaded | Path: C:\WINDOWS\system32\ntdll.dll Access: query and read Type: commit Baseaddress: C90000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 568375215 |
Memory attributes changed | PID: 1924 Path: C:\WINDOWS\system32\wscntfy.exe Base: 7C90DF1E Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 568687811 |
Memory attributes changed | PID: 1924 Path: C:\WINDOWS\system32\wscntfy.exe Base: BB17110 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 568700108 |
Memory attributes changed | PID: 1924 Path: C:\WINDOWS\system32\wscntfy.exe Base: 7C90D2EE Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 568712002 |
File opened | Path: C:\WINDOWS\system32\ntdll.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 568776530 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@169bc15 | success or wait | 568786310 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 4 Value: D0 00 00 00 | success or wait | 568796402 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@bb2f6e | success or wait | 568838218 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 20 Value: 4C 01 04 00 7D F2 00 4D 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 568857527 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 D0 07 00 00 3C 03 00 00 00 00 00 F8 20 01 00 00 10 00 00 00 90 07 00 00 00 90 7C 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 0A 00 00 00 00 00 00 20 0B 00 00 04 00 00 30 FD 0A 00 03 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 34 00 00 | success or wait | 568868133 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@126f29f | success or wait | 568886028 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 DA CE 07 00 00 10 00 00 00 D0 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 20 4A 00 00 00 E0 07 00 00 32 00 00 00 D4 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 78 BE 02 00 00 30 08 00 00 C0 02 00 | success or wait | 568941378 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@2cb44 | success or wait | 568949262 |
Section loaded | Path: C:\WINDOWS\system32\ntdll.dll Access: query and read Type: commit Baseaddress: C90000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 568994801 |
Memory attributes changed | PID: 1924 Path: C:\WINDOWS\system32\wscntfy.exe Base: 7C90D2EE Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 569205892 |
Memory attributes changed | PID: 1924 Path: C:\WINDOWS\system32\wscntfy.exe Base: BB02A80 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 569212480 |
Memory attributes changed | PID: 1924 Path: C:\WINDOWS\system32\wscntfy.exe Base: 7C90DB3E Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 569221733 |
File opened | Path: C:\WINDOWS\system32\ntdll.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 569275761 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@169bc15 | success or wait | 569284168 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 4 Value: D0 00 00 00 | success or wait | 569294126 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@bb2f6e | success or wait | 569305681 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 20 Value: 4C 01 04 00 7D F2 00 4D 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 569316166 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 D0 07 00 00 3C 03 00 00 00 00 00 F8 20 01 00 00 10 00 00 00 90 07 00 00 00 90 7C 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 0A 00 00 00 00 00 00 20 0B 00 00 04 00 00 30 FD 0A 00 03 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 34 00 00 | success or wait | 569326083 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@126f29f | success or wait | 569339813 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 DA CE 07 00 00 10 00 00 00 D0 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 20 4A 00 00 00 E0 07 00 00 32 00 00 00 D4 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 78 BE 02 00 00 30 08 00 00 C0 02 00 | success or wait | 569407040 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@2cb44 | success or wait | 569554268 |
Section loaded | Path: C:\WINDOWS\system32\ntdll.dll Access: query and read Type: commit Baseaddress: C90000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 569614906 |
Memory attributes changed | PID: 1924 Path: C:\WINDOWS\system32\wscntfy.exe Base: 7C90DB3E Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 570271974 |
Memory attributes changed | PID: 1924 Path: C:\WINDOWS\system32\wscntfy.exe Base: BB169A8 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 570285297 |
Memory attributes changed | PID: 1924 Path: C:\WINDOWS\system32\wscntfy.exe Base: 7C91632D Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 570305006 |
File opened | Path: C:\WINDOWS\system32\ntdll.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 570338591 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@169bc15 | success or wait | 570372592 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 4 Value: D0 00 00 00 | success or wait | 570411857 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@bb2f6e | success or wait | 570421941 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 20 Value: 4C 01 04 00 7D F2 00 4D 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 570527235 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 D0 07 00 00 3C 03 00 00 00 00 00 F8 20 01 00 00 10 00 00 00 90 07 00 00 00 90 7C 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 0A 00 00 00 00 00 00 20 0B 00 00 04 00 00 30 FD 0A 00 03 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 34 00 00 | success or wait | 570662271 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@126f29f | success or wait | 570676201 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 DA CE 07 00 00 10 00 00 00 D0 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 20 4A 00 00 00 E0 07 00 00 32 00 00 00 D4 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 78 BE 02 00 00 30 08 00 00 C0 02 00 | success or wait | 570887312 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@2cb44 | success or wait | 570898112 |
Section loaded | Path: C:\WINDOWS\system32\ntdll.dll Access: query and read Type: commit Baseaddress: C90000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 570911007 |
Memory attributes changed | PID: 1924 Path: C:\WINDOWS\system32\wscntfy.exe Base: 7C91632D Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 571067140 |
Memory attributes changed | PID: 1924 Path: C:\WINDOWS\system32\wscntfy.exe Base: BB031F0 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 571070626 |
Memory attributes changed | PID: 1924 Path: C:\WINDOWS\system32\wscntfy.exe Base: 7E418BF6 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 571086606 |
File opened | Path: C:\WINDOWS\system32\USER32.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 571108705 |
File other op | Path: C:\WINDOWS\system32\user32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@16f13bb | success or wait | 571112305 |
File read | Path: C:\WINDOWS\system32\user32.dll Offset: unknown Length: 4 Value: D8 00 00 00 | success or wait | 571115903 |
File other op | Path: C:\WINDOWS\system32\user32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@17889e9 | success or wait | 571119619 |
File read | Path: C:\WINDOWS\system32\user32.dll Offset: unknown Length: 20 Value: 4C 01 04 00 1B A1 02 48 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 571122543 |
File read | Path: C:\WINDOWS\system32\user32.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 F4 05 00 00 E2 02 00 00 00 00 00 17 B2 00 00 00 10 00 00 00 B0 05 00 00 00 41 7E 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 00 00 00 00 00 00 00 10 09 00 00 04 00 00 76 FC 08 00 02 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 39 00 00 | success or wait | 571125686 |
File other op | Path: C:\WINDOWS\system32\user32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@a6343d | success or wait | 571129238 |
File read | Path: C:\WINDOWS\system32\user32.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 83 F2 05 00 00 10 00 00 00 F4 05 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 80 11 00 00 00 10 06 00 00 0C 00 00 00 F8 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 88 A0 02 00 00 30 06 00 00 A2 02 00 | success or wait | 571132614 |
File other op | Path: C:\WINDOWS\system32\user32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1afbf49 | success or wait | 571138118 |
Section loaded | Path: C:\WINDOWS\system32\user32.dll Access: query and read Type: commit Baseaddress: C90000 Size: 57344 Protection: readonly Mapped to pid: own pid | success or wait | 571146838 |
Memory attributes changed | PID: 1924 Path: C:\WINDOWS\system32\wscntfy.exe Base: 7E418BF6 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 571205068 |
Memory attributes changed | PID: 1924 Path: C:\WINDOWS\system32\wscntfy.exe Base: BB02140 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 571212034 |
File opened | Path: C:\skhfushjflw\config.bin Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: normal Content Overwritten: true | success or wait | 571241274 |
File read | Path: C:\skhfushjflw\config.bin Offset: unknown Length: 74019 Value: 50 5F A6 6E 46 82 4F 8B 57 93 A9 9E 12 94 50 94 50 94 50 94 50 94 65 A2 66 A2 68 AC 79 BD E4 97 C1 E3 88 2B 9D C5 E2 92 23 B3 04 C0 03 7C B1 2A B3 BE CE AD 37 FD 39 FD 3B 6B 1F 81 21 06 02 04 95 44 7B 58 4F 33 E4 CF A8 3F D4 7E 21 05 7D B3 67 3E 96 B1 22 34 C2 F2 16 A5 36 26 B2 39 84 48 E5 22 EE 43 | success or wait | 571289607 |
Memory attributes changed | PID: 1924 Path: C:\WINDOWS\system32\wscntfy.exe Base: 3D949088 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 571917674 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1377d92 | success or wait | 571980119 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 571983246 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@14feea | success or wait | 571986203 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 571990765 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 571994208 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@6bf551 | success or wait | 571996655 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 571999876 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1b6a350 | success or wait | 572015127 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: C90000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 572018417 |
Memory attributes changed | PID: 1924 Path: C:\WINDOWS\system32\wscntfy.exe Base: 3D949088 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 572092114 |
Memory attributes changed | PID: 1924 Path: C:\WINDOWS\system32\wscntfy.exe Base: BB17598 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 572096205 |
Memory attributes changed | PID: 1924 Path: C:\WINDOWS\system32\wscntfy.exe Base: 3D95EE89 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 572102323 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1377d92 | success or wait | 572125285 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 572128239 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@14feea | success or wait | 572130420 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 572132964 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 572145959 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@6bf551 | success or wait | 572148911 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 572187840 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1b6a350 | success or wait | 572190237 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: C90000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 572192590 |
Memory attributes changed | PID: 1924 Path: C:\WINDOWS\system32\wscntfy.exe Base: 3D95EE89 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 572215866 |
Memory attributes changed | PID: 1924 Path: C:\WINDOWS\system32\wscntfy.exe Base: BB16B68 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 572217967 |
Memory attributes changed | PID: 1924 Path: C:\WINDOWS\system32\wscntfy.exe Base: 3D94FABE Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 572220562 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1377d92 | success or wait | 572268674 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 572293182 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@14feea | success or wait | 572295868 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 572333089 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 572616312 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@6bf551 | success or wait | 572619114 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 572621840 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1b6a350 | success or wait | 572624268 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: C90000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 572636474 |
Memory attributes changed | PID: 1924 Path: C:\WINDOWS\system32\wscntfy.exe Base: 3D94FABE Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 572702233 |
Memory attributes changed | PID: 1924 Path: C:\WINDOWS\system32\wscntfy.exe Base: BAFC6D0 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 572715085 |
Memory attributes changed | PID: 1924 Path: C:\WINDOWS\system32\wscntfy.exe Base: 3D9A608E Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 572718143 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1377d92 | success or wait | 573047399 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 573053156 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@14feea | success or wait | 573055985 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 573094835 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 573097159 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@6bf551 | success or wait | 573099714 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 573102205 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1b6a350 | success or wait | 573105035 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: C90000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 573107868 |
Memory attributes changed | PID: 1924 Path: C:\WINDOWS\system32\wscntfy.exe Base: 3D9A608E Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 573139464 |
Memory attributes changed | PID: 1924 Path: C:\WINDOWS\system32\wscntfy.exe Base: BB05EA0 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 573154888 |
File opened | Path: C:\skhfushjflw\config.bin Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: normal Content Overwritten: true | success or wait | 573157131 |
File read | Path: C:\skhfushjflw\config.bin Offset: unknown Length: 74019 Value: 50 5F A6 6E 46 82 4F 8B 57 93 A9 9E 12 94 50 94 50 94 50 94 50 94 65 A2 66 A2 68 AC 79 BD E4 97 C1 E3 88 2B 9D C5 E2 92 23 B3 04 C0 03 7C B1 2A B3 BE CE AD 37 FD 39 FD 3B 6B 1F 81 21 06 02 04 95 44 7B 58 4F 33 E4 CF A8 3F D4 7E 21 05 7D B3 67 3E 96 B1 22 34 C2 F2 16 A5 36 26 B2 39 84 48 E5 22 EE 43 | success or wait | 573163574 |
Memory attributes changed | PID: 1924 Path: C:\WINDOWS\system32\wscntfy.exe Base: 3D94D508 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 573275725 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1377d92 | success or wait | 573302490 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 573304401 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@14feea | success or wait | 573308201 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 573310950 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 573365905 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@6bf551 | success or wait | 573374029 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 573381231 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1b6a350 | success or wait | 573387473 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: C90000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 573397320 |
Memory attributes changed | PID: 1924 Path: C:\WINDOWS\system32\wscntfy.exe Base: 3D94D508 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 573465147 |
Memory attributes changed | PID: 1924 Path: C:\WINDOWS\system32\wscntfy.exe Base: BB06620 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 573472640 |
Memory attributes changed | PID: 1924 Path: C:\WINDOWS\system32\wscntfy.exe Base: 3D94CF4E Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 573478428 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1377d92 | success or wait | 573546201 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 573551608 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@14feea | success or wait | 573560365 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 573587329 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 573593898 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@6bf551 | success or wait | 573603790 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 573609837 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1b6a350 | success or wait | 573615713 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: C90000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 573622054 |
Memory attributes changed | PID: 1924 Path: C:\WINDOWS\system32\wscntfy.exe Base: 3D94CF4E Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 574492647 |
Memory attributes changed | PID: 1924 Path: C:\WINDOWS\system32\wscntfy.exe Base: BB17758 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 574498620 |
Memory attributes changed | PID: 1924 Path: C:\WINDOWS\system32\wscntfy.exe Base: 3D94878D Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 574512219 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1377d92 | success or wait | 574568952 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 574574096 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@14feea | success or wait | 574579689 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 574606974 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 574612841 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@6bf551 | success or wait | 574619810 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 574625333 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1b6a350 | success or wait | 574630942 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: C90000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 574637615 |
Memory attributes changed | PID: 1924 Path: C:\WINDOWS\system32\wscntfy.exe Base: 3D94878D Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 574807290 |
Memory attributes changed | PID: 1924 Path: C:\WINDOWS\system32\wscntfy.exe Base: BB033B0 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 574826589 |
Memory attributes changed | PID: 1924 Path: C:\WINDOWS\system32\wscntfy.exe Base: 3D940049 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 574832867 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1377d92 | success or wait | 574901448 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 574909562 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@14feea | success or wait | 574915088 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 574943191 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 574950835 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@6bf551 | success or wait | 574956581 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 574962068 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1b6a350 | success or wait | 574970284 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: C90000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 574974942 |
Memory attributes changed | PID: 1924 Path: C:\WINDOWS\system32\wscntfy.exe Base: 3D940049 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 575010709 |
Memory attributes changed | PID: 1924 Path: C:\WINDOWS\system32\wscntfy.exe Base: BB17AA8 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 575019389 |
Memory attributes changed | PID: 1924 Path: C:\WINDOWS\system32\wscntfy.exe Base: 3D94BF83 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 575024909 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1377d92 | success or wait | 575068375 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 575073097 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@14feea | success or wait | 575078297 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 575086405 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 575091801 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@6bf551 | success or wait | 575097016 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 575100569 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1b6a350 | success or wait | 575103857 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: C90000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 575112201 |
Memory attributes changed | PID: 1924 Path: C:\WINDOWS\system32\wscntfy.exe Base: 3D94BF83 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 575151101 |
Memory attributes changed | PID: 1924 Path: C:\WINDOWS\system32\wscntfy.exe Base: BB02C30 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 575156013 |
Memory attributes changed | PID: 1924 Path: C:\WINDOWS\system32\wscntfy.exe Base: 3D94654B Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 575160464 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1377d92 | success or wait | 575184505 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 575189656 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@14feea | success or wait | 575195096 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 575232577 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 575238783 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@6bf551 | success or wait | 575246609 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 575258718 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1b6a350 | success or wait | 575262618 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: C90000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 575267512 |
Memory attributes changed | PID: 1924 Path: C:\WINDOWS\system32\wscntfy.exe Base: 3D94654B Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 575314053 |
Memory attributes changed | PID: 1924 Path: C:\WINDOWS\system32\wscntfy.exe Base: BB035C0 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 575317644 |
Memory attributes changed | PID: 1924 Path: C:\WINDOWS\system32\wscntfy.exe Base: 3D963381 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 575321453 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1377d92 | success or wait | 575344441 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 575348264 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@14feea | success or wait | 575352508 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 575379603 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 575383230 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@6bf551 | success or wait | 575387497 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 575391435 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1b6a350 | success or wait | 575396175 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: C90000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 575401301 |
Memory attributes changed | PID: 1924 Path: C:\WINDOWS\system32\wscntfy.exe Base: 3D963381 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 575444135 |
Memory attributes changed | PID: 1924 Path: C:\WINDOWS\system32\wscntfy.exe Base: BAFCB48 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 575454443 |
Memory attributes changed | PID: 1924 Path: C:\WINDOWS\system32\wscntfy.exe Base: 71AB4C27 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 575656676 |
File opened | Path: C:\WINDOWS\system32\WS2_32.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 576715882 |
File other op | Path: C:\WINDOWS\system32\ws2_32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@19bf7d0 | success or wait | 576728098 |
File read | Path: C:\WINDOWS\system32\ws2_32.dll Offset: unknown Length: 4 Value: F0 00 00 00 | success or wait | 576734348 |
File other op | Path: C:\WINDOWS\system32\ws2_32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@aaa392 | success or wait | 576740785 |
File read | Path: C:\WINDOWS\system32\ws2_32.dll Offset: unknown Length: 20 Value: 4C 01 04 00 63 A1 02 48 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 576745689 |
File read | Path: C:\WINDOWS\system32\ws2_32.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 22 01 00 00 1C 00 00 00 00 00 00 73 12 00 00 00 10 00 00 00 20 01 00 00 00 AB 71 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 0A 00 00 00 00 00 00 70 01 00 00 04 00 00 20 F0 01 00 03 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 04 14 00 00 | success or wait | 576750585 |
File other op | Path: C:\WINDOWS\system32\ws2_32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@d8d90c | success or wait | 576756338 |
File read | Path: C:\WINDOWS\system32\ws2_32.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 53 21 01 00 00 10 00 00 00 22 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 14 09 00 00 00 40 01 00 00 0A 00 00 00 26 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 F8 03 00 00 00 50 01 00 00 04 00 00 | success or wait | 576761615 |
File other op | Path: C:\WINDOWS\system32\ws2_32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@91c310 | success or wait | 576765845 |
Section loaded | Path: C:\WINDOWS\system32\ws2_32.dll Access: query and read Type: commit Baseaddress: C90000 Size: 20480 Protection: readonly Mapped to pid: own pid | success or wait | 576769972 |
Memory attributes changed | PID: 1924 Path: C:\WINDOWS\system32\wscntfy.exe Base: 71AB4C27 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 577175869 |
File other op | Path: C:\WINDOWS\system32\advapi32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@19d56e9 | success or wait | 577239351 |
File read | Path: C:\WINDOWS\system32\advapi32.dll Offset: unknown Length: 4 Value: F0 00 00 00 | success or wait | 577245781 |
File other op | Path: C:\WINDOWS\system32\advapi32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@b4dcd9 | success or wait | 577249081 |
File read | Path: C:\WINDOWS\system32\advapi32.dll Offset: unknown Length: 20 Value: 4C 01 04 00 48 1D 90 49 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 577276807 |
File read | Path: C:\WINDOWS\system32\advapi32.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 46 07 00 00 3E 02 00 00 00 00 00 0B 71 00 00 00 10 00 00 00 20 07 00 00 00 DD 77 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 00 00 00 00 00 00 00 B0 09 00 00 04 00 00 B8 5B 0A 00 03 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 A4 16 00 00 | success or wait | 577283365 |
File other op | Path: C:\WINDOWS\system32\advapi32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@f52ed | success or wait | 577287568 |
File read | Path: C:\WINDOWS\system32\advapi32.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 C9 45 07 00 00 10 00 00 00 46 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 28 46 00 00 00 60 07 00 00 2C 00 00 00 4A 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 80 A9 01 00 00 B0 07 00 00 AA 01 00 | success or wait | 577294128 |
File other op | Path: C:\WINDOWS\system32\advapi32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@d6883 | success or wait | 577302459 |
Section loaded | Path: C:\WINDOWS\system32\advapi32.dll Access: query and read Type: commit Baseaddress: C90000 Size: 28672 Protection: readonly Mapped to pid: own pid | success or wait | 577306926 |
File opened | Path: C:\WINDOWS\system32\CRYPT32.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 578466284 |
File other op | Path: C:\WINDOWS\system32\crypt32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@489670 | success or wait | 578480178 |
File read | Path: C:\WINDOWS\system32\crypt32.dll Offset: unknown Length: 4 Value: F0 00 00 00 | success or wait | 578486373 |
File other op | Path: C:\WINDOWS\system32\crypt32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@18caee7 | success or wait | 578516140 |
File read | Path: C:\WINDOWS\system32\crypt32.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D7 A0 02 48 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 578728266 |
File read | Path: C:\WINDOWS\system32\crypt32.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 44 08 00 00 DC 00 00 00 00 00 00 32 16 00 00 00 10 00 00 00 20 08 00 00 00 A8 77 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 00 00 00 00 00 00 00 50 09 00 00 04 00 00 30 C5 09 00 02 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 9C 1A 00 00 | success or wait | 578919863 |
File other op | Path: C:\WINDOWS\system32\crypt32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@12eec98 | success or wait | 578926952 |
File read | Path: C:\WINDOWS\system32\crypt32.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 C4 43 08 00 00 10 00 00 00 44 08 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 E8 23 00 00 00 60 08 00 00 24 00 00 00 48 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 50 67 00 00 00 90 08 00 00 68 00 00 | success or wait | 578937665 |
File other op | Path: C:\WINDOWS\system32\crypt32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1af1ad8 | success or wait | 578944951 |
Section loaded | Path: C:\WINDOWS\system32\crypt32.dll Access: query and read Type: commit Baseaddress: C90000 Size: 77824 Protection: readonly Mapped to pid: own pid | success or wait | 578948987 |
Mutant created | Name: \BaseNamedObjects\WTFGQ7AIWawyMYWWRAk3SWXkgj39MdG | access denied | 578991651 |
Thread created | PID: 1924 TID: 2040 EIP: 7C8106F9 Imagepath: C:\WINDOWS\system32\wscntfy.exe | success or wait | 579011902 |
Thread resumed | TID: 2040 PID: 1924 Path: C:\WINDOWS\system32\wscntfy.exe | success or wait | 579015892 |
File opened | Path: \pipe\globpluginspipe Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: none Content Overwritten: true | success or wait | 579019963 |
File read | Path: \globpluginspipe Offset: unknown Length: 4 Value: 41 0C 02 00 | success or wait | 579023914 |
Thread created | PID: 1924 TID: 432 EIP: 7C8106F9 Imagepath: C:\WINDOWS\system32\wscntfy.exe | success or wait | 579045281 |
Thread resumed | TID: 432 PID: 1924 Path: C:\WINDOWS\system32\wscntfy.exe | success or wait | 579051033 |
Thread delayed | Time: 0 TID: 432 | success or wait | 579055420 |
Thread delayed | Time: 0 TID: 432 | success or wait | 580293059 |
File read | Path: \globpluginspipe Offset: unknown Length: 134209 Value: 67 6C 6F 62 70 6C 75 67 69 6E 73 00 04 00 00 00 72 73 74 5F 31 5F 31 00 00 0C 02 00 4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF 00 00 B8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 E8 00 00 00 0E 1F BA 0E 00 B4 09 CD | success or wait | 580499957 |
Thread delayed | Time: 0 TID: 432 | success or wait | 582420442 |
Memory allocated | PID: 1924 Path: C:\WINDOWS\system32\wscntfy.exe Base: AE0000 Length: CCFF2C Allocation Type: unknown Protection: page execute and read and write | success or wait | 582609014 |
Memory allocated | PID: 1924 Path: C:\WINDOWS\system32\wscntfy.exe Base: D10000 Length: CCFE78 Allocation Type: unknown Protection: page read and write | success or wait | 582819397 |
Memory allocated | PID: 1924 Path: C:\WINDOWS\system32\wscntfy.exe Base: D10000 Length: CCFE7C Allocation Type: unknown Protection: page read and write | success or wait | 582826030 |
Memory allocated | PID: 1924 Path: C:\WINDOWS\system32\wscntfy.exe Base: D11000 Length: CCFB58 Allocation Type: unknown Protection: page read and write | success or wait | 582833975 |
Process information queried | PID: 1924 Info Class: Cookie | success or wait | 582848988 |
Process information queried | PID: 1924 Info Class: Cookie | success or wait | 582854341 |
Process information queried | PID: 1924 Info Class: Cookie | success or wait | 582860027 |
Process information queried | PID: 1924 Info Class: Cookie | success or wait | 582868765 |
Process information queried | PID: 1924 Info Class: Cookie | success or wait | 582872851 |
Process information queried | PID: 1924 Info Class: Cookie | success or wait | 582877146 |
Process information queried | PID: 1924 Info Class: Cookie | success or wait | 583826232 |
Thread delayed | Time: 0 TID: 432 | success or wait | 583832072 |
Process information queried | PID: 1924 Info Class: Cookie | success or wait | 583835871 |
Process information queried | PID: 1924 Info Class: Cookie | success or wait | 584022817 |
Process information queried | PID: 1924 Info Class: Cookie | success or wait | 584043498 |
Process information queried | PID: 1924 Info Class: Cookie | success or wait | 584051840 |
Process information queried | PID: 1924 Info Class: Cookie | success or wait | 584058524 |
Process information queried | PID: 1924 Info Class: Cookie | success or wait | 584062830 |
Process information queried | PID: 1924 Info Class: Cookie | success or wait | 584070118 |
Process information queried | PID: 1924 Info Class: Cookie | success or wait | 584075916 |
Process information queried | PID: 1924 Info Class: Cookie | success or wait | 584079369 |
Process information queried | PID: 1924 Info Class: Cookie | success or wait | 584084567 |
Process information queried | PID: 1924 Info Class: Cookie | success or wait | 584090974 |
Process information queried | PID: 1924 Info Class: Cookie | success or wait | 584094896 |
Process information queried | PID: 1924 Info Class: Cookie | success or wait | 584098042 |
Process information queried | PID: 1924 Info Class: Cookie | success or wait | 584285867 |
Process information queried | PID: 1924 Info Class: Cookie | success or wait | 584293692 |
Process information queried | PID: 1924 Info Class: Cookie | success or wait | 585019897 |
Thread delayed | Time: 0 TID: 432 | success or wait | 585038548 |
Process information queried | PID: 1924 Info Class: Cookie | success or wait | 585043060 |
Process information queried | PID: 1924 Info Class: Cookie | success or wait | 585055573 |
Process information queried | PID: 1924 Info Class: Cookie | success or wait | 585062784 |
Process information queried | PID: 1924 Info Class: Cookie | success or wait | 585073281 |
Process information queried | PID: 1924 Info Class: Cookie | success or wait | 585075726 |
Process information queried | PID: 1924 Info Class: Cookie | success or wait | 585081398 |
Process information queried | PID: 1924 Info Class: Cookie | success or wait | 585084198 |
Process information queried | PID: 1924 Info Class: Cookie | success or wait | 585086671 |
Process information queried | PID: 1924 Info Class: Cookie | success or wait | 585089306 |
Process information queried | PID: 1924 Info Class: Cookie | success or wait | 585092764 |
Process information queried | PID: 1924 Info Class: Cookie | success or wait | 585095576 |
Process information queried | PID: 1924 Info Class: Cookie | success or wait | 585098328 |
Process information queried | PID: 1924 Info Class: Cookie | success or wait | 585102351 |
Process information queried | PID: 1924 Info Class: Cookie | success or wait | 585104923 |
Process information queried | PID: 1924 Info Class: Cookie | success or wait | 585107762 |
Process information queried | PID: 1924 Info Class: Cookie | success or wait | 585113885 |
Process information queried | PID: 1924 Info Class: Cookie | success or wait | 585116437 |
Process information queried | PID: 1924 Info Class: Cookie | success or wait | 585122307 |
Process information queried | PID: 1924 Info Class: Cookie | success or wait | 585124917 |
Process information queried | PID: 1924 Info Class: Cookie | success or wait | 585127532 |
Process information queried | PID: 1924 Info Class: Cookie | success or wait | 585130564 |
Process information queried | PID: 1924 Info Class: Cookie | success or wait | 585133532 |
Process information queried | PID: 1924 Info Class: Cookie | success or wait | 585136035 |
Process information queried | PID: 1924 Info Class: Cookie | success or wait | 585140134 |
Process information queried | PID: 1924 Info Class: Cookie | success or wait | 585142741 |
Process information queried | PID: 1924 Info Class: Cookie | success or wait | 585145374 |
Process information queried | PID: 1924 Info Class: Cookie | success or wait | 585148163 |
Thread delayed | Time: 0 TID: 432 | success or wait | 586636633 |
Thread created | PID: 1924 TID: 1716 EIP: 7C8106F9 Imagepath: C:\WINDOWS\system32\wscntfy.exe | success or wait | 586908190 |
Thread resumed | TID: 1716 PID: 1924 Path: C:\WINDOWS\system32\wscntfy.exe | success or wait | 586909767 |
Thread created | PID: 1924 TID: 492 EIP: 7C8106F9 Imagepath: C:\WINDOWS\system32\wscntfy.exe | success or wait | 586918386 |
Thread resumed | TID: 492 PID: 1924 Path: C:\WINDOWS\system32\wscntfy.exe | success or wait | 586922474 |
Thread delayed | Time: 0 TID: 432 | success or wait | 587747828 |
Thread delayed | Time: 0 TID: 432 | success or wait | 588869505 |
Thread delayed | Time: 0 TID: 432 | success or wait | 589988166 |
Thread delayed | Time: 0 TID: 432 | success or wait | 591107061 |
Thread delayed | Time: 0 TID: 432 | success or wait | 592225419 |
Thread delayed | Time: 0 TID: 432 | success or wait | 593343947 |
Thread delayed | Time: 0 TID: 432 | success or wait | 594648662 |
Thread delayed | Time: 0 TID: 432 | success or wait | 596042754 |
Thread delayed | Time: 0 TID: 432 | success or wait | 597144210 |
Thread delayed | Time: 0 TID: 432 | success or wait | 598275014 |
Thread delayed | Time: 0 TID: 432 | success or wait | 599578663 |
Thread delayed | Time: 0 TID: 432 | success or wait | 600673076 |
Thread delayed | Time: 0 TID: 432 | success or wait | 601794464 |
Thread delayed | Time: 0 TID: 432 | success or wait | 602915110 |
Thread delayed | Time: 0 TID: 432 | success or wait | 604211222 |
Thread delayed | Time: 0 TID: 432 | success or wait | 605418364 |
Thread delayed | Time: 0 TID: 432 | success or wait | 606488587 |
Thread delayed | Time: 0 TID: 432 | success or wait | 607606527 |
Thread delayed | Time: 0 TID: 432 | success or wait | 608745327 |
Thread delayed | Time: 0 TID: 432 | success or wait | 609843153 |
Thread delayed | Time: 0 TID: 432 | success or wait | 610959449 |
Thread delayed | Time: 0 TID: 432 | success or wait | 612080465 |
Thread delayed | Time: 0 TID: 432 | success or wait | 613199985 |
Thread delayed | Time: 0 TID: 432 | success or wait | 614320889 |
Thread delayed | Time: 0 TID: 432 | success or wait | 615436942 |
Thread delayed | Time: 0 TID: 432 | success or wait | 616555333 |
Thread delayed | Time: 0 TID: 432 | success or wait | 617676946 |
Thread delayed | Time: 0 TID: 432 | success or wait | 618792697 |
Thread delayed | Time: 0 TID: 432 | success or wait | 619919252 |
Thread delayed | Time: 0 TID: 432 | success or wait | 621029716 |
Thread delayed | Time: 0 TID: 432 | success or wait | 622148978 |
Thread delayed | Time: 0 TID: 432 | success or wait | 623266954 |
Thread delayed | Time: 0 TID: 432 | success or wait | 624388251 |
Thread delayed | Time: 0 TID: 432 | success or wait | 625504235 |
Thread delayed | Time: 0 TID: 432 | success or wait | 626625940 |
Thread delayed | Time: 0 TID: 432 | success or wait | 627741597 |
Thread delayed | Time: 0 TID: 432 | success or wait | 628864354 |
Thread delayed | Time: 0 TID: 432 | success or wait | 629979407 |
Thread delayed | Time: 0 TID: 432 | success or wait | 631097672 |
Thread delayed | Time: 0 TID: 432 | success or wait | 632215785 |
Thread delayed | Time: 0 TID: 432 | success or wait | 633334503 |
Thread delayed | Time: 0 TID: 432 | success or wait | 634462574 |
Thread delayed | Time: 0 TID: 432 | success or wait | 635571743 |
Thread delayed | Time: 0 TID: 432 | success or wait | 636690358 |
Mutant created | Name: \BaseNamedObjects\ofjwkwufhdjfgki | object name exists | 700912344 |
File opened | Path: \pipe\globpluginspipe Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: none Content Overwritten: true | pipe not available | 700934209 |
File opened | Path: \pipe\globpluginspipe Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: none Content Overwritten: true | pipe not available | 701098103 |
File opened | Path: \pipe\globpluginspipe Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: none Content Overwritten: true | pipe not available | 701547555 |
File opened | Path: \pipe\globpluginspipe Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: none Content Overwritten: true | pipe not available | 702016701 |
File opened | Path: \pipe\globpluginspipe Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: none Content Overwritten: true | success or wait | 702528177 |
File read | Path: \globpluginspipe Offset: unknown Length: 4 Value: 41 0C 02 00 | success or wait | 702528351 |
File read | Path: \globpluginspipe Offset: unknown Length: 134209 Value: 67 6C 6F 62 70 6C 75 67 69 6E 73 00 04 00 00 00 72 73 74 5F 31 5F 31 00 00 0C 02 00 4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF 00 00 B8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 E8 00 00 00 0E 1F BA 0E 00 B4 09 CD | success or wait | 702834548 |
Mutant created | Name: \BaseNamedObjects\ofjwkwufhdjfgki | object name exists | 820951497 |
File opened | Path: \pipe\globpluginspipe Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: none Content Overwritten: true | pipe not available | 821136904 |
File opened | Path: \pipe\globpluginspipe Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: none Content Overwritten: true | pipe not available | 821156333 |
File opened | Path: \pipe\globpluginspipe Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: none Content Overwritten: true | pipe not available | 822140100 |
File opened | Path: \pipe\globpluginspipe Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: none Content Overwritten: true | pipe not available | 823110692 |
File opened | Path: \pipe\globpluginspipe Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: none Content Overwritten: true | pipe not available | 823507538 |
Sections | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
File Activities:
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Section Activities:
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Registry Activities:
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Mutant Activities:
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Process Activities:
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Thread Activities:
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Memory Activities:
|
Chronological sections | |||
Operation | Data | Completion | Time |
Section loaded | Path: \KnownDlls\WS2_32.dll Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 556163094 |
Section loaded | Path: C:\WINDOWS\system32\ws2_32.dll Access: query and write and read and execute Type: image Baseaddress: 71AB0000 Size: 94208 Protection: read write Mapped to pid: own pid | success or wait | 556172616 |
Section loaded | Path: \KnownDlls\WS2HELP.dll Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 556798844 |
Section loaded | Path: C:\WINDOWS\system32\ws2help.dll Access: query and write and read and execute Type: image Baseaddress: 71AA0000 Size: 32768 Protection: read write Mapped to pid: own pid | success or wait | 556806897 |
Section loaded | Path: \KnownDlls\WININET.dll Access: write and read and execute Type: unknown Baseaddress: 3D930000 Size: 942080 Protection: read write Mapped to pid: own pid | success or wait | 556917127 |
Section loaded | Path: \KnownDlls\Normaliz.dll Access: write and read and execute Type: unknown Baseaddress: 9A0000 Size: 36864 Protection: read write Mapped to pid: own pid | conflicting addresses | 558152604 |
Section loaded | Path: \KnownDlls\urlmon.dll Access: write and read and execute Type: unknown Baseaddress: 78130000 Size: 1257472 Protection: read write Mapped to pid: own pid | success or wait | 558255303 |
Section loaded | Path: \KnownDlls\iertutil.dll Access: write and read and execute Type: unknown Baseaddress: 3DFD0000 Size: 2002944 Protection: read write Mapped to pid: own pid | success or wait | 559764533 |
Memory attributes changed | PID: 288 Path: C:\WINDOWS\system32\svchost.exe Base: 7C90D76E Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 564582317 |
File opened | Path: C:\WINDOWS\system32\ntdll.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 564694160 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@153b098 | success or wait | 564704748 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 4 Value: D0 00 00 00 | success or wait | 564720416 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@16ed0f7 | success or wait | 564746215 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 20 Value: 4C 01 04 00 7D F2 00 4D 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 564756991 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 D0 07 00 00 3C 03 00 00 00 00 00 F8 20 01 00 00 10 00 00 00 90 07 00 00 00 90 7C 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 0A 00 00 00 00 00 00 20 0B 00 00 04 00 00 30 FD 0A 00 03 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 34 00 00 | success or wait | 564766349 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@591a4d | success or wait | 564774492 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 DA CE 07 00 00 10 00 00 00 D0 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 20 4A 00 00 00 E0 07 00 00 32 00 00 00 D4 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 78 BE 02 00 00 30 08 00 00 C0 02 00 | success or wait | 564785772 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1cdd63c | success or wait | 564795201 |
Section loaded | Path: C:\WINDOWS\system32\ntdll.dll Access: query and read Type: commit Baseaddress: 9D0000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 564803289 |
Memory attributes changed | PID: 288 Path: C:\WINDOWS\system32\svchost.exe Base: 7C90D76E Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 565754427 |
Memory attributes changed | PID: 288 Path: C:\WINDOWS\system32\svchost.exe Base: BAFCD70 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 565765687 |
Memory attributes changed | PID: 288 Path: C:\WINDOWS\system32\svchost.exe Base: 7C90DF1E Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 565773095 |
File opened | Path: C:\WINDOWS\system32\ntdll.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 565801587 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@153b098 | success or wait | 565810440 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 4 Value: D0 00 00 00 | success or wait | 565925350 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@16ed0f7 | success or wait | 565934356 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 20 Value: 4C 01 04 00 7D F2 00 4D 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 565963919 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 D0 07 00 00 3C 03 00 00 00 00 00 F8 20 01 00 00 10 00 00 00 90 07 00 00 00 90 7C 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 0A 00 00 00 00 00 00 20 0B 00 00 04 00 00 30 FD 0A 00 03 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 34 00 00 | success or wait | 565977009 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@591a4d | success or wait | 566007780 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 DA CE 07 00 00 10 00 00 00 D0 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 20 4A 00 00 00 E0 07 00 00 32 00 00 00 D4 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 78 BE 02 00 00 30 08 00 00 C0 02 00 | success or wait | 566015427 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1cdd63c | success or wait | 566024921 |
Section loaded | Path: C:\WINDOWS\system32\ntdll.dll Access: query and read Type: commit Baseaddress: 9D0000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 566053967 |
Memory attributes changed | PID: 288 Path: C:\WINDOWS\system32\svchost.exe Base: 7C90DF1E Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 566712064 |
Memory attributes changed | PID: 288 Path: C:\WINDOWS\system32\svchost.exe Base: BB17110 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 566742581 |
Memory attributes changed | PID: 288 Path: C:\WINDOWS\system32\svchost.exe Base: 7C90D2EE Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 566751324 |
File opened | Path: C:\WINDOWS\system32\ntdll.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 567684508 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@153b098 | success or wait | 567739787 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 4 Value: D0 00 00 00 | success or wait | 567778521 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@16ed0f7 | success or wait | 567788314 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 20 Value: 4C 01 04 00 7D F2 00 4D 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 567834496 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 D0 07 00 00 3C 03 00 00 00 00 00 F8 20 01 00 00 10 00 00 00 90 07 00 00 00 90 7C 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 0A 00 00 00 00 00 00 20 0B 00 00 04 00 00 30 FD 0A 00 03 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 34 00 00 | success or wait | 567851492 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@591a4d | success or wait | 567864814 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 DA CE 07 00 00 10 00 00 00 D0 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 20 4A 00 00 00 E0 07 00 00 32 00 00 00 D4 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 78 BE 02 00 00 30 08 00 00 C0 02 00 | success or wait | 567872318 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1cdd63c | success or wait | 567919405 |
Section loaded | Path: C:\WINDOWS\system32\ntdll.dll Access: query and read Type: commit Baseaddress: 9D0000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 567930172 |
Memory attributes changed | PID: 288 Path: C:\WINDOWS\system32\svchost.exe Base: 7C90D2EE Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 568142129 |
Memory attributes changed | PID: 288 Path: C:\WINDOWS\system32\svchost.exe Base: BB02A80 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 568157390 |
Memory attributes changed | PID: 288 Path: C:\WINDOWS\system32\svchost.exe Base: 7C90DB3E Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 568173781 |
File opened | Path: C:\WINDOWS\system32\ntdll.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 568224968 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@153b098 | success or wait | 568358617 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 4 Value: D0 00 00 00 | success or wait | 568369428 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@16ed0f7 | success or wait | 568395953 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 20 Value: 4C 01 04 00 7D F2 00 4D 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 568623031 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 D0 07 00 00 3C 03 00 00 00 00 00 F8 20 01 00 00 10 00 00 00 90 07 00 00 00 90 7C 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 0A 00 00 00 00 00 00 20 0B 00 00 04 00 00 30 FD 0A 00 03 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 34 00 00 | success or wait | 568633474 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@591a4d | success or wait | 568641646 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 DA CE 07 00 00 10 00 00 00 D0 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 20 4A 00 00 00 E0 07 00 00 32 00 00 00 D4 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 78 BE 02 00 00 30 08 00 00 C0 02 00 | success or wait | 568652029 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1cdd63c | success or wait | 568660983 |
Section loaded | Path: C:\WINDOWS\system32\ntdll.dll Access: query and read Type: commit Baseaddress: 9D0000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 568673975 |
Memory attributes changed | PID: 288 Path: C:\WINDOWS\system32\svchost.exe Base: 7C90DB3E Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 568784695 |
Memory attributes changed | PID: 288 Path: C:\WINDOWS\system32\svchost.exe Base: BB169A8 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 568799791 |
Memory attributes changed | PID: 288 Path: C:\WINDOWS\system32\svchost.exe Base: 7C91632D Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 568841563 |
File opened | Path: C:\WINDOWS\system32\ntdll.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 568887622 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@153b098 | success or wait | 568943747 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 4 Value: D0 00 00 00 | success or wait | 568972156 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@16ed0f7 | success or wait | 569016491 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 20 Value: 4C 01 04 00 7D F2 00 4D 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 569045358 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 D0 07 00 00 3C 03 00 00 00 00 00 F8 20 01 00 00 10 00 00 00 90 07 00 00 00 90 7C 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 0A 00 00 00 00 00 00 20 0B 00 00 04 00 00 30 FD 0A 00 03 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 34 00 00 | success or wait | 569160056 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@591a4d | success or wait | 569170482 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 DA CE 07 00 00 10 00 00 00 D0 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 20 4A 00 00 00 E0 07 00 00 32 00 00 00 D4 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 78 BE 02 00 00 30 08 00 00 C0 02 00 | success or wait | 569178529 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1cdd63c | success or wait | 569188946 |
Section loaded | Path: C:\WINDOWS\system32\ntdll.dll Access: query and read Type: commit Baseaddress: 9D0000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 569196964 |
Memory attributes changed | PID: 288 Path: C:\WINDOWS\system32\svchost.exe Base: 7C91632D Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 569283952 |
Memory attributes changed | PID: 288 Path: C:\WINDOWS\system32\svchost.exe Base: BB031F0 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 569294852 |
Memory attributes changed | PID: 288 Path: C:\WINDOWS\system32\svchost.exe Base: 7E418BF6 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 569305029 |
File other op | Path: C:\WINDOWS\system32\user32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@ac0a60 | success or wait | 569411798 |
File read | Path: C:\WINDOWS\system32\user32.dll Offset: unknown Length: 4 Value: D8 00 00 00 | success or wait | 569563141 |
File other op | Path: C:\WINDOWS\system32\user32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@dd3147 | success or wait | 569729144 |
File read | Path: C:\WINDOWS\system32\user32.dll Offset: unknown Length: 20 Value: 4C 01 04 00 1B A1 02 48 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 569780982 |
File read | Path: C:\WINDOWS\system32\user32.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 F4 05 00 00 E2 02 00 00 00 00 00 17 B2 00 00 00 10 00 00 00 B0 05 00 00 00 41 7E 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 00 00 00 00 00 00 00 10 09 00 00 04 00 00 76 FC 08 00 02 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 39 00 00 | success or wait | 569796786 |
File other op | Path: C:\WINDOWS\system32\user32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1ce50a9 | success or wait | 570231447 |
File read | Path: C:\WINDOWS\system32\user32.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 83 F2 05 00 00 10 00 00 00 F4 05 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 80 11 00 00 00 10 06 00 00 0C 00 00 00 F8 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 88 A0 02 00 00 30 06 00 00 A2 02 00 | success or wait | 570247361 |
File other op | Path: C:\WINDOWS\system32\user32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@11ba6f | success or wait | 570258839 |
Section loaded | Path: C:\WINDOWS\system32\user32.dll Access: query and read Type: commit Baseaddress: 9D0000 Size: 57344 Protection: readonly Mapped to pid: own pid | success or wait | 570266642 |
Memory attributes changed | PID: 288 Path: C:\WINDOWS\system32\svchost.exe Base: 7E418BF6 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 570403936 |
Memory attributes changed | PID: 288 Path: C:\WINDOWS\system32\svchost.exe Base: BB02140 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 570416232 |
File read | Path: C:\skhfushjflw\config.bin Offset: unknown Length: 74019 Value: 50 5F A6 6E 46 82 4F 8B 57 93 A9 9E 12 94 50 94 50 94 50 94 50 94 65 A2 66 A2 68 AC 79 BD E4 97 C1 E3 88 2B 9D C5 E2 92 23 B3 04 C0 03 7C B1 2A B3 BE CE AD 37 FD 39 FD 3B 6B 1F 81 21 06 02 04 95 44 7B 58 4F 33 E4 CF A8 3F D4 7E 21 05 7D B3 67 3E 96 B1 22 34 C2 F2 16 A5 36 26 B2 39 84 48 E5 22 EE 43 | success or wait | 570671327 |
Memory attributes changed | PID: 288 Path: C:\WINDOWS\system32\svchost.exe Base: 3D949088 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 571038221 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 571060664 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1e70e12 | success or wait | 571065120 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 571068447 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@4cdf7e | success or wait | 571072654 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 571087355 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 571090811 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@e4cf81 | success or wait | 571105688 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 571108868 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1f323bd | success or wait | 571112409 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: 9D0000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 571116108 |
Memory attributes changed | PID: 288 Path: C:\WINDOWS\system32\svchost.exe Base: 3D949088 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 571145090 |
Memory attributes changed | PID: 288 Path: C:\WINDOWS\system32\svchost.exe Base: BB17598 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 571154375 |
Memory attributes changed | PID: 288 Path: C:\WINDOWS\system32\svchost.exe Base: 3D95EE89 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 571164672 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 571195003 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1e70e12 | success or wait | 571203009 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 571210011 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@4cdf7e | success or wait | 571217365 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 571274003 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 571285273 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@e4cf81 | success or wait | 571881269 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 571890303 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1f323bd | success or wait | 571895572 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: 9D0000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 571901882 |
Memory attributes changed | PID: 288 Path: C:\WINDOWS\system32\svchost.exe Base: 3D95EE89 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 571977067 |
Memory attributes changed | PID: 288 Path: C:\WINDOWS\system32\svchost.exe Base: BB16B68 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 571981089 |
Memory attributes changed | PID: 288 Path: C:\WINDOWS\system32\svchost.exe Base: 3D94FABE Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 571984578 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 571994005 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1e70e12 | success or wait | 571996553 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 571999616 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@4cdf7e | success or wait | 572015026 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 572018283 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 572058561 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@e4cf81 | success or wait | 572076137 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 572078947 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1f323bd | success or wait | 572081686 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: 9D0000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 572085608 |
Memory attributes changed | PID: 288 Path: C:\WINDOWS\system32\svchost.exe Base: 3D94FABE Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 572110958 |
Memory attributes changed | PID: 288 Path: C:\WINDOWS\system32\svchost.exe Base: BAFC6D0 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 572125012 |
Memory attributes changed | PID: 288 Path: C:\WINDOWS\system32\svchost.exe Base: 3D9A608E Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 572128713 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 572147156 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1e70e12 | success or wait | 572149630 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 572188133 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@4cdf7e | success or wait | 572190708 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 572193229 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 572195423 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@e4cf81 | success or wait | 572198906 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 572201643 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1f323bd | success or wait | 572203936 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: 9D0000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 572211469 |
Memory attributes changed | PID: 288 Path: C:\WINDOWS\system32\svchost.exe Base: 3D9A608E Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 572264111 |
Memory attributes changed | PID: 288 Path: C:\WINDOWS\system32\svchost.exe Base: BB05EA0 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 572267220 |
File read | Path: C:\skhfushjflw\config.bin Offset: unknown Length: 74019 Value: 50 5F A6 6E 46 82 4F 8B 57 93 A9 9E 12 94 50 94 50 94 50 94 50 94 65 A2 66 A2 68 AC 79 BD E4 97 C1 E3 88 2B 9D C5 E2 92 23 B3 04 C0 03 7C B1 2A B3 BE CE AD 37 FD 39 FD 3B 6B 1F 81 21 06 02 04 95 44 7B 58 4F 33 E4 CF A8 3F D4 7E 21 05 7D B3 67 3E 96 B1 22 34 C2 F2 16 A5 36 26 B2 39 84 48 E5 22 EE 43 | success or wait | 572297441 |
Memory attributes changed | PID: 288 Path: C:\WINDOWS\system32\svchost.exe Base: 3D94D508 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 572688600 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 572701129 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1e70e12 | success or wait | 572714396 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 572717239 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@4cdf7e | success or wait | 572719876 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 572723039 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 572726806 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@e4cf81 | success or wait | 573047104 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 573053497 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1f323bd | success or wait | 573056240 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: 9D0000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 573095028 |
Memory attributes changed | PID: 288 Path: C:\WINDOWS\system32\svchost.exe Base: 3D94D508 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 573127744 |
Memory attributes changed | PID: 288 Path: C:\WINDOWS\system32\svchost.exe Base: BB06620 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 573129937 |
Memory attributes changed | PID: 288 Path: C:\WINDOWS\system32\svchost.exe Base: 3D94CF4E Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 573132600 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 573140316 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1e70e12 | success or wait | 573155550 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 573157903 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@4cdf7e | success or wait | 573160991 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 573164799 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 573202137 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@e4cf81 | success or wait | 573205383 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 573207870 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1f323bd | success or wait | 573210498 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: 9D0000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 573213050 |
Memory attributes changed | PID: 288 Path: C:\WINDOWS\system32\svchost.exe Base: 3D94CF4E Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 573274019 |
Memory attributes changed | PID: 288 Path: C:\WINDOWS\system32\svchost.exe Base: BB17758 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 573276599 |
Memory attributes changed | PID: 288 Path: C:\WINDOWS\system32\svchost.exe Base: 3D94878D Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 573278774 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 573301816 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1e70e12 | success or wait | 573304114 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 573306078 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@4cdf7e | success or wait | 573308713 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 573311456 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 573368168 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@e4cf81 | success or wait | 573374884 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 573383424 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1f323bd | success or wait | 573390864 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: 9D0000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 573398077 |
Memory attributes changed | PID: 288 Path: C:\WINDOWS\system32\svchost.exe Base: 3D94878D Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 573467098 |
Memory attributes changed | PID: 288 Path: C:\WINDOWS\system32\svchost.exe Base: BB033B0 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 573473884 |
Memory attributes changed | PID: 288 Path: C:\WINDOWS\system32\svchost.exe Base: 3D940049 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 573479977 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 573498461 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1e70e12 | success or wait | 573546956 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 573552462 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@4cdf7e | success or wait | 573559346 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 573585889 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 573592938 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@e4cf81 | success or wait | 573599994 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 573607232 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1f323bd | success or wait | 573612748 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: 9D0000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 573619258 |
Memory attributes changed | PID: 288 Path: C:\WINDOWS\system32\svchost.exe Base: 3D940049 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 574490499 |
Memory attributes changed | PID: 288 Path: C:\WINDOWS\system32\svchost.exe Base: BB17AA8 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 574495851 |
Memory attributes changed | PID: 288 Path: C:\WINDOWS\system32\svchost.exe Base: 3D94BF83 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 574504958 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 574527216 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1e70e12 | success or wait | 574554433 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 574567954 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@4cdf7e | success or wait | 574573211 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 574579268 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 574606640 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@e4cf81 | success or wait | 574612657 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 574618541 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1f323bd | success or wait | 574623919 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: 9D0000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 574629142 |
Memory attributes changed | PID: 288 Path: C:\WINDOWS\system32\svchost.exe Base: 3D94BF83 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 574799574 |
Memory attributes changed | PID: 288 Path: C:\WINDOWS\system32\svchost.exe Base: BB02C30 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 574806755 |
Memory attributes changed | PID: 288 Path: C:\WINDOWS\system32\svchost.exe Base: 3D94654B Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 574813394 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 574843931 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1e70e12 | success or wait | 574850539 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 574896677 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@4cdf7e | success or wait | 574905940 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 574913991 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 574941990 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@e4cf81 | success or wait | 574948941 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 574956766 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1f323bd | success or wait | 574962248 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: 9D0000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 574968868 |
Memory attributes changed | PID: 288 Path: C:\WINDOWS\system32\svchost.exe Base: 3D94654B Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 575007823 |
Memory attributes changed | PID: 288 Path: C:\WINDOWS\system32\svchost.exe Base: BB035C0 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 575012674 |
Memory attributes changed | PID: 288 Path: C:\WINDOWS\system32\svchost.exe Base: 3D963381 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 575019196 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 575038753 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1e70e12 | success or wait | 575062605 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 575071075 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@4cdf7e | success or wait | 575076773 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 575081516 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 575088031 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@e4cf81 | success or wait | 575093535 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 575098674 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1f323bd | success or wait | 575101953 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: 9D0000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 575109205 |
Memory attributes changed | PID: 288 Path: C:\WINDOWS\system32\svchost.exe Base: 3D963381 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 575142160 |
Memory attributes changed | PID: 288 Path: C:\WINDOWS\system32\svchost.exe Base: BAFCB48 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 575146037 |
Memory attributes changed | PID: 288 Path: C:\WINDOWS\system32\svchost.exe Base: 71AB4C27 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 575152426 |
File opened | Path: C:\WINDOWS\system32\WS2_32.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 575169119 |
File other op | Path: C:\WINDOWS\system32\ws2_32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1af67f0 | success or wait | 575174858 |
File read | Path: C:\WINDOWS\system32\ws2_32.dll Offset: unknown Length: 4 Value: F0 00 00 00 | success or wait | 575178622 |
File other op | Path: C:\WINDOWS\system32\ws2_32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@d0cdd0 | success or wait | 575183597 |
File read | Path: C:\WINDOWS\system32\ws2_32.dll Offset: unknown Length: 20 Value: 4C 01 04 00 63 A1 02 48 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 575192241 |
File read | Path: C:\WINDOWS\system32\ws2_32.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 22 01 00 00 1C 00 00 00 00 00 00 73 12 00 00 00 10 00 00 00 20 01 00 00 00 AB 71 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 0A 00 00 00 00 00 00 70 01 00 00 04 00 00 20 F0 01 00 03 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 04 14 00 00 | success or wait | 575226237 |
File other op | Path: C:\WINDOWS\system32\ws2_32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@782dc6 | success or wait | 575233392 |
File read | Path: C:\WINDOWS\system32\ws2_32.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 53 21 01 00 00 10 00 00 00 22 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 14 09 00 00 00 40 01 00 00 0A 00 00 00 26 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 F8 03 00 00 00 50 01 00 00 04 00 00 | success or wait | 575245988 |
File other op | Path: C:\WINDOWS\system32\ws2_32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@55ff4 | success or wait | 575250966 |
Section loaded | Path: C:\WINDOWS\system32\ws2_32.dll Access: query and read Type: commit Baseaddress: 9D0000 Size: 20480 Protection: readonly Mapped to pid: own pid | success or wait | 575261218 |
Memory attributes changed | PID: 288 Path: C:\WINDOWS\system32\svchost.exe Base: 71AB4C27 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 575300600 |
File opened | Path: C:\WINDOWS\system32\ADVAPI32.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 575326323 |
File other op | Path: C:\WINDOWS\system32\advapi32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@de9984 | success or wait | 575331319 |
File read | Path: C:\WINDOWS\system32\advapi32.dll Offset: unknown Length: 4 Value: F0 00 00 00 | success or wait | 575335780 |
File other op | Path: C:\WINDOWS\system32\advapi32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@30d5aa | success or wait | 575344792 |
File read | Path: C:\WINDOWS\system32\advapi32.dll Offset: unknown Length: 20 Value: 4C 01 04 00 48 1D 90 49 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 575349502 |
File read | Path: C:\WINDOWS\system32\advapi32.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 46 07 00 00 3E 02 00 00 00 00 00 0B 71 00 00 00 10 00 00 00 20 07 00 00 00 DD 77 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 00 00 00 00 00 00 00 B0 09 00 00 04 00 00 B8 5B 0A 00 03 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 A4 16 00 00 | success or wait | 575354222 |
File other op | Path: C:\WINDOWS\system32\advapi32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1ba49d | success or wait | 575380059 |
File read | Path: C:\WINDOWS\system32\advapi32.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 C9 45 07 00 00 10 00 00 00 46 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 28 46 00 00 00 60 07 00 00 2C 00 00 00 4A 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 80 A9 01 00 00 B0 07 00 00 AA 01 00 | success or wait | 575386855 |
File other op | Path: C:\WINDOWS\system32\advapi32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@d46b95 | success or wait | 575390305 |
Section loaded | Path: C:\WINDOWS\system32\advapi32.dll Access: query and read Type: commit Baseaddress: 9D0000 Size: 28672 Protection: readonly Mapped to pid: own pid | success or wait | 575395274 |
File opened | Path: C:\WINDOWS\system32\CRYPT32.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 576040424 |
File other op | Path: C:\WINDOWS\system32\crypt32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1e31c3e | success or wait | 576681913 |
File read | Path: C:\WINDOWS\system32\crypt32.dll Offset: unknown Length: 4 Value: F0 00 00 00 | success or wait | 576720232 |
File other op | Path: C:\WINDOWS\system32\crypt32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1535057 | success or wait | 576727839 |
File read | Path: C:\WINDOWS\system32\crypt32.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D7 A0 02 48 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 576735070 |
File read | Path: C:\WINDOWS\system32\crypt32.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 44 08 00 00 DC 00 00 00 00 00 00 32 16 00 00 00 10 00 00 00 20 08 00 00 00 A8 77 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 00 00 00 00 00 00 00 50 09 00 00 04 00 00 30 C5 09 00 02 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 9C 1A 00 00 | success or wait | 576741182 |
File other op | Path: C:\WINDOWS\system32\crypt32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@bfaf9f | success or wait | 576746016 |
File read | Path: C:\WINDOWS\system32\crypt32.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 C4 43 08 00 00 10 00 00 00 44 08 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 E8 23 00 00 00 60 08 00 00 24 00 00 00 48 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 50 67 00 00 00 90 08 00 00 68 00 00 | success or wait | 576760041 |
File other op | Path: C:\WINDOWS\system32\crypt32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@a2f435 | success or wait | 576764260 |
Section loaded | Path: C:\WINDOWS\system32\crypt32.dll Access: query and read Type: commit Baseaddress: CE0000 Size: 77824 Protection: readonly Mapped to pid: own pid | success or wait | 576768366 |
Mutant created | Name: \BaseNamedObjects\WTFGQ7AIWawyMYWWRAk3SWXkgj39MdG | object name exists | 577185360 |
Thread created | PID: 288 TID: 4060 EIP: 7C8106F9 Imagepath: C:\WINDOWS\system32\svchost.exe | success or wait | 577240698 |
Thread resumed | TID: 4060 PID: 288 Path: C:\WINDOWS\system32\svchost.exe | success or wait | 577247038 |
File read | Path: \globpluginspipe Offset: unknown Length: 4 Value: 41 0C 02 00 | success or wait | 577283019 |
Thread created | PID: 288 TID: 4084 EIP: 7C8106F9 Imagepath: C:\WINDOWS\system32\svchost.exe | success or wait | 577298441 |
Thread resumed | TID: 4084 PID: 288 Path: C:\WINDOWS\system32\svchost.exe | success or wait | 577304940 |
Thread delayed | Time: 0 TID: 4084 | success or wait | 577309781 |
File read | Path: \globpluginspipe Offset: unknown Length: 134209 Value: 67 6C 6F 62 70 6C 75 67 69 6E 73 00 04 00 00 00 72 73 74 5F 31 5F 31 00 00 0C 02 00 4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF 00 00 B8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 E8 00 00 00 0E 1F BA 0E 00 B4 09 CD | success or wait | 577523102 |
Thread delayed | Time: 0 TID: 4084 | success or wait | 578415373 |
Memory allocated | PID: 288 Path: C:\WINDOWS\system32\svchost.exe Base: 960000 Length: D1FF2C Allocation Type: unknown Protection: page execute and read and write | success or wait | 578432345 |
Memory allocated | PID: 288 Path: C:\WINDOWS\system32\svchost.exe Base: 9D0000 Length: D1FE78 Allocation Type: unknown Protection: page read and write | success or wait | 578454539 |
Memory allocated | PID: 288 Path: C:\WINDOWS\system32\svchost.exe Base: 9D0000 Length: D1FE7C Allocation Type: unknown Protection: page read and write | success or wait | 578460694 |
Memory allocated | PID: 288 Path: C:\WINDOWS\system32\svchost.exe Base: 9D1000 Length: D1FB58 Allocation Type: unknown Protection: page read and write | success or wait | 578469503 |
Process information queried | PID: 288 Info Class: Cookie | success or wait | 578476532 |
Process information queried | PID: 288 Info Class: Cookie | success or wait | 578482413 |
Process information queried | PID: 288 Info Class: Cookie | success or wait | 578514955 |
Process information queried | PID: 288 Info Class: Cookie | success or wait | 578718436 |
Process information queried | PID: 288 Info Class: Cookie | success or wait | 578920251 |
Process information queried | PID: 288 Info Class: Cookie | success or wait | 578927125 |
Process information queried | PID: 288 Info Class: Cookie | success or wait | 578936713 |
Process information queried | PID: 288 Info Class: Cookie | success or wait | 578943738 |
Process information queried | PID: 288 Info Class: Cookie | success or wait | 578947784 |
Process information queried | PID: 288 Info Class: Cookie | success or wait | 578958932 |
Process information queried | PID: 288 Info Class: Cookie | success or wait | 578962256 |
Process information queried | PID: 288 Info Class: Cookie | success or wait | 578965940 |
Process information queried | PID: 288 Info Class: Cookie | success or wait | 578970533 |
Process information queried | PID: 288 Info Class: Cookie | success or wait | 578976573 |
Process information queried | PID: 288 Info Class: Cookie | success or wait | 578981091 |
Process information queried | PID: 288 Info Class: Cookie | success or wait | 578986252 |
Process information queried | PID: 288 Info Class: Cookie | success or wait | 578990523 |
Process information queried | PID: 288 Info Class: Cookie | success or wait | 578994297 |
Process information queried | PID: 288 Info Class: Cookie | success or wait | 579004467 |
Process information queried | PID: 288 Info Class: Cookie | success or wait | 579008345 |
Process information queried | PID: 288 Info Class: Cookie | success or wait | 579012976 |
Process information queried | PID: 288 Info Class: Cookie | success or wait | 579016805 |
Process information queried | PID: 288 Info Class: Cookie | success or wait | 579021608 |
Process information queried | PID: 288 Info Class: Cookie | success or wait | 579024835 |
Process information queried | PID: 288 Info Class: Cookie | success or wait | 579029210 |
Process information queried | PID: 288 Info Class: Cookie | success or wait | 579033707 |
Process information queried | PID: 288 Info Class: Cookie | success or wait | 579038298 |
Process information queried | PID: 288 Info Class: Cookie | success or wait | 579047964 |
Process information queried | PID: 288 Info Class: Cookie | success or wait | 579052561 |
Process information queried | PID: 288 Info Class: Cookie | success or wait | 579056942 |
Process information queried | PID: 288 Info Class: Cookie | success or wait | 579062373 |
Process information queried | PID: 288 Info Class: Cookie | success or wait | 579066429 |
Process information queried | PID: 288 Info Class: Cookie | success or wait | 579071047 |
Process information queried | PID: 288 Info Class: Cookie | success or wait | 579075387 |
Process information queried | PID: 288 Info Class: Cookie | success or wait | 579079570 |
Process information queried | PID: 288 Info Class: Cookie | success or wait | 579084193 |
Process information queried | PID: 288 Info Class: Cookie | success or wait | 579088574 |
Process information queried | PID: 288 Info Class: Cookie | success or wait | 579091826 |
Process information queried | PID: 288 Info Class: Cookie | success or wait | 579094638 |
Process information queried | PID: 288 Info Class: Cookie | success or wait | 579099883 |
Process information queried | PID: 288 Info Class: Cookie | success or wait | 579102484 |
Process information queried | PID: 288 Info Class: Cookie | success or wait | 579105932 |
Process information queried | PID: 288 Info Class: Cookie | success or wait | 579111485 |
Process information queried | PID: 288 Info Class: Cookie | success or wait | 579113474 |
Process information queried | PID: 288 Info Class: Cookie | success or wait | 579116458 |
Process information queried | PID: 288 Info Class: Cookie | success or wait | 579123379 |
Process information queried | PID: 288 Info Class: Cookie | success or wait | 579126245 |
Process information queried | PID: 288 Info Class: Cookie | success or wait | 579128862 |
Process information queried | PID: 288 Info Class: Cookie | success or wait | 579131579 |
Process information queried | PID: 288 Info Class: Cookie | success or wait | 579134936 |
Thread delayed | Time: 0 TID: 4084 | success or wait | 580086212 |
Thread delayed | Time: 0 TID: 4084 | success or wait | 582420145 |
Thread delayed | Time: 0 TID: 4084 | success or wait | 583831773 |
Thread delayed | Time: 0 TID: 4084 | success or wait | 585038253 |
Thread delayed | Time: 0 TID: 4084 | success or wait | 586636524 |
Thread created | PID: 288 TID: 668 EIP: 7C8106F9 Imagepath: C:\WINDOWS\system32\svchost.exe | success or wait | 586840443 |
Thread resumed | TID: 668 PID: 288 Path: C:\WINDOWS\system32\svchost.exe | success or wait | 586841496 |
Thread created | PID: 288 TID: 1780 EIP: 7C8106F9 Imagepath: C:\WINDOWS\system32\svchost.exe | success or wait | 586846503 |
Thread resumed | TID: 1780 PID: 288 Path: C:\WINDOWS\system32\svchost.exe | success or wait | 586849783 |
Key created | Path: HKEY_USERS\Software\Microsoft\Internet Explorer\DBControl | success or wait | 586856840 |
Thread delayed | Time: 0 TID: 4084 | success or wait | 587747613 |
Thread delayed | Time: 0 TID: 4084 | success or wait | 588868961 |
Thread delayed | Time: 0 TID: 4084 | success or wait | 589987612 |
Thread delayed | Time: 0 TID: 4084 | success or wait | 591106491 |
Thread delayed | Time: 0 TID: 4084 | success or wait | 592224847 |
Thread delayed | Time: 0 TID: 4084 | success or wait | 593343362 |
Thread delayed | Time: 0 TID: 4084 | success or wait | 594648365 |
Thread delayed | Time: 0 TID: 4084 | success or wait | 596042457 |
Thread delayed | Time: 0 TID: 4084 | success or wait | 597144102 |
Thread delayed | Time: 0 TID: 4084 | success or wait | 598274910 |
Thread delayed | Time: 0 TID: 4084 | success or wait | 599578555 |
Thread delayed | Time: 0 TID: 4084 | success or wait | 600672951 |
Thread delayed | Time: 0 TID: 4084 | success or wait | 601794347 |
Thread delayed | Time: 0 TID: 4084 | success or wait | 602914993 |
Thread delayed | Time: 0 TID: 4084 | success or wait | 604211114 |
Thread delayed | Time: 0 TID: 4084 | success or wait | 605418260 |
Thread delayed | Time: 0 TID: 4084 | success or wait | 606488290 |
Thread delayed | Time: 0 TID: 4084 | success or wait | 607606260 |
Thread delayed | Time: 0 TID: 4084 | success or wait | 608745061 |
Thread delayed | Time: 0 TID: 4084 | success or wait | 609842955 |
Thread delayed | Time: 0 TID: 4084 | success or wait | 610959257 |
Thread delayed | Time: 0 TID: 4084 | success or wait | 612079970 |
Thread delayed | Time: 0 TID: 4084 | success or wait | 613199421 |
Thread delayed | Time: 0 TID: 4084 | success or wait | 614320344 |
Thread delayed | Time: 0 TID: 4084 | success or wait | 615436378 |
Thread delayed | Time: 0 TID: 4084 | success or wait | 616554791 |
Thread delayed | Time: 0 TID: 4084 | success or wait | 617676405 |
Thread delayed | Time: 0 TID: 4084 | success or wait | 618792138 |
Thread delayed | Time: 0 TID: 4084 | success or wait | 619918683 |
Thread delayed | Time: 0 TID: 4084 | success or wait | 621029173 |
Thread delayed | Time: 0 TID: 4084 | success or wait | 622148418 |
Thread delayed | Time: 0 TID: 4084 | success or wait | 623266410 |
Thread delayed | Time: 0 TID: 4084 | success or wait | 624387710 |
Thread delayed | Time: 0 TID: 4084 | success or wait | 625503687 |
Thread delayed | Time: 0 TID: 4084 | success or wait | 626625339 |
Thread delayed | Time: 0 TID: 4084 | success or wait | 627741033 |
Thread delayed | Time: 0 TID: 4084 | success or wait | 628863814 |
Thread delayed | Time: 0 TID: 4084 | success or wait | 629978858 |
Thread delayed | Time: 0 TID: 4084 | success or wait | 631097128 |
Thread delayed | Time: 0 TID: 4084 | success or wait | 632215243 |
Thread delayed | Time: 0 TID: 4084 | success or wait | 633333945 |
Thread delayed | Time: 0 TID: 4084 | success or wait | 634462001 |
Thread delayed | Time: 0 TID: 4084 | success or wait | 635571201 |
Mutant created | Name: \BaseNamedObjects\ofjwkwufhdjfgki | object name exists | 698769107 |
File opened | Path: \pipe\globpluginspipe Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: none Content Overwritten: true | pipe not available | 698771362 |
File opened | Path: \pipe\globpluginspipe Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: none Content Overwritten: true | pipe not available | 698868051 |
File opened | Path: \pipe\globpluginspipe Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: none Content Overwritten: true | pipe not available | 699076875 |
File opened | Path: \pipe\globpluginspipe Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: none Content Overwritten: true | pipe not available | 699654483 |
File read | Path: \globpluginspipe Offset: unknown Length: 4 Value: 41 0C 02 00 | success or wait | 701176138 |
File read | Path: \globpluginspipe Offset: unknown Length: 134209 Value: 67 6C 6F 62 70 6C 75 67 69 6E 73 00 04 00 00 00 72 73 74 5F 31 5F 31 00 00 0C 02 00 4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF 00 00 B8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 E8 00 00 00 0E 1F BA 0E 00 B4 09 CD | success or wait | 701910324 |
Mutant created | Name: \BaseNamedObjects\ofjwkwufhdjfgki | object name exists | 819805866 |
File opened | Path: \pipe\globpluginspipe Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: none Content Overwritten: true | pipe not available | 819808258 |
File opened | Path: \pipe\globpluginspipe Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: none Content Overwritten: true | pipe not available | 820565764 |
File opened | Path: \pipe\globpluginspipe Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: none Content Overwritten: true | pipe not available | 821151169 |
File opened | Path: \pipe\globpluginspipe Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: none Content Overwritten: true | pipe not available | 822138975 |
File read | Path: \globpluginspipe Offset: unknown Length: 4 Value: 41 0C 02 00 | success or wait | 823106174 |
File read | Path: \globpluginspipe Offset: unknown Length: 134209 Value: 67 6C 6F 62 70 6C 75 67 69 6E 73 00 04 00 00 00 72 73 74 5F 31 5F 31 00 00 0C 02 00 4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF 00 00 B8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 E8 00 00 00 0E 1F BA 0E 00 B4 09 CD | success or wait | 823659553 |
Sections | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
File Activities:
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Section Activities:
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Mutant Activities:
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Process Activities:
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Thread Activities:
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Memory Activities:
|
Chronological sections | |||
Operation | Data | Completion | Time |
Section loaded | Path: \KnownDlls\CRYPT32.dll Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 556923582 |
Section loaded | Path: C:\WINDOWS\system32\crypt32.dll Access: query and write and read and execute Type: image Baseaddress: 77A80000 Size: 610304 Protection: read write Mapped to pid: own pid | success or wait | 556932809 |
Section loaded | Path: \KnownDlls\MSASN1.dll Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 558077803 |
Section loaded | Path: C:\WINDOWS\system32\msasn1.dll Access: query and write and read and execute Type: image Baseaddress: 77B20000 Size: 73728 Protection: read write Mapped to pid: own pid | success or wait | 558132233 |
Section loaded | Path: \KnownDlls\WININET.dll Access: write and read and execute Type: unknown Baseaddress: 3D930000 Size: 942080 Protection: read write Mapped to pid: own pid | success or wait | 558239830 |
Section loaded | Path: \KnownDlls\Normaliz.dll Access: write and read and execute Type: unknown Baseaddress: DC0000 Size: 36864 Protection: read write Mapped to pid: own pid | conflicting addresses | 559648238 |
Section loaded | Path: \KnownDlls\urlmon.dll Access: write and read and execute Type: unknown Baseaddress: 78130000 Size: 1257472 Protection: read write Mapped to pid: own pid | success or wait | 559913022 |
Section loaded | Path: \KnownDlls\iertutil.dll Access: write and read and execute Type: unknown Baseaddress: 3DFD0000 Size: 2002944 Protection: read write Mapped to pid: own pid | success or wait | 564057923 |
Memory attributes changed | PID: 172 Path: C:\WINDOWS\system32\wbem\wmiprvse.exe Base: 7C90D76E Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 566774210 |
File opened | Path: C:\WINDOWS\system32\ntdll.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 567787945 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1c0035b | success or wait | 567834318 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 4 Value: D0 00 00 00 | success or wait | 567845601 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@11c7f8d | success or wait | 567864168 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 20 Value: 4C 01 04 00 7D F2 00 4D 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 567871863 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 D0 07 00 00 3C 03 00 00 00 00 00 F8 20 01 00 00 10 00 00 00 90 07 00 00 00 90 7C 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 0A 00 00 00 00 00 00 20 0B 00 00 04 00 00 30 FD 0A 00 03 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 34 00 00 | success or wait | 567882817 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1fa12f6 | success or wait | 567927699 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 DA CE 07 00 00 10 00 00 00 D0 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 20 4A 00 00 00 E0 07 00 00 32 00 00 00 D4 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 78 BE 02 00 00 30 08 00 00 C0 02 00 | success or wait | 568046473 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@f30093 | success or wait | 568059018 |
Section loaded | Path: C:\WINDOWS\system32\ntdll.dll Access: query and read Type: commit Baseaddress: DE0000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 568068002 |
Memory attributes changed | PID: 172 Path: C:\WINDOWS\system32\wbem\wmiprvse.exe Base: 7C90D76E Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 568180754 |
Memory attributes changed | PID: 172 Path: C:\WINDOWS\system32\wbem\wmiprvse.exe Base: BAFCD70 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 568212203 |
Memory attributes changed | PID: 172 Path: C:\WINDOWS\system32\wbem\wmiprvse.exe Base: 7C90DF1E Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 568222176 |
File opened | Path: C:\WINDOWS\system32\ntdll.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 568373315 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1c0035b | success or wait | 568620109 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 4 Value: D0 00 00 00 | success or wait | 568629599 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@11c7f8d | success or wait | 568638140 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 20 Value: 4C 01 04 00 7D F2 00 4D 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 568648439 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 D0 07 00 00 3C 03 00 00 00 00 00 F8 20 01 00 00 10 00 00 00 90 07 00 00 00 90 7C 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 0A 00 00 00 00 00 00 20 0B 00 00 04 00 00 30 FD 0A 00 03 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 34 00 00 | success or wait | 568657373 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1fa12f6 | success or wait | 568671169 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 DA CE 07 00 00 10 00 00 00 D0 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 20 4A 00 00 00 E0 07 00 00 32 00 00 00 D4 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 78 BE 02 00 00 30 08 00 00 C0 02 00 | success or wait | 568685671 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@f30093 | success or wait | 568697789 |
Section loaded | Path: C:\WINDOWS\system32\ntdll.dll Access: query and read Type: commit Baseaddress: DE0000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 568711304 |
Memory attributes changed | PID: 172 Path: C:\WINDOWS\system32\wbem\wmiprvse.exe Base: 7C90DF1E Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 568856824 |
Memory attributes changed | PID: 172 Path: C:\WINDOWS\system32\wbem\wmiprvse.exe Base: BB17110 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 568867691 |
Memory attributes changed | PID: 172 Path: C:\WINDOWS\system32\wbem\wmiprvse.exe Base: 7C90D2EE Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 568883232 |
File opened | Path: C:\WINDOWS\system32\ntdll.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 568973886 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1c0035b | success or wait | 569017841 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 4 Value: D0 00 00 00 | success or wait | 569149969 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@11c7f8d | success or wait | 569162278 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 20 Value: 4C 01 04 00 7D F2 00 4D 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 569171180 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 D0 07 00 00 3C 03 00 00 00 00 00 F8 20 01 00 00 10 00 00 00 90 07 00 00 00 90 7C 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 0A 00 00 00 00 00 00 20 0B 00 00 04 00 00 30 FD 0A 00 03 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 34 00 00 | success or wait | 569180623 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1fa12f6 | success or wait | 569190276 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 DA CE 07 00 00 10 00 00 00 D0 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 20 4A 00 00 00 E0 07 00 00 32 00 00 00 D4 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 78 BE 02 00 00 30 08 00 00 C0 02 00 | success or wait | 569197975 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@f30093 | success or wait | 569208015 |
Section loaded | Path: C:\WINDOWS\system32\ntdll.dll Access: query and read Type: commit Baseaddress: DE0000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 569215269 |
Memory attributes changed | PID: 172 Path: C:\WINDOWS\system32\wbem\wmiprvse.exe Base: 7C90D2EE Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 569312866 |
Memory attributes changed | PID: 172 Path: C:\WINDOWS\system32\wbem\wmiprvse.exe Base: BB02A80 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 569319898 |
Memory attributes changed | PID: 172 Path: C:\WINDOWS\system32\wbem\wmiprvse.exe Base: 7C90DB3E Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 569333641 |
File opened | Path: C:\WINDOWS\system32\ntdll.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 569609844 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1c0035b | success or wait | 569733907 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 4 Value: D0 00 00 00 | success or wait | 569786848 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@11c7f8d | success or wait | 569797794 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 20 Value: 4C 01 04 00 7D F2 00 4D 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 570233642 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 D0 07 00 00 3C 03 00 00 00 00 00 F8 20 01 00 00 10 00 00 00 90 07 00 00 00 90 7C 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 0A 00 00 00 00 00 00 20 0B 00 00 04 00 00 30 FD 0A 00 03 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 34 00 00 | success or wait | 570247600 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1fa12f6 | success or wait | 570259024 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 DA CE 07 00 00 10 00 00 00 D0 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 20 4A 00 00 00 E0 07 00 00 32 00 00 00 D4 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 78 BE 02 00 00 30 08 00 00 C0 02 00 | success or wait | 570266806 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@f30093 | success or wait | 570285523 |
Section loaded | Path: C:\WINDOWS\system32\ntdll.dll Access: query and read Type: commit Baseaddress: DE0000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 570295670 |
Memory attributes changed | PID: 172 Path: C:\WINDOWS\system32\wbem\wmiprvse.exe Base: 7C90DB3E Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 570526205 |
Memory attributes changed | PID: 172 Path: C:\WINDOWS\system32\wbem\wmiprvse.exe Base: BB169A8 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 570664017 |
Memory attributes changed | PID: 172 Path: C:\WINDOWS\system32\wbem\wmiprvse.exe Base: 7C91632D Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 570675159 |
File opened | Path: C:\WINDOWS\system32\ntdll.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 570909166 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1c0035b | success or wait | 571020569 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 4 Value: D0 00 00 00 | success or wait | 571032609 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@11c7f8d | success or wait | 571039358 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 20 Value: 4C 01 04 00 7D F2 00 4D 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 571044661 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 D0 07 00 00 3C 03 00 00 00 00 00 F8 20 01 00 00 10 00 00 00 90 07 00 00 00 90 7C 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 0A 00 00 00 00 00 00 20 0B 00 00 04 00 00 30 FD 0A 00 03 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 34 00 00 | success or wait | 571051778 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1fa12f6 | success or wait | 571062765 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 DA CE 07 00 00 10 00 00 00 D0 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 20 4A 00 00 00 E0 07 00 00 32 00 00 00 D4 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 78 BE 02 00 00 30 08 00 00 C0 02 00 | success or wait | 571066618 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@f30093 | success or wait | 571070292 |
Section loaded | Path: C:\WINDOWS\system32\ntdll.dll Access: query and read Type: commit Baseaddress: DE0000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 571073547 |
Memory attributes changed | PID: 172 Path: C:\WINDOWS\system32\wbem\wmiprvse.exe Base: 7C91632D Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 571119997 |
Memory attributes changed | PID: 172 Path: C:\WINDOWS\system32\wbem\wmiprvse.exe Base: BB031F0 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 571123031 |
Memory attributes changed | PID: 172 Path: C:\WINDOWS\system32\wbem\wmiprvse.exe Base: 7E418BF6 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 571126263 |
File other op | Path: C:\WINDOWS\system32\user32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1aabda3 | success or wait | 571148988 |
File read | Path: C:\WINDOWS\system32\user32.dll Offset: unknown Length: 4 Value: D8 00 00 00 | success or wait | 571157852 |
File other op | Path: C:\WINDOWS\system32\user32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@88485f | success or wait | 571165101 |
File read | Path: C:\WINDOWS\system32\user32.dll Offset: unknown Length: 20 Value: 4C 01 04 00 1B A1 02 48 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 571172807 |
File read | Path: C:\WINDOWS\system32\user32.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 F4 05 00 00 E2 02 00 00 00 00 00 17 B2 00 00 00 10 00 00 00 B0 05 00 00 00 41 7E 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 00 00 00 00 00 00 00 10 09 00 00 04 00 00 76 FC 08 00 02 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 39 00 00 | success or wait | 571181064 |
File other op | Path: C:\WINDOWS\system32\user32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@14790be | success or wait | 571188946 |
File read | Path: C:\WINDOWS\system32\user32.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 83 F2 05 00 00 10 00 00 00 F4 05 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 80 11 00 00 00 10 06 00 00 0C 00 00 00 F8 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 88 A0 02 00 00 30 06 00 00 A2 02 00 | success or wait | 571196997 |
File other op | Path: C:\WINDOWS\system32\user32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@16fb9fd | success or wait | 571207650 |
Section loaded | Path: C:\WINDOWS\system32\user32.dll Access: query and read Type: commit Baseaddress: DE0000 Size: 57344 Protection: readonly Mapped to pid: own pid | success or wait | 571214288 |
Memory attributes changed | PID: 172 Path: C:\WINDOWS\system32\wbem\wmiprvse.exe Base: 7E418BF6 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 571907763 |
Memory attributes changed | PID: 172 Path: C:\WINDOWS\system32\wbem\wmiprvse.exe Base: BB02140 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 571912917 |
File opened | Path: C:\skhfushjflw\config.bin Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: normal Content Overwritten: true | success or wait | 571916832 |
File read | Path: C:\skhfushjflw\config.bin Offset: unknown Length: 74019 Value: 50 5F A6 6E 46 82 4F 8B 57 93 A9 9E 12 94 50 94 50 94 50 94 50 94 65 A2 66 A2 68 AC 79 BD E4 97 C1 E3 88 2B 9D C5 E2 92 23 B3 04 C0 03 7C B1 2A B3 BE CE AD 37 FD 39 FD 3B 6B 1F 81 21 06 02 04 95 44 7B 58 4F 33 E4 CF A8 3F D4 7E 21 05 7D B3 67 3E 96 B1 22 34 C2 F2 16 A5 36 26 B2 39 84 48 E5 22 EE 43 | success or wait | 571935608 |
Memory attributes changed | PID: 172 Path: C:\WINDOWS\system32\wbem\wmiprvse.exe Base: 3D949088 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 571988462 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1b9b03 | success or wait | 572013549 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 572016139 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@5de82a | success or wait | 572057933 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 572061674 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 572077679 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@13552ed | success or wait | 572080522 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 572083334 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1d77d9e | success or wait | 572086908 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: DE0000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 572091449 |
Memory attributes changed | PID: 172 Path: C:\WINDOWS\system32\wbem\wmiprvse.exe Base: 3D949088 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 572127838 |
Memory attributes changed | PID: 172 Path: C:\WINDOWS\system32\wbem\wmiprvse.exe Base: BB17598 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 572129849 |
Memory attributes changed | PID: 172 Path: C:\WINDOWS\system32\wbem\wmiprvse.exe Base: 3D95EE89 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 572132474 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1b9b03 | success or wait | 572189604 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 572191862 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@5de82a | success or wait | 572194426 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 572197180 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 572199810 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@13552ed | success or wait | 572202642 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 572206525 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1d77d9e | success or wait | 572212149 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: DE0000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 572214565 |
Memory attributes changed | PID: 172 Path: C:\WINDOWS\system32\wbem\wmiprvse.exe Base: 3D95EE89 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 572292649 |
Memory attributes changed | PID: 172 Path: C:\WINDOWS\system32\wbem\wmiprvse.exe Base: BB16B68 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 572295205 |
Memory attributes changed | PID: 172 Path: C:\WINDOWS\system32\wbem\wmiprvse.exe Base: 3D94FABE Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 572332352 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1b9b03 | success or wait | 572623834 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 572635918 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@5de82a | success or wait | 572675089 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 572678861 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 572683207 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@13552ed | success or wait | 572688527 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 572693005 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1d77d9e | success or wait | 572698096 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: DE0000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 572700999 |
Memory attributes changed | PID: 172 Path: C:\WINDOWS\system32\wbem\wmiprvse.exe Base: 3D94FABE Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 573053290 |
Memory attributes changed | PID: 172 Path: C:\WINDOWS\system32\wbem\wmiprvse.exe Base: BAFC6D0 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 573056126 |
Memory attributes changed | PID: 172 Path: C:\WINDOWS\system32\wbem\wmiprvse.exe Base: 3D9A608E Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 573095242 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1b9b03 | success or wait | 573105678 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 573108355 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@5de82a | success or wait | 573111230 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 573127058 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 573129555 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@13552ed | success or wait | 573131792 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 573134898 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1d77d9e | success or wait | 573137131 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: DE0000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 573139359 |
Memory attributes changed | PID: 172 Path: C:\WINDOWS\system32\wbem\wmiprvse.exe Base: 3D9A608E Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 573206734 |
Memory attributes changed | PID: 172 Path: C:\WINDOWS\system32\wbem\wmiprvse.exe Base: BB05EA0 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 573208842 |
File opened | Path: C:\skhfushjflw\config.bin Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: normal Content Overwritten: true | success or wait | 573213453 |
File read | Path: C:\skhfushjflw\config.bin Offset: unknown Length: 74019 Value: 50 5F A6 6E 46 82 4F 8B 57 93 A9 9E 12 94 50 94 50 94 50 94 50 94 65 A2 66 A2 68 AC 79 BD E4 97 C1 E3 88 2B 9D C5 E2 92 23 B3 04 C0 03 7C B1 2A B3 BE CE AD 37 FD 39 FD 3B 6B 1F 81 21 06 02 04 95 44 7B 58 4F 33 E4 CF A8 3F D4 7E 21 05 7D B3 67 3E 96 B1 22 34 C2 F2 16 A5 36 26 B2 39 84 48 E5 22 EE 43 | success or wait | 573219027 |
Memory attributes changed | PID: 172 Path: C:\WINDOWS\system32\wbem\wmiprvse.exe Base: 3D94D508 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 573289535 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1b9b03 | success or wait | 573311259 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 573367273 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@5de82a | success or wait | 573374247 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 573382360 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 573387744 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@13552ed | success or wait | 573396908 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 573403464 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1d77d9e | success or wait | 573410203 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: DE0000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 573417533 |
Memory attributes changed | PID: 172 Path: C:\WINDOWS\system32\wbem\wmiprvse.exe Base: 3D94D508 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 573488634 |
Memory attributes changed | PID: 172 Path: C:\WINDOWS\system32\wbem\wmiprvse.exe Base: BB06620 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 573493990 |
Memory attributes changed | PID: 172 Path: C:\WINDOWS\system32\wbem\wmiprvse.exe Base: 3D94CF4E Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 573522739 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1b9b03 | success or wait | 573589677 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 573595566 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@5de82a | success or wait | 573604376 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 573610367 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 573616102 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@13552ed | success or wait | 573625217 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 573630374 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1d77d9e | success or wait | 573636080 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: DE0000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 573685894 |
Memory attributes changed | PID: 172 Path: C:\WINDOWS\system32\wbem\wmiprvse.exe Base: 3D94CF4E Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 574515283 |
Memory attributes changed | PID: 172 Path: C:\WINDOWS\system32\wbem\wmiprvse.exe Base: BB17758 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 574520411 |
Memory attributes changed | PID: 172 Path: C:\WINDOWS\system32\wbem\wmiprvse.exe Base: 3D94878D Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 574564277 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1b9b03 | success or wait | 574608593 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 574614088 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@5de82a | success or wait | 574621388 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 574626614 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 574631681 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@13552ed | success or wait | 574638308 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 574643605 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1d77d9e | success or wait | 574650105 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: DE0000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 574656682 |
Memory attributes changed | PID: 172 Path: C:\WINDOWS\system32\wbem\wmiprvse.exe Base: 3D94878D Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 574841144 |
Memory attributes changed | PID: 172 Path: C:\WINDOWS\system32\wbem\wmiprvse.exe Base: BB033B0 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 574846527 |
Memory attributes changed | PID: 172 Path: C:\WINDOWS\system32\wbem\wmiprvse.exe Base: 3D940049 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 574874153 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1b9b03 | success or wait | 574942451 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 574949858 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@5de82a | success or wait | 574957330 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 574962974 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 574969508 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@13552ed | success or wait | 574976547 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 574980965 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1d77d9e | success or wait | 574986048 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: DE0000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 574992490 |
Memory attributes changed | PID: 172 Path: C:\WINDOWS\system32\wbem\wmiprvse.exe Base: 3D940049 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 575032364 |
Memory attributes changed | PID: 172 Path: C:\WINDOWS\system32\wbem\wmiprvse.exe Base: BB17AA8 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 575037811 |
Memory attributes changed | PID: 172 Path: C:\WINDOWS\system32\wbem\wmiprvse.exe Base: 3D94BF83 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 575043816 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1b9b03 | success or wait | 575087707 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 575093130 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@5de82a | success or wait | 575097875 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 575101285 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 575104620 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@13552ed | success or wait | 575116061 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 575119514 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1d77d9e | success or wait | 575123747 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: DE0000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 575128304 |
Memory attributes changed | PID: 172 Path: C:\WINDOWS\system32\wbem\wmiprvse.exe Base: 3D94BF83 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 575166452 |
Memory attributes changed | PID: 172 Path: C:\WINDOWS\system32\wbem\wmiprvse.exe Base: BB02C30 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 575171115 |
Memory attributes changed | PID: 172 Path: C:\WINDOWS\system32\wbem\wmiprvse.exe Base: 3D94654B Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 575175390 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1b9b03 | success or wait | 575201126 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 575232313 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@5de82a | success or wait | 575245803 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 575250752 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 575260728 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@13552ed | success or wait | 575268416 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 575272046 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1d77d9e | success or wait | 575277794 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: DE0000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 575284048 |
Memory attributes changed | PID: 172 Path: C:\WINDOWS\system32\wbem\wmiprvse.exe Base: 3D94654B Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 575320363 |
Memory attributes changed | PID: 172 Path: C:\WINDOWS\system32\wbem\wmiprvse.exe Base: BB035C0 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 575326029 |
Memory attributes changed | PID: 172 Path: C:\WINDOWS\system32\wbem\wmiprvse.exe Base: 3D963381 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 575331699 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1b9b03 | success or wait | 575376865 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 575381516 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@5de82a | success or wait | 575385813 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 575389751 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 575394536 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@13552ed | success or wait | 575402479 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 575408965 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1d77d9e | success or wait | 575413711 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: DE0000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 575420122 |
Memory attributes changed | PID: 172 Path: C:\WINDOWS\system32\wbem\wmiprvse.exe Base: 3D963381 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 575666761 |
Memory attributes changed | PID: 172 Path: C:\WINDOWS\system32\wbem\wmiprvse.exe Base: BAFCB48 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 576041477 |
Memory attributes changed | PID: 172 Path: C:\WINDOWS\system32\wbem\wmiprvse.exe Base: 71AB4C27 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 576708769 |
File opened | Path: C:\WINDOWS\system32\WS2_32.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 576737242 |
File other op | Path: C:\WINDOWS\system32\ws2_32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@7834eb | success or wait | 576743071 |
File read | Path: C:\WINDOWS\system32\ws2_32.dll Offset: unknown Length: 4 Value: F0 00 00 00 | success or wait | 576747194 |
File other op | Path: C:\WINDOWS\system32\ws2_32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1da3acc | success or wait | 576754425 |
File read | Path: C:\WINDOWS\system32\ws2_32.dll Offset: unknown Length: 20 Value: 4C 01 04 00 63 A1 02 48 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 576758814 |
File read | Path: C:\WINDOWS\system32\ws2_32.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 22 01 00 00 1C 00 00 00 00 00 00 73 12 00 00 00 10 00 00 00 20 01 00 00 00 AB 71 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 0A 00 00 00 00 00 00 70 01 00 00 04 00 00 20 F0 01 00 03 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 04 14 00 00 | success or wait | 576763151 |
File other op | Path: C:\WINDOWS\system32\ws2_32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@4a583d | success or wait | 576776821 |
File read | Path: C:\WINDOWS\system32\ws2_32.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 53 21 01 00 00 10 00 00 00 22 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 14 09 00 00 00 40 01 00 00 0A 00 00 00 26 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 F8 03 00 00 00 50 01 00 00 04 00 00 | success or wait | 576781742 |
File other op | Path: C:\WINDOWS\system32\ws2_32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@e74663 | success or wait | 576787554 |
Section loaded | Path: C:\WINDOWS\system32\ws2_32.dll Access: query and read Type: commit Baseaddress: DE0000 Size: 20480 Protection: readonly Mapped to pid: own pid | success or wait | 576799100 |
Memory attributes changed | PID: 172 Path: C:\WINDOWS\system32\wbem\wmiprvse.exe Base: 71AB4C27 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 577202542 |
File other op | Path: C:\WINDOWS\system32\advapi32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1be1e75 | success or wait | 577282631 |
File read | Path: C:\WINDOWS\system32\advapi32.dll Offset: unknown Length: 4 Value: F0 00 00 00 | success or wait | 577286976 |
File other op | Path: C:\WINDOWS\system32\advapi32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@c1abcf | success or wait | 577292189 |
File read | Path: C:\WINDOWS\system32\advapi32.dll Offset: unknown Length: 20 Value: 4C 01 04 00 48 1D 90 49 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 577298855 |
File read | Path: C:\WINDOWS\system32\advapi32.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 46 07 00 00 3E 02 00 00 00 00 00 0B 71 00 00 00 10 00 00 00 20 07 00 00 00 DD 77 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 00 00 00 00 00 00 00 B0 09 00 00 04 00 00 B8 5B 0A 00 03 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 A4 16 00 00 | success or wait | 577303931 |
File other op | Path: C:\WINDOWS\system32\advapi32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@f6d9ca | success or wait | 577314423 |
File read | Path: C:\WINDOWS\system32\advapi32.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 C9 45 07 00 00 10 00 00 00 46 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 28 46 00 00 00 60 07 00 00 2C 00 00 00 4A 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 80 A9 01 00 00 B0 07 00 00 AA 01 00 | success or wait | 577319103 |
File other op | Path: C:\WINDOWS\system32\advapi32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@54864c | success or wait | 577323651 |
Section loaded | Path: C:\WINDOWS\system32\advapi32.dll Access: query and read Type: commit Baseaddress: DE0000 Size: 28672 Protection: readonly Mapped to pid: own pid | success or wait | 577517671 |
File other op | Path: C:\WINDOWS\system32\crypt32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@13d285f | success or wait | 578730324 |
File read | Path: C:\WINDOWS\system32\crypt32.dll Offset: unknown Length: 4 Value: F0 00 00 00 | success or wait | 578924119 |
File other op | Path: C:\WINDOWS\system32\crypt32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@25a5d2 | success or wait | 578938183 |
File read | Path: C:\WINDOWS\system32\crypt32.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D7 A0 02 48 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 578945751 |
File read | Path: C:\WINDOWS\system32\crypt32.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 44 08 00 00 DC 00 00 00 00 00 00 32 16 00 00 00 10 00 00 00 20 08 00 00 00 A8 77 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 00 00 00 00 00 00 00 50 09 00 00 04 00 00 30 C5 09 00 02 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 9C 1A 00 00 | success or wait | 578950898 |
File other op | Path: C:\WINDOWS\system32\crypt32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1a99295 | success or wait | 578957234 |
File read | Path: C:\WINDOWS\system32\crypt32.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 C4 43 08 00 00 10 00 00 00 44 08 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 E8 23 00 00 00 60 08 00 00 24 00 00 00 48 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 50 67 00 00 00 90 08 00 00 68 00 00 | success or wait | 578961043 |
File other op | Path: C:\WINDOWS\system32\crypt32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1d694da | success or wait | 578964931 |
Section loaded | Path: C:\WINDOWS\system32\crypt32.dll Access: query and read Type: commit Baseaddress: DE0000 Size: 77824 Protection: readonly Mapped to pid: own pid | success or wait | 578971522 |
Mutant created | Name: \BaseNamedObjects\WTFGQ7AIWawyMYWWRAk3SWXkgj39MdG | object name exists | 579011158 |
Thread created | PID: 172 TID: 260 EIP: 7C8106F9 Imagepath: C:\WINDOWS\system32\wbem\wmiprvse.exe | success or wait | 579031906 |
Thread resumed | TID: 260 PID: 172 Path: C:\WINDOWS\system32\wbem\wmiprvse.exe | success or wait | 579037183 |
File opened | Path: \pipe\globpluginspipe Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: none Content Overwritten: true | pipe not available | 579041924 |
File opened | Path: \pipe\globpluginspipe Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: none Content Overwritten: true | success or wait | 579065182 |
Thread created | PID: 172 TID: 208 EIP: 7C8106F9 Imagepath: C:\WINDOWS\system32\wbem\wmiprvse.exe | success or wait | 579068657 |
File read | Path: \globpluginspipe Offset: unknown Length: 4 Value: 41 0C 02 00 | success or wait | 579069863 |
Thread resumed | TID: 208 PID: 172 Path: C:\WINDOWS\system32\wbem\wmiprvse.exe | success or wait | 579072850 |
Thread delayed | Time: 0 TID: 208 | success or wait | 579074936 |
Thread delayed | Time: 0 TID: 208 | success or wait | 580293209 |
Thread delayed | Time: 0 TID: 208 | success or wait | 582420591 |
File read | Path: \globpluginspipe Offset: unknown Length: 134209 Value: 67 6C 6F 62 70 6C 75 67 69 6E 73 00 04 00 00 00 72 73 74 5F 31 5F 31 00 00 0C 02 00 4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF 00 00 B8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 E8 00 00 00 0E 1F BA 0E 00 B4 09 CD | success or wait | 582630920 |
Memory allocated | PID: 172 Path: C:\WINDOWS\system32\wbem\wmiprvse.exe Base: C00000 Length: E1FF2C Allocation Type: unknown Protection: page execute and read and write | success or wait | 582843212 |
Memory allocated | PID: 172 Path: C:\WINDOWS\system32\wbem\wmiprvse.exe Base: EB0000 Length: E1FE78 Allocation Type: unknown Protection: page read and write | success or wait | 582856348 |
Memory allocated | PID: 172 Path: C:\WINDOWS\system32\wbem\wmiprvse.exe Base: EB0000 Length: E1FE7C Allocation Type: unknown Protection: page read and write | success or wait | 582864132 |
Memory allocated | PID: 172 Path: C:\WINDOWS\system32\wbem\wmiprvse.exe Base: EB1000 Length: E1FB58 Allocation Type: unknown Protection: page read and write | success or wait | 582868564 |
Process information queried | PID: 172 Info Class: Cookie | success or wait | 582872693 |
Process information queried | PID: 172 Info Class: Cookie | success or wait | 582877688 |
Process information queried | PID: 172 Info Class: Cookie | success or wait | 583808044 |
Thread delayed | Time: 0 TID: 208 | success or wait | 583832219 |
Process information queried | PID: 172 Info Class: Cookie | success or wait | 583835509 |
Process information queried | PID: 172 Info Class: Cookie | success or wait | 584028951 |
Process information queried | PID: 172 Info Class: Cookie | success or wait | 584032848 |
Process information queried | PID: 172 Info Class: Cookie | success or wait | 584043335 |
Process information queried | PID: 172 Info Class: Cookie | success or wait | 584053760 |
Process information queried | PID: 172 Info Class: Cookie | success or wait | 584060851 |
Process information queried | PID: 172 Info Class: Cookie | success or wait | 584073982 |
Process information queried | PID: 172 Info Class: Cookie | success or wait | 584078707 |
Process information queried | PID: 172 Info Class: Cookie | success or wait | 584084054 |
Process information queried | PID: 172 Info Class: Cookie | success or wait | 584087109 |
Process information queried | PID: 172 Info Class: Cookie | success or wait | 584091894 |
Process information queried | PID: 172 Info Class: Cookie | success or wait | 584095932 |
Process information queried | PID: 172 Info Class: Cookie | success or wait | 584098539 |
Process information queried | PID: 172 Info Class: Cookie | success or wait | 584285358 |
Process information queried | PID: 172 Info Class: Cookie | success or wait | 584293502 |
Process information queried | PID: 172 Info Class: Cookie | success or wait | 585015595 |
Thread delayed | Time: 0 TID: 208 | success or wait | 585038695 |
Process information queried | PID: 172 Info Class: Cookie | success or wait | 585042282 |
Process information queried | PID: 172 Info Class: Cookie | success or wait | 585048463 |
Process information queried | PID: 172 Info Class: Cookie | success or wait | 585058956 |
Process information queried | PID: 172 Info Class: Cookie | success or wait | 585073079 |
Process information queried | PID: 172 Info Class: Cookie | success or wait | 585075526 |
Process information queried | PID: 172 Info Class: Cookie | success or wait | 585081182 |
Process information queried | PID: 172 Info Class: Cookie | success or wait | 585084961 |
Process information queried | PID: 172 Info Class: Cookie | success or wait | 585087439 |
Process information queried | PID: 172 Info Class: Cookie | success or wait | 585090183 |
Process information queried | PID: 172 Info Class: Cookie | success or wait | 585096203 |
Process information queried | PID: 172 Info Class: Cookie | success or wait | 585098867 |
Process information queried | PID: 172 Info Class: Cookie | success or wait | 585101771 |
Process information queried | PID: 172 Info Class: Cookie | success or wait | 585104508 |
Process information queried | PID: 172 Info Class: Cookie | success or wait | 585107235 |
Process information queried | PID: 172 Info Class: Cookie | success or wait | 585110029 |
Process information queried | PID: 172 Info Class: Cookie | success or wait | 585114288 |
Process information queried | PID: 172 Info Class: Cookie | success or wait | 585117059 |
Process information queried | PID: 172 Info Class: Cookie | success or wait | 585120130 |
Process information queried | PID: 172 Info Class: Cookie | success or wait | 585122820 |
Process information queried | PID: 172 Info Class: Cookie | success or wait | 585125430 |
Process information queried | PID: 172 Info Class: Cookie | success or wait | 585128033 |
Process information queried | PID: 172 Info Class: Cookie | success or wait | 585131645 |
Process information queried | PID: 172 Info Class: Cookie | success or wait | 585134158 |
Process information queried | PID: 172 Info Class: Cookie | success or wait | 585136764 |
Process information queried | PID: 172 Info Class: Cookie | success or wait | 585139455 |
Process information queried | PID: 172 Info Class: Cookie | success or wait | 585142107 |
Process information queried | PID: 172 Info Class: Cookie | success or wait | 585144686 |
Process information queried | PID: 172 Info Class: Cookie | success or wait | 585148470 |
Process information queried | PID: 172 Info Class: Cookie | success or wait | 585150945 |
Process information queried | PID: 172 Info Class: Cookie | success or wait | 585153470 |
Process information queried | PID: 172 Info Class: Cookie | success or wait | 585157076 |
Thread delayed | Time: 0 TID: 208 | success or wait | 586636687 |
Thread created | PID: 172 TID: 176 EIP: 7C8106F9 Imagepath: C:\WINDOWS\system32\wbem\wmiprvse.exe | success or wait | 586914279 |
Thread resumed | TID: 176 PID: 172 Path: C:\WINDOWS\system32\wbem\wmiprvse.exe | success or wait | 586916334 |
Thread created | PID: 172 TID: 752 EIP: 7C8106F9 Imagepath: C:\WINDOWS\system32\wbem\wmiprvse.exe | success or wait | 586928656 |
Thread resumed | TID: 752 PID: 172 Path: C:\WINDOWS\system32\wbem\wmiprvse.exe | success or wait | 586930594 |
Thread delayed | Time: 0 TID: 208 | success or wait | 587747938 |
Thread delayed | Time: 0 TID: 208 | success or wait | 588869652 |
Thread delayed | Time: 0 TID: 208 | success or wait | 589988441 |
Thread delayed | Time: 0 TID: 208 | success or wait | 591107351 |
Thread delayed | Time: 0 TID: 208 | success or wait | 592225705 |
Thread delayed | Time: 0 TID: 208 | success or wait | 593344239 |
Thread delayed | Time: 0 TID: 208 | success or wait | 594648810 |
Thread delayed | Time: 0 TID: 208 | success or wait | 596042902 |
Thread delayed | Time: 0 TID: 208 | success or wait | 597144264 |
Thread delayed | Time: 0 TID: 208 | success or wait | 598275066 |
Thread delayed | Time: 0 TID: 208 | success or wait | 599578717 |
Thread delayed | Time: 0 TID: 208 | success or wait | 600673138 |
Thread delayed | Time: 0 TID: 208 | success or wait | 601794519 |
Thread delayed | Time: 0 TID: 208 | success or wait | 602915164 |
Thread delayed | Time: 0 TID: 208 | success or wait | 604211277 |
Thread delayed | Time: 0 TID: 208 | success or wait | 605418415 |
Thread delayed | Time: 0 TID: 208 | success or wait | 606488736 |
Thread delayed | Time: 0 TID: 208 | success or wait | 607606659 |
Thread delayed | Time: 0 TID: 208 | success or wait | 608745460 |
Thread delayed | Time: 0 TID: 208 | success or wait | 609843252 |
Thread delayed | Time: 0 TID: 208 | success or wait | 610959545 |
Thread delayed | Time: 0 TID: 208 | success or wait | 612080714 |
Thread delayed | Time: 0 TID: 208 | success or wait | 613200272 |
Thread delayed | Time: 0 TID: 208 | success or wait | 614321160 |
Thread delayed | Time: 0 TID: 208 | success or wait | 615437226 |
Thread delayed | Time: 0 TID: 208 | success or wait | 616555602 |
Thread delayed | Time: 0 TID: 208 | success or wait | 617677217 |
Thread delayed | Time: 0 TID: 208 | success or wait | 618792972 |
Thread delayed | Time: 0 TID: 208 | success or wait | 619919538 |
Thread delayed | Time: 0 TID: 208 | success or wait | 621029989 |
Thread delayed | Time: 0 TID: 208 | success or wait | 622149256 |
Thread delayed | Time: 0 TID: 208 | success or wait | 623267227 |
Thread delayed | Time: 0 TID: 208 | success or wait | 624388522 |
Thread delayed | Time: 0 TID: 208 | success or wait | 625504512 |
Thread delayed | Time: 0 TID: 208 | success or wait | 626626237 |
Thread delayed | Time: 0 TID: 208 | success or wait | 627741883 |
Thread delayed | Time: 0 TID: 208 | success or wait | 628864625 |
Thread delayed | Time: 0 TID: 208 | success or wait | 629979682 |
Thread delayed | Time: 0 TID: 208 | success or wait | 631097945 |
Thread delayed | Time: 0 TID: 208 | success or wait | 632216056 |
Thread delayed | Time: 0 TID: 208 | success or wait | 633334792 |
Thread delayed | Time: 0 TID: 208 | success or wait | 634462857 |
Thread delayed | Time: 0 TID: 208 | success or wait | 635572018 |
Thread delayed | Time: 0 TID: 208 | success or wait | 636690630 |
Mutant created | Name: \BaseNamedObjects\ofjwkwufhdjfgki | object name exists | 700912635 |
File opened | Path: \pipe\globpluginspipe Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: none Content Overwritten: true | pipe not available | 700934470 |
File opened | Path: \pipe\globpluginspipe Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: none Content Overwritten: true | pipe not available | 701098483 |
File opened | Path: \pipe\globpluginspipe Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: none Content Overwritten: true | pipe not available | 701547690 |
File opened | Path: \pipe\globpluginspipe Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: none Content Overwritten: true | pipe not available | 702016838 |
File opened | Path: \pipe\globpluginspipe Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: none Content Overwritten: true | pipe not available | 702528623 |
File opened | Path: \pipe\globpluginspipe Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: none Content Overwritten: true | success or wait | 702823470 |
File read | Path: \globpluginspipe Offset: unknown Length: 4 Value: 41 0C 02 00 | success or wait | 702823637 |
File read | Path: \globpluginspipe Offset: unknown Length: 134209 Value: 67 6C 6F 62 70 6C 75 67 69 6E 73 00 04 00 00 00 72 73 74 5F 31 5F 31 00 00 0C 02 00 4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF 00 00 B8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 E8 00 00 00 0E 1F BA 0E 00 B4 09 CD | success or wait | 703590142 |
Thread resumed | TID: 2976 PID: 172 Path: C:\WINDOWS\system32\wbem\wmiprvse.exe | success or wait | 790852546 |
Mutant created | Name: \BaseNamedObjects\ofjwkwufhdjfgki | object name exists | 822119922 |
File opened | Path: \pipe\globpluginspipe Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: none Content Overwritten: true | pipe not available | 822128560 |
File opened | Path: \pipe\globpluginspipe Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: none Content Overwritten: true | pipe not available | 822140483 |
File opened | Path: \pipe\globpluginspipe Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: none Content Overwritten: true | pipe not available | 823112456 |
File opened | Path: \pipe\globpluginspipe Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: none Content Overwritten: true | pipe not available | 823507921 |
Sections | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
File Activities:
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Section Activities:
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Mutant Activities:
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Process Activities:
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Thread Activities:
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Memory Activities:
|
Chronological sections | |||
Operation | Data | Completion | Time |
Section loaded | Path: \KnownDlls\CRYPT32.dll Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 558243642 |
Section loaded | Path: C:\WINDOWS\system32\crypt32.dll Access: query and write and read and execute Type: image Baseaddress: 77A80000 Size: 610304 Protection: read write Mapped to pid: own pid | success or wait | 558248922 |
Section loaded | Path: \KnownDlls\MSASN1.dll Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 559566163 |
Section loaded | Path: C:\WINDOWS\system32\msasn1.dll Access: query and write and read and execute Type: image Baseaddress: 77B20000 Size: 73728 Protection: read write Mapped to pid: own pid | success or wait | 559603485 |
Section loaded | Path: \KnownDlls\WININET.dll Access: write and read and execute Type: unknown Baseaddress: 3D930000 Size: 942080 Protection: read write Mapped to pid: own pid | success or wait | 559849186 |
Section loaded | Path: \KnownDlls\Normaliz.dll Access: write and read and execute Type: unknown Baseaddress: A40000 Size: 36864 Protection: read write Mapped to pid: own pid | conflicting addresses | 563856195 |
Memory attributes changed | PID: 1164 Path: C:\WINDOWS\system32\dllhost.exe Base: 7C90D76E Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 564704526 |
File opened | Path: C:\WINDOWS\system32\ntdll.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 564757282 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1d6e4a4 | success or wait | 564765911 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 4 Value: D0 00 00 00 | success or wait | 564774763 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@13ceab3 | success or wait | 564786117 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 20 Value: 4C 01 04 00 7D F2 00 4D 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 564794717 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 D0 07 00 00 3C 03 00 00 00 00 00 F8 20 01 00 00 10 00 00 00 90 07 00 00 00 90 7C 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 0A 00 00 00 00 00 00 20 0B 00 00 04 00 00 30 FD 0A 00 03 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 34 00 00 | success or wait | 564804250 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@54c2b8 | success or wait | 564813101 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 DA CE 07 00 00 10 00 00 00 D0 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 20 4A 00 00 00 E0 07 00 00 32 00 00 00 D4 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 78 BE 02 00 00 30 08 00 00 C0 02 00 | success or wait | 564842367 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@bbe73b | success or wait | 564874373 |
Section loaded | Path: C:\WINDOWS\system32\ntdll.dll Access: query and read Type: commit Baseaddress: A60000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 564883601 |
Memory attributes changed | PID: 1164 Path: C:\WINDOWS\system32\dllhost.exe Base: 7C90D76E Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 565789876 |
Memory attributes changed | PID: 1164 Path: C:\WINDOWS\system32\dllhost.exe Base: BAFCD70 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 565802676 |
Memory attributes changed | PID: 1164 Path: C:\WINDOWS\system32\dllhost.exe Base: 7C90DF1E Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 565811518 |
File opened | Path: C:\WINDOWS\system32\ntdll.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 565967305 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1d6e4a4 | success or wait | 565978363 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 4 Value: D0 00 00 00 | success or wait | 566009372 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@13ceab3 | success or wait | 566017045 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 20 Value: 4C 01 04 00 7D F2 00 4D 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 566045537 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 D0 07 00 00 3C 03 00 00 00 00 00 F8 20 01 00 00 10 00 00 00 90 07 00 00 00 90 7C 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 0A 00 00 00 00 00 00 20 0B 00 00 04 00 00 30 FD 0A 00 03 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 34 00 00 | success or wait | 566055986 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@54c2b8 | success or wait | 566098689 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 DA CE 07 00 00 10 00 00 00 D0 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 20 4A 00 00 00 E0 07 00 00 32 00 00 00 D4 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 78 BE 02 00 00 30 08 00 00 C0 02 00 | success or wait | 566212875 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@bbe73b | success or wait | 566271186 |
Section loaded | Path: C:\WINDOWS\system32\ntdll.dll Access: query and read Type: commit Baseaddress: A60000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 566527831 |
Memory attributes changed | PID: 1164 Path: C:\WINDOWS\system32\dllhost.exe Base: 7C90DF1E Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 566765514 |
Memory attributes changed | PID: 1164 Path: C:\WINDOWS\system32\dllhost.exe Base: BB17110 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 567685486 |
Memory attributes changed | PID: 1164 Path: C:\WINDOWS\system32\dllhost.exe Base: 7C90D2EE Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 567739951 |
File opened | Path: C:\WINDOWS\system32\ntdll.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 567836199 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1d6e4a4 | success or wait | 567851328 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 4 Value: D0 00 00 00 | success or wait | 567865726 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@13ceab3 | success or wait | 567873691 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 20 Value: 4C 01 04 00 7D F2 00 4D 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 567920245 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 D0 07 00 00 3C 03 00 00 00 00 00 F8 20 01 00 00 10 00 00 00 90 07 00 00 00 90 7C 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 0A 00 00 00 00 00 00 20 0B 00 00 04 00 00 30 FD 0A 00 03 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 34 00 00 | success or wait | 567934772 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@54c2b8 | success or wait | 568053266 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 DA CE 07 00 00 10 00 00 00 D0 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 20 4A 00 00 00 E0 07 00 00 32 00 00 00 D4 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 78 BE 02 00 00 30 08 00 00 C0 02 00 | success or wait | 568064480 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@bbe73b | success or wait | 568073374 |
Section loaded | Path: C:\WINDOWS\system32\ntdll.dll Access: query and read Type: commit Baseaddress: A60000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 568092011 |
Memory attributes changed | PID: 1164 Path: C:\WINDOWS\system32\dllhost.exe Base: 7C90D2EE Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 568214501 |
Memory attributes changed | PID: 1164 Path: C:\WINDOWS\system32\dllhost.exe Base: BB02A80 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 568225421 |
Memory attributes changed | PID: 1164 Path: C:\WINDOWS\system32\dllhost.exe Base: 7C90DB3E Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 568358787 |
File opened | Path: C:\WINDOWS\system32\ntdll.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 568622446 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1d6e4a4 | success or wait | 568631296 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 4 Value: D0 00 00 00 | success or wait | 568642071 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@13ceab3 | success or wait | 568652530 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 20 Value: 4C 01 04 00 7D F2 00 4D 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 568661199 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 D0 07 00 00 3C 03 00 00 00 00 00 F8 20 01 00 00 10 00 00 00 90 07 00 00 00 90 7C 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 0A 00 00 00 00 00 00 20 0B 00 00 04 00 00 30 FD 0A 00 03 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 34 00 00 | success or wait | 568683963 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@54c2b8 | success or wait | 568691549 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 DA CE 07 00 00 10 00 00 00 D0 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 20 4A 00 00 00 E0 07 00 00 32 00 00 00 D4 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 78 BE 02 00 00 30 08 00 00 C0 02 00 | success or wait | 568705230 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@bbe73b | success or wait | 568714507 |
Section loaded | Path: C:\WINDOWS\system32\ntdll.dll Access: query and read Type: commit Baseaddress: A60000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 568757189 |
Memory attributes changed | PID: 1164 Path: C:\WINDOWS\system32\dllhost.exe Base: 7C90DB3E Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 568873321 |
Memory attributes changed | PID: 1164 Path: C:\WINDOWS\system32\dllhost.exe Base: BB169A8 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 568888839 |
Memory attributes changed | PID: 1164 Path: C:\WINDOWS\system32\dllhost.exe Base: 7C91632D Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 568943375 |
File opened | Path: C:\WINDOWS\system32\ntdll.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 569044227 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1d6e4a4 | success or wait | 569157683 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 4 Value: D0 00 00 00 | success or wait | 569168854 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@13ceab3 | success or wait | 569176648 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 20 Value: 4C 01 04 00 7D F2 00 4D 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 569186249 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 D0 07 00 00 3C 03 00 00 00 00 00 F8 20 01 00 00 10 00 00 00 90 07 00 00 00 90 7C 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 0A 00 00 00 00 00 00 20 0B 00 00 04 00 00 30 FD 0A 00 03 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 34 00 00 | success or wait | 569200150 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@54c2b8 | success or wait | 569208199 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 DA CE 07 00 00 10 00 00 00 D0 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 20 4A 00 00 00 E0 07 00 00 32 00 00 00 D4 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 78 BE 02 00 00 30 08 00 00 C0 02 00 | success or wait | 569215546 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@bbe73b | success or wait | 569225690 |
Section loaded | Path: C:\WINDOWS\system32\ntdll.dll Access: query and read Type: commit Baseaddress: A60000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 569254307 |
Memory attributes changed | PID: 1164 Path: C:\WINDOWS\system32\dllhost.exe Base: 7C91632D Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 569329192 |
Memory attributes changed | PID: 1164 Path: C:\WINDOWS\system32\dllhost.exe Base: BB031F0 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 569343219 |
Memory attributes changed | PID: 1164 Path: C:\WINDOWS\system32\dllhost.exe Base: 7E418BF6 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 569411266 |
File opened | Path: C:\WINDOWS\system32\USER32.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 569779786 |
File other op | Path: C:\WINDOWS\system32\user32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@4a0a42 | success or wait | 569795003 |
File read | Path: C:\WINDOWS\system32\user32.dll Offset: unknown Length: 4 Value: D8 00 00 00 | success or wait | 570230983 |
File other op | Path: C:\WINDOWS\system32\user32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@e785aa | success or wait | 570244329 |
File read | Path: C:\WINDOWS\system32\user32.dll Offset: unknown Length: 20 Value: 4C 01 04 00 1B A1 02 48 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 570256692 |
File read | Path: C:\WINDOWS\system32\user32.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 F4 05 00 00 E2 02 00 00 00 00 00 17 B2 00 00 00 10 00 00 00 B0 05 00 00 00 41 7E 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 00 00 00 00 00 00 00 10 09 00 00 04 00 00 76 FC 08 00 02 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 39 00 00 | success or wait | 570264987 |
File other op | Path: C:\WINDOWS\system32\user32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1f899e9 | success or wait | 570272846 |
File read | Path: C:\WINDOWS\system32\user32.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 83 F2 05 00 00 10 00 00 00 F4 05 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 80 11 00 00 00 10 06 00 00 0C 00 00 00 F8 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 88 A0 02 00 00 30 06 00 00 A2 02 00 | success or wait | 570286062 |
File other op | Path: C:\WINDOWS\system32\user32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@40a47f | success or wait | 570307429 |
Section loaded | Path: C:\WINDOWS\system32\user32.dll Access: query and read Type: commit Baseaddress: A60000 Size: 57344 Protection: readonly Mapped to pid: own pid | success or wait | 570315923 |
Memory attributes changed | PID: 1164 Path: C:\WINDOWS\system32\dllhost.exe Base: 7E418BF6 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 570668078 |
Memory attributes changed | PID: 1164 Path: C:\WINDOWS\system32\dllhost.exe Base: BB02140 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 570781472 |
File opened | Path: C:\skhfushjflw\config.bin Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: normal Content Overwritten: true | success or wait | 570892154 |
File read | Path: C:\skhfushjflw\config.bin Offset: unknown Length: 74019 Value: 50 5F A6 6E 46 82 4F 8B 57 93 A9 9E 12 94 50 94 50 94 50 94 50 94 65 A2 66 A2 68 AC 79 BD E4 97 C1 E3 88 2B 9D C5 E2 92 23 B3 04 C0 03 7C B1 2A B3 BE CE AD 37 FD 39 FD 3B 6B 1F 81 21 06 02 04 95 44 7B 58 4F 33 E4 CF A8 3F D4 7E 21 05 7D B3 67 3E 96 B1 22 34 C2 F2 16 A5 36 26 B2 39 84 48 E5 22 EE 43 | success or wait | 570911811 |
Memory attributes changed | PID: 1164 Path: C:\WINDOWS\system32\dllhost.exe Base: 3D949088 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 571071477 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 571104664 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1efa79f | success or wait | 571107845 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 571111922 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@e5d155 | success or wait | 571115787 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 571118694 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 571122295 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@125b4d | success or wait | 571125458 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 571128696 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1284f8e | success or wait | 571132344 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: A60000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 571137536 |
Memory attributes changed | PID: 1164 Path: C:\WINDOWS\system32\dllhost.exe Base: 3D949088 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 571195472 |
Memory attributes changed | PID: 1164 Path: C:\WINDOWS\system32\dllhost.exe Base: BB17598 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 571203560 |
Memory attributes changed | PID: 1164 Path: C:\WINDOWS\system32\dllhost.exe Base: 3D95EE89 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 571210871 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 571287288 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1efa79f | success or wait | 571881470 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 571890757 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@e5d155 | success or wait | 571895992 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 571901790 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 571907013 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@125b4d | success or wait | 571910993 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 571915836 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1284f8e | success or wait | 571931836 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: A60000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 571934669 |
Memory attributes changed | PID: 1164 Path: C:\WINDOWS\system32\dllhost.exe Base: 3D95EE89 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 571995188 |
Memory attributes changed | PID: 1164 Path: C:\WINDOWS\system32\dllhost.exe Base: BB16B68 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 571997817 |
Memory attributes changed | PID: 1164 Path: C:\WINDOWS\system32\dllhost.exe Base: 3D94FABE Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 572013468 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 572060062 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1efa79f | success or wait | 572077076 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 572079929 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@e5d155 | success or wait | 572082693 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 572086567 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 572089710 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@125b4d | success or wait | 572093107 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 572097188 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1284f8e | success or wait | 572103812 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: A60000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 572106897 |
Memory attributes changed | PID: 1164 Path: C:\WINDOWS\system32\dllhost.exe Base: 3D94FABE Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 572147498 |
Memory attributes changed | PID: 1164 Path: C:\WINDOWS\system32\dllhost.exe Base: BAFC6D0 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 572149802 |
Memory attributes changed | PID: 1164 Path: C:\WINDOWS\system32\dllhost.exe Base: 3D9A608E Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 572188494 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 572195990 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1efa79f | success or wait | 572198566 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 572201280 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@e5d155 | success or wait | 572206187 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 572211762 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 572214062 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@125b4d | success or wait | 572216699 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 572218801 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1284f8e | success or wait | 572221707 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: A60000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 572225258 |
Memory attributes changed | PID: 1164 Path: C:\WINDOWS\system32\dllhost.exe Base: 3D9A608E Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 572617641 |
Memory attributes changed | PID: 1164 Path: C:\WINDOWS\system32\dllhost.exe Base: BB05EA0 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 572620384 |
File opened | Path: C:\skhfushjflw\config.bin Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: normal Content Overwritten: true | success or wait | 572622919 |
File read | Path: C:\skhfushjflw\config.bin Offset: unknown Length: 74019 Value: 50 5F A6 6E 46 82 4F 8B 57 93 A9 9E 12 94 50 94 50 94 50 94 50 94 65 A2 66 A2 68 AC 79 BD E4 97 C1 E3 88 2B 9D C5 E2 92 23 B3 04 C0 03 7C B1 2A B3 BE CE AD 37 FD 39 FD 3B 6B 1F 81 21 06 02 04 95 44 7B 58 4F 33 E4 CF A8 3F D4 7E 21 05 7D B3 67 3E 96 B1 22 34 C2 F2 16 A5 36 26 B2 39 84 48 E5 22 EE 43 | success or wait | 572637753 |
Memory attributes changed | PID: 1164 Path: C:\WINDOWS\system32\dllhost.exe Base: 3D94D508 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 573056976 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 573100604 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1efa79f | success or wait | 573103075 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 573106875 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@e5d155 | success or wait | 573109400 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 573111778 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 573128038 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@125b4d | success or wait | 573130249 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 573133183 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1284f8e | success or wait | 573136823 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: A60000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 573138662 |
Memory attributes changed | PID: 1164 Path: C:\WINDOWS\system32\dllhost.exe Base: 3D94D508 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 573205859 |
Memory attributes changed | PID: 1164 Path: C:\WINDOWS\system32\dllhost.exe Base: BB06620 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 573208233 |
Memory attributes changed | PID: 1164 Path: C:\WINDOWS\system32\dllhost.exe Base: 3D94CF4E Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 573210986 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 573219538 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1efa79f | success or wait | 573257307 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 573260490 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@e5d155 | success or wait | 573265701 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 573270575 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 573274376 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@125b4d | success or wait | 573277028 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 573278993 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1284f8e | success or wait | 573283538 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: A60000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 573288458 |
Memory attributes changed | PID: 1164 Path: C:\WINDOWS\system32\dllhost.exe Base: 3D94CF4E Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 573375695 |
Memory attributes changed | PID: 1164 Path: C:\WINDOWS\system32\dllhost.exe Base: BB17758 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 573384007 |
Memory attributes changed | PID: 1164 Path: C:\WINDOWS\system32\dllhost.exe Base: 3D94878D Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 573391618 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 573412545 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1efa79f | success or wait | 573418961 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 573427502 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@e5d155 | success or wait | 573434329 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 573440821 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 573467665 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@125b4d | success or wait | 573474377 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 573480464 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1284f8e | success or wait | 573489570 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: A60000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 573494930 |
Memory attributes changed | PID: 1164 Path: C:\WINDOWS\system32\dllhost.exe Base: 3D94878D Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 573605384 |
Memory attributes changed | PID: 1164 Path: C:\WINDOWS\system32\dllhost.exe Base: BB033B0 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 573613236 |
Memory attributes changed | PID: 1164 Path: C:\WINDOWS\system32\dllhost.exe Base: 3D940049 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 573618198 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 573637085 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1efa79f | success or wait | 573686190 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 574474164 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@e5d155 | success or wait | 574484748 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 574490711 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 574496181 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@125b4d | success or wait | 574503992 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 574510217 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1284f8e | success or wait | 574516366 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: A60000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 574521420 |
Memory attributes changed | PID: 1164 Path: C:\WINDOWS\system32\dllhost.exe Base: 3D940049 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 574617307 |
Memory attributes changed | PID: 1164 Path: C:\WINDOWS\system32\dllhost.exe Base: BB17AA8 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 574623333 |
Memory attributes changed | PID: 1164 Path: C:\WINDOWS\system32\dllhost.exe Base: 3D94BF83 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 574628541 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 574648788 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1efa79f | success or wait | 574654813 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 574662986 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@e5d155 | success or wait | 574669448 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 574800874 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 574807511 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@125b4d | success or wait | 574827782 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 574833164 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1284f8e | success or wait | 574838908 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: A60000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 574845045 |
Memory attributes changed | PID: 1164 Path: C:\WINDOWS\system32\dllhost.exe Base: 3D94BF83 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 574954794 |
Memory attributes changed | PID: 1164 Path: C:\WINDOWS\system32\dllhost.exe Base: BB02C30 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 574960646 |
Memory attributes changed | PID: 1164 Path: C:\WINDOWS\system32\dllhost.exe Base: 3D94654B Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 574966683 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 574984028 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1efa79f | success or wait | 574990372 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 574995372 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@e5d155 | success or wait | 575001114 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 575005403 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 575009953 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@125b4d | success or wait | 575015100 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 575026677 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1284f8e | success or wait | 575031808 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: A60000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 575036998 |
Memory attributes changed | PID: 1164 Path: C:\WINDOWS\system32\dllhost.exe Base: 3D94654B Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 575097655 |
Memory attributes changed | PID: 1164 Path: C:\WINDOWS\system32\dllhost.exe Base: BB035C0 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 575100847 |
Memory attributes changed | PID: 1164 Path: C:\WINDOWS\system32\dllhost.exe Base: 3D963381 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 575104410 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 575120476 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1efa79f | success or wait | 575127803 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 575132106 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@e5d155 | success or wait | 575136976 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 575142716 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 575147108 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@125b4d | success or wait | 575153587 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 575159052 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1284f8e | success or wait | 575167538 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: A60000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 575172709 |
Memory attributes changed | PID: 1164 Path: C:\WINDOWS\system32\dllhost.exe Base: 3D963381 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 575241541 |
Memory attributes changed | PID: 1164 Path: C:\WINDOWS\system32\dllhost.exe Base: BAFCB48 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 575250102 |
Memory attributes changed | PID: 1164 Path: C:\WINDOWS\system32\dllhost.exe Base: 71AB4C27 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 575260145 |
File opened | Path: C:\WINDOWS\system32\WS2_32.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 575275376 |
File other op | Path: C:\WINDOWS\system32\ws2_32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@17f2dac | success or wait | 575283814 |
File read | Path: C:\WINDOWS\system32\ws2_32.dll Offset: unknown Length: 4 Value: F0 00 00 00 | success or wait | 575288268 |
File other op | Path: C:\WINDOWS\system32\ws2_32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@8f7e20 | success or wait | 575293459 |
File read | Path: C:\WINDOWS\system32\ws2_32.dll Offset: unknown Length: 20 Value: 4C 01 04 00 63 A1 02 48 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 575303690 |
File read | Path: C:\WINDOWS\system32\ws2_32.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 22 01 00 00 1C 00 00 00 00 00 00 73 12 00 00 00 10 00 00 00 20 01 00 00 00 AB 71 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 0A 00 00 00 00 00 00 70 01 00 00 04 00 00 20 F0 01 00 03 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 04 14 00 00 | success or wait | 575306467 |
File other op | Path: C:\WINDOWS\system32\ws2_32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@a17378 | success or wait | 575312024 |
File read | Path: C:\WINDOWS\system32\ws2_32.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 53 21 01 00 00 10 00 00 00 22 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 14 09 00 00 00 40 01 00 00 0A 00 00 00 26 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 F8 03 00 00 00 50 01 00 00 04 00 00 | success or wait | 575316497 |
File other op | Path: C:\WINDOWS\system32\ws2_32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1a4071a | success or wait | 575319791 |
Section loaded | Path: C:\WINDOWS\system32\ws2_32.dll Access: query and read Type: commit Baseaddress: A60000 Size: 20480 Protection: readonly Mapped to pid: own pid | success or wait | 575324769 |
Memory attributes changed | PID: 1164 Path: C:\WINDOWS\system32\dllhost.exe Base: 71AB4C27 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 575382278 |
File opened | Path: C:\WINDOWS\system32\ADVAPI32.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 575407877 |
File other op | Path: C:\WINDOWS\system32\advapi32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1ce4608 | success or wait | 575415086 |
File read | Path: C:\WINDOWS\system32\advapi32.dll Offset: unknown Length: 4 Value: F0 00 00 00 | success or wait | 575418917 |
File other op | Path: C:\WINDOWS\system32\advapi32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@157f3a4 | success or wait | 575424649 |
File read | Path: C:\WINDOWS\system32\advapi32.dll Offset: unknown Length: 20 Value: 4C 01 04 00 48 1D 90 49 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 575433975 |
File read | Path: C:\WINDOWS\system32\advapi32.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 46 07 00 00 3E 02 00 00 00 00 00 0B 71 00 00 00 10 00 00 00 20 07 00 00 00 DD 77 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 00 00 00 00 00 00 00 B0 09 00 00 04 00 00 B8 5B 0A 00 03 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 A4 16 00 00 | success or wait | 575439205 |
File other op | Path: C:\WINDOWS\system32\advapi32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@13cb165 | success or wait | 575446123 |
File read | Path: C:\WINDOWS\system32\advapi32.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 C9 45 07 00 00 10 00 00 00 46 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 28 46 00 00 00 60 07 00 00 2C 00 00 00 4A 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 80 A9 01 00 00 B0 07 00 00 AA 01 00 | success or wait | 575650592 |
File other op | Path: C:\WINDOWS\system32\advapi32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1a27d4b | success or wait | 575664042 |
Section loaded | Path: C:\WINDOWS\system32\advapi32.dll Access: query and read Type: commit Baseaddress: A60000 Size: 28672 Protection: readonly Mapped to pid: own pid | success or wait | 576037991 |
File opened | Path: C:\WINDOWS\system32\CRYPT32.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 576775719 |
File other op | Path: C:\WINDOWS\system32\crypt32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@cff5ed | success or wait | 576781956 |
File read | Path: C:\WINDOWS\system32\crypt32.dll Offset: unknown Length: 4 Value: F0 00 00 00 | success or wait | 576787733 |
File other op | Path: C:\WINDOWS\system32\crypt32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@11a9f20 | success or wait | 576798111 |
File read | Path: C:\WINDOWS\system32\crypt32.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D7 A0 02 48 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 576990778 |
File read | Path: C:\WINDOWS\system32\crypt32.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 44 08 00 00 DC 00 00 00 00 00 00 32 16 00 00 00 10 00 00 00 20 08 00 00 00 A8 77 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 00 00 00 00 00 00 00 50 09 00 00 04 00 00 30 C5 09 00 02 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 9C 1A 00 00 | success or wait | 576995815 |
File other op | Path: C:\WINDOWS\system32\crypt32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@c4f498 | success or wait | 577181310 |
File read | Path: C:\WINDOWS\system32\crypt32.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 C4 43 08 00 00 10 00 00 00 44 08 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 E8 23 00 00 00 60 08 00 00 24 00 00 00 48 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 50 67 00 00 00 90 08 00 00 68 00 00 | success or wait | 577197503 |
File other op | Path: C:\WINDOWS\system32\crypt32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@964f8e | success or wait | 577200914 |
Section loaded | Path: C:\WINDOWS\system32\crypt32.dll Access: query and read Type: commit Baseaddress: A60000 Size: 77824 Protection: readonly Mapped to pid: own pid | success or wait | 577207491 |
Mutant created | Name: \BaseNamedObjects\WTFGQ7AIWawyMYWWRAk3SWXkgj39MdG | object name exists | 577297930 |
Thread created | PID: 1164 TID: 4092 EIP: 7C8106F9 Imagepath: C:\WINDOWS\system32\dllhost.exe | success or wait | 577331055 |
Thread resumed | TID: 4092 PID: 1164 Path: C:\WINDOWS\system32\dllhost.exe | success or wait | 577518980 |
File opened | Path: \pipe\globpluginspipe Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: none Content Overwritten: true | pipe not available | 578395437 |
Thread created | PID: 1164 TID: 1808 EIP: 7C8106F9 Imagepath: C:\WINDOWS\system32\dllhost.exe | success or wait | 578446544 |
Thread resumed | TID: 1808 PID: 1164 Path: C:\WINDOWS\system32\dllhost.exe | success or wait | 578453945 |
Thread delayed | Time: 0 TID: 1808 | success or wait | 578460092 |
File opened | Path: \pipe\globpluginspipe Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: none Content Overwritten: true | success or wait | 578490642 |
File read | Path: \globpluginspipe Offset: unknown Length: 4 Value: 41 0C 02 00 | success or wait | 578718161 |
Thread delayed | Time: 0 TID: 1808 | success or wait | 580086361 |
File read | Path: \globpluginspipe Offset: unknown Length: 134209 Value: 67 6C 6F 62 70 6C 75 67 69 6E 73 00 04 00 00 00 72 73 74 5F 31 5F 31 00 00 0C 02 00 4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF 00 00 B8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 E8 00 00 00 0E 1F BA 0E 00 B4 09 CD | success or wait | 580087525 |
Memory allocated | PID: 1164 Path: C:\WINDOWS\system32\dllhost.exe Base: 980000 Length: B4FF2C Allocation Type: unknown Protection: page execute and read and write | success or wait | 580305670 |
Memory allocated | PID: 1164 Path: C:\WINDOWS\system32\dllhost.exe Base: A60000 Length: B4FE78 Allocation Type: unknown Protection: page read and write | success or wait | 580503807 |
Memory allocated | PID: 1164 Path: C:\WINDOWS\system32\dllhost.exe Base: A60000 Length: B4FE7C Allocation Type: unknown Protection: page read and write | success or wait | 582416293 |
Thread delayed | Time: 0 TID: 1808 | success or wait | 582420293 |
Memory allocated | PID: 1164 Path: C:\WINDOWS\system32\dllhost.exe Base: A61000 Length: B4FB58 Allocation Type: unknown Protection: page read and write | success or wait | 582424326 |
Process information queried | PID: 1164 Info Class: Cookie | success or wait | 582605547 |
Process information queried | PID: 1164 Info Class: Cookie | success or wait | 582818593 |
Process information queried | PID: 1164 Info Class: Cookie | success or wait | 582824286 |
Process information queried | PID: 1164 Info Class: Cookie | success or wait | 582832379 |
Process information queried | PID: 1164 Info Class: Cookie | success or wait | 582844892 |
Process information queried | PID: 1164 Info Class: Cookie | success or wait | 582851245 |
Process information queried | PID: 1164 Info Class: Cookie | success or wait | 582857461 |
Process information queried | PID: 1164 Info Class: Cookie | success or wait | 582865368 |
Process information queried | PID: 1164 Info Class: Cookie | success or wait | 582869802 |
Process information queried | PID: 1164 Info Class: Cookie | success or wait | 583801283 |
Thread delayed | Time: 0 TID: 1808 | success or wait | 583831923 |
Process information queried | PID: 1164 Info Class: Cookie | success or wait | 583833196 |
Process information queried | PID: 1164 Info Class: Cookie | success or wait | 584019647 |
Process information queried | PID: 1164 Info Class: Cookie | success or wait | 584032165 |
Process information queried | PID: 1164 Info Class: Cookie | success or wait | 584042974 |
Process information queried | PID: 1164 Info Class: Cookie | success or wait | 584051277 |
Process information queried | PID: 1164 Info Class: Cookie | success or wait | 584057636 |
Process information queried | PID: 1164 Info Class: Cookie | success or wait | 584062656 |
Process information queried | PID: 1164 Info Class: Cookie | success or wait | 584069940 |
Process information queried | PID: 1164 Info Class: Cookie | success or wait | 584075355 |
Process information queried | PID: 1164 Info Class: Cookie | success or wait | 584078531 |
Process information queried | PID: 1164 Info Class: Cookie | success or wait | 584083559 |
Process information queried | PID: 1164 Info Class: Cookie | success or wait | 584087962 |
Process information queried | PID: 1164 Info Class: Cookie | success or wait | 584091286 |
Process information queried | PID: 1164 Info Class: Cookie | success or wait | 584095565 |
Process information queried | PID: 1164 Info Class: Cookie | success or wait | 584100841 |
Process information queried | PID: 1164 Info Class: Cookie | success or wait | 584290102 |
Process information queried | PID: 1164 Info Class: Cookie | success or wait | 584296537 |
Process information queried | PID: 1164 Info Class: Cookie | success or wait | 585035221 |
Thread delayed | Time: 0 TID: 1808 | success or wait | 585038402 |
Process information queried | PID: 1164 Info Class: Cookie | success or wait | 585047214 |
Process information queried | PID: 1164 Info Class: Cookie | success or wait | 585057642 |
Process information queried | PID: 1164 Info Class: Cookie | success or wait | 585071941 |
Process information queried | PID: 1164 Info Class: Cookie | success or wait | 585075133 |
Process information queried | PID: 1164 Info Class: Cookie | success or wait | 585080782 |
Process information queried | PID: 1164 Info Class: Cookie | success or wait | 585083995 |
Process information queried | PID: 1164 Info Class: Cookie | success or wait | 585086469 |
Process information queried | PID: 1164 Info Class: Cookie | success or wait | 585089102 |
Process information queried | PID: 1164 Info Class: Cookie | success or wait | 585091751 |
Process information queried | PID: 1164 Info Class: Cookie | success or wait | 585094523 |
Process information queried | PID: 1164 Info Class: Cookie | success or wait | 585097293 |
Process information queried | PID: 1164 Info Class: Cookie | success or wait | 585101154 |
Process information queried | PID: 1164 Info Class: Cookie | success or wait | 585103836 |
Process information queried | PID: 1164 Info Class: Cookie | success or wait | 585106280 |
Process information queried | PID: 1164 Info Class: Cookie | success or wait | 585110550 |
Process information queried | PID: 1164 Info Class: Cookie | success or wait | 585113225 |
Process information queried | PID: 1164 Info Class: Cookie | success or wait | 585115836 |
Process information queried | PID: 1164 Info Class: Cookie | success or wait | 585122510 |
Process information queried | PID: 1164 Info Class: Cookie | success or wait | 585125119 |
Process information queried | PID: 1164 Info Class: Cookie | success or wait | 585127734 |
Process information queried | PID: 1164 Info Class: Cookie | success or wait | 585132248 |
Process information queried | PID: 1164 Info Class: Cookie | success or wait | 585134812 |
Thread delayed | Time: 0 TID: 1808 | success or wait | 586636578 |
Thread created | PID: 1164 TID: 2028 EIP: 7C8106F9 Imagepath: C:\WINDOWS\system32\dllhost.exe | success or wait | 586904135 |
Thread resumed | TID: 2028 PID: 1164 Path: C:\WINDOWS\system32\dllhost.exe | success or wait | 586905114 |
Thread created | PID: 1164 TID: 1976 EIP: 7C8106F9 Imagepath: C:\WINDOWS\system32\dllhost.exe | success or wait | 586908711 |
Thread resumed | TID: 1976 PID: 1164 Path: C:\WINDOWS\system32\dllhost.exe | success or wait | 586909576 |
Thread delayed | Time: 0 TID: 1808 | success or wait | 587747719 |
Thread delayed | Time: 0 TID: 1808 | success or wait | 588869233 |
Thread delayed | Time: 0 TID: 1808 | success or wait | 589987888 |
Thread delayed | Time: 0 TID: 1808 | success or wait | 591106774 |
Thread delayed | Time: 0 TID: 1808 | success or wait | 592225131 |
Thread delayed | Time: 0 TID: 1808 | success or wait | 593343653 |
Thread delayed | Time: 0 TID: 1808 | success or wait | 594648512 |
Thread delayed | Time: 0 TID: 1808 | success or wait | 596042607 |
Thread delayed | Time: 0 TID: 1808 | success or wait | 597144156 |
Thread delayed | Time: 0 TID: 1808 | success or wait | 598274962 |
Thread delayed | Time: 0 TID: 1808 | success or wait | 599578610 |
Thread delayed | Time: 0 TID: 1808 | success or wait | 600673014 |
Thread delayed | Time: 0 TID: 1808 | success or wait | 601794406 |
Thread delayed | Time: 0 TID: 1808 | success or wait | 602915052 |
Thread delayed | Time: 0 TID: 1808 | success or wait | 604211168 |
Thread delayed | Time: 0 TID: 1808 | success or wait | 605418312 |
Thread delayed | Time: 0 TID: 1808 | success or wait | 606488439 |
Thread delayed | Time: 0 TID: 1808 | success or wait | 607606394 |
Thread delayed | Time: 0 TID: 1808 | success or wait | 608745195 |
Thread delayed | Time: 0 TID: 1808 | success or wait | 609843053 |
Thread delayed | Time: 0 TID: 1808 | success or wait | 610959353 |
Thread delayed | Time: 0 TID: 1808 | success or wait | 612080217 |
Thread delayed | Time: 0 TID: 1808 | success or wait | 613199700 |
Thread delayed | Time: 0 TID: 1808 | success or wait | 614320615 |
Thread delayed | Time: 0 TID: 1808 | success or wait | 615436656 |
Thread delayed | Time: 0 TID: 1808 | success or wait | 616555061 |
Thread delayed | Time: 0 TID: 1808 | success or wait | 617676676 |
Thread delayed | Time: 0 TID: 1808 | success or wait | 618792419 |
Thread delayed | Time: 0 TID: 1808 | success or wait | 619918968 |
Thread delayed | Time: 0 TID: 1808 | success or wait | 621029444 |
Thread delayed | Time: 0 TID: 1808 | success or wait | 622148698 |
Thread delayed | Time: 0 TID: 1808 | success or wait | 623266683 |
Thread delayed | Time: 0 TID: 1808 | success or wait | 624387981 |
Thread delayed | Time: 0 TID: 1808 | success or wait | 625503962 |
Thread delayed | Time: 0 TID: 1808 | success or wait | 626625641 |
Thread delayed | Time: 0 TID: 1808 | success or wait | 627741312 |
Thread delayed | Time: 0 TID: 1808 | success or wait | 628864084 |
Thread delayed | Time: 0 TID: 1808 | success or wait | 629979135 |
Thread delayed | Time: 0 TID: 1808 | success or wait | 631097400 |
Thread delayed | Time: 0 TID: 1808 | success or wait | 632215513 |
Thread delayed | Time: 0 TID: 1808 | success or wait | 633334219 |
Thread delayed | Time: 0 TID: 1808 | success or wait | 634462288 |
Thread delayed | Time: 0 TID: 1808 | success or wait | 635571472 |
Thread delayed | Time: 0 TID: 1808 | success or wait | 636690082 |
Mutant created | Name: \BaseNamedObjects\ofjwkwufhdjfgki | object name exists | 700912099 |
File opened | Path: \pipe\globpluginspipe Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: none Content Overwritten: true | pipe not available | 700933827 |
File opened | Path: \pipe\globpluginspipe Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: none Content Overwritten: true | pipe not available | 701097730 |
File opened | Path: \pipe\globpluginspipe Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: none Content Overwritten: true | pipe not available | 701547419 |
File opened | Path: \pipe\globpluginspipe Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: none Content Overwritten: true | success or wait | 702016554 |
File read | Path: \globpluginspipe Offset: unknown Length: 4 Value: 41 0C 02 00 | success or wait | 702067169 |
File read | Path: \globpluginspipe Offset: unknown Length: 134209 Value: 67 6C 6F 62 70 6C 75 67 69 6E 73 00 04 00 00 00 72 73 74 5F 31 5F 31 00 00 0C 02 00 4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF 00 00 B8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 E8 00 00 00 0E 1F BA 0E 00 B4 09 CD | success or wait | 702529820 |
Mutant created | Name: \BaseNamedObjects\ofjwkwufhdjfgki | object name exists | 820691327 |
File opened | Path: \pipe\globpluginspipe Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: none Content Overwritten: true | pipe not available | 820694422 |
File opened | Path: \pipe\globpluginspipe Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: none Content Overwritten: true | pipe not available | 821154619 |
File opened | Path: \pipe\globpluginspipe Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: none Content Overwritten: true | pipe not available | 822139730 |
File opened | Path: \pipe\globpluginspipe Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: none Content Overwritten: true | pipe not available | 823108935 |
File opened | Path: \pipe\globpluginspipe Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: none Content Overwritten: true | pipe not available | 823507160 |
Sections | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
File Activities:
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Section Activities:
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Registry Activities:
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Mutant Activities:
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Process Activities:
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Thread Activities:
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Memory Activities:
|
Chronological sections | |||
Operation | Data | Completion | Time |
Section loaded | Path: \KnownDlls\CRYPT32.dll Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 559864958 |
Section loaded | Path: C:\WINDOWS\system32\crypt32.dll Access: query and write and read and execute Type: image Baseaddress: 77A80000 Size: 610304 Protection: read write Mapped to pid: own pid | success or wait | 559903573 |
Section loaded | Path: \KnownDlls\MSASN1.dll Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 563844570 |
Section loaded | Path: C:\WINDOWS\system32\msasn1.dll Access: query and write and read and execute Type: image Baseaddress: 77B20000 Size: 73728 Protection: read write Mapped to pid: own pid | success or wait | 563852054 |
Section loaded | Path: \KnownDlls\WININET.dll Access: write and read and execute Type: unknown Baseaddress: 3D930000 Size: 942080 Protection: read write Mapped to pid: own pid | success or wait | 564161675 |
Section loaded | Path: \KnownDlls\Normaliz.dll Access: write and read and execute Type: unknown Baseaddress: EF0000 Size: 36864 Protection: read write Mapped to pid: own pid | conflicting addresses | 564300569 |
Section loaded | Path: \KnownDlls\urlmon.dll Access: write and read and execute Type: unknown Baseaddress: 78130000 Size: 1257472 Protection: read write Mapped to pid: own pid | success or wait | 564769539 |
Section loaded | Path: \KnownDlls\iertutil.dll Access: write and read and execute Type: unknown Baseaddress: 3DFD0000 Size: 2002944 Protection: read write Mapped to pid: own pid | success or wait | 565976801 |
Memory attributes changed | PID: 376 Path: C:\WINDOWS\system32\msdtc.exe Base: 7C90D76E Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 568871174 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@15fe9c3 | success or wait | 569015837 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 4 Value: D0 00 00 00 | success or wait | 569046248 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1ec1774 | success or wait | 569159880 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 20 Value: 4C 01 04 00 7D F2 00 4D 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 569170093 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 D0 07 00 00 3C 03 00 00 00 00 00 F8 20 01 00 00 10 00 00 00 90 07 00 00 00 90 7C 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 0A 00 00 00 00 00 00 20 0B 00 00 04 00 00 30 FD 0A 00 03 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 34 00 00 | success or wait | 569179745 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@f7d41f | success or wait | 569189390 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 DA CE 07 00 00 10 00 00 00 D0 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 20 4A 00 00 00 E0 07 00 00 32 00 00 00 D4 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 78 BE 02 00 00 30 08 00 00 C0 02 00 | success or wait | 569197660 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@875750 | success or wait | 569206330 |
Section loaded | Path: C:\WINDOWS\system32\ntdll.dll Access: query and read Type: commit Baseaddress: F10000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 569213790 |
Memory attributes changed | PID: 376 Path: C:\WINDOWS\system32\msdtc.exe Base: 7C90D76E Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 569312514 |
Memory attributes changed | PID: 376 Path: C:\WINDOWS\system32\msdtc.exe Base: BAFCD70 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 569321390 |
Memory attributes changed | PID: 376 Path: C:\WINDOWS\system32\msdtc.exe Base: 7C90DF1E Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 569334606 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@15fe9c3 | success or wait | 569765849 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 4 Value: D0 00 00 00 | success or wait | 569790689 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1ec1774 | success or wait | 569805208 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 20 Value: 4C 01 04 00 7D F2 00 4D 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 570238415 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 D0 07 00 00 3C 03 00 00 00 00 00 F8 20 01 00 00 10 00 00 00 90 07 00 00 00 90 7C 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 0A 00 00 00 00 00 00 20 0B 00 00 04 00 00 30 FD 0A 00 03 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 34 00 00 | success or wait | 570251182 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@f7d41f | success or wait | 570262159 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 DA CE 07 00 00 10 00 00 00 D0 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 20 4A 00 00 00 E0 07 00 00 32 00 00 00 D4 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 78 BE 02 00 00 30 08 00 00 C0 02 00 | success or wait | 570269983 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@875750 | success or wait | 570279149 |
Section loaded | Path: C:\WINDOWS\system32\ntdll.dll Access: query and read Type: commit Baseaddress: F10000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 570292567 |
Memory attributes changed | PID: 376 Path: C:\WINDOWS\system32\msdtc.exe Base: 7C90DF1E Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 570525815 |
Memory attributes changed | PID: 376 Path: C:\WINDOWS\system32\msdtc.exe Base: BB17110 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 570663751 |
Memory attributes changed | PID: 376 Path: C:\WINDOWS\system32\msdtc.exe Base: 7C90D2EE Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 570674963 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@15fe9c3 | success or wait | 571021420 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 4 Value: D0 00 00 00 | success or wait | 571034052 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1ec1774 | success or wait | 571040019 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 20 Value: 4C 01 04 00 7D F2 00 4D 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 571045398 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 D0 07 00 00 3C 03 00 00 00 00 00 F8 20 01 00 00 10 00 00 00 90 07 00 00 00 90 7C 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 0A 00 00 00 00 00 00 20 0B 00 00 04 00 00 30 FD 0A 00 03 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 34 00 00 | success or wait | 571052144 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@f7d41f | success or wait | 571063283 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 DA CE 07 00 00 10 00 00 00 D0 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 20 4A 00 00 00 E0 07 00 00 32 00 00 00 D4 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 78 BE 02 00 00 30 08 00 00 C0 02 00 | success or wait | 571067080 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@875750 | success or wait | 571071068 |
Section loaded | Path: C:\WINDOWS\system32\ntdll.dll Access: query and read Type: commit Baseaddress: F10000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 571074847 |
Memory attributes changed | PID: 376 Path: C:\WINDOWS\system32\msdtc.exe Base: 7C90D2EE Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 571120984 |
Memory attributes changed | PID: 376 Path: C:\WINDOWS\system32\msdtc.exe Base: BB02A80 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 571124419 |
Memory attributes changed | PID: 376 Path: C:\WINDOWS\system32\msdtc.exe Base: 7C90DB3E Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 571127956 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@15fe9c3 | success or wait | 571153385 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 4 Value: D0 00 00 00 | success or wait | 571161100 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1ec1774 | success or wait | 571168660 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 20 Value: 4C 01 04 00 7D F2 00 4D 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 571176613 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 D0 07 00 00 3C 03 00 00 00 00 00 F8 20 01 00 00 10 00 00 00 90 07 00 00 00 90 7C 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 0A 00 00 00 00 00 00 20 0B 00 00 04 00 00 30 FD 0A 00 03 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 34 00 00 | success or wait | 571183555 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@f7d41f | success or wait | 571192872 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 DA CE 07 00 00 10 00 00 00 D0 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 20 4A 00 00 00 E0 07 00 00 32 00 00 00 D4 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 78 BE 02 00 00 30 08 00 00 C0 02 00 | success or wait | 571199721 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@875750 | success or wait | 571208563 |
Section loaded | Path: C:\WINDOWS\system32\ntdll.dll Access: query and read Type: commit Baseaddress: F10000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 571214852 |
Memory attributes changed | PID: 376 Path: C:\WINDOWS\system32\msdtc.exe Base: 7C90DB3E Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 571906127 |
Memory attributes changed | PID: 376 Path: C:\WINDOWS\system32\msdtc.exe Base: BB169A8 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 571914704 |
Memory attributes changed | PID: 376 Path: C:\WINDOWS\system32\msdtc.exe Base: 7C91632D Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 571930367 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@15fe9c3 | success or wait | 571980185 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 4 Value: D0 00 00 00 | success or wait | 571983598 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1ec1774 | success or wait | 571986455 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 20 Value: 4C 01 04 00 7D F2 00 4D 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 571989559 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 D0 07 00 00 3C 03 00 00 00 00 00 F8 20 01 00 00 10 00 00 00 90 07 00 00 00 90 7C 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 0A 00 00 00 00 00 00 20 0B 00 00 04 00 00 30 FD 0A 00 03 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 34 00 00 | success or wait | 571993008 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@f7d41f | success or wait | 571995922 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 DA CE 07 00 00 10 00 00 00 D0 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 20 4A 00 00 00 E0 07 00 00 32 00 00 00 D4 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 78 BE 02 00 00 30 08 00 00 C0 02 00 | success or wait | 571998471 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@875750 | success or wait | 572014120 |
Section loaded | Path: C:\WINDOWS\system32\ntdll.dll Access: query and read Type: commit Baseaddress: F10000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 572016913 |
Memory attributes changed | PID: 376 Path: C:\WINDOWS\system32\msdtc.exe Base: 7C91632D Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 572090758 |
Memory attributes changed | PID: 376 Path: C:\WINDOWS\system32\msdtc.exe Base: BB031F0 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 572095461 |
Memory attributes changed | PID: 376 Path: C:\WINDOWS\system32\msdtc.exe Base: 7E418BF6 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 572100717 |
File other op | Path: C:\WINDOWS\system32\user32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1754daa | success or wait | 572123338 |
File read | Path: C:\WINDOWS\system32\user32.dll Offset: unknown Length: 4 Value: D8 00 00 00 | success or wait | 572127136 |
File other op | Path: C:\WINDOWS\system32\user32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@3de71c | success or wait | 572129537 |
File read | Path: C:\WINDOWS\system32\user32.dll Offset: unknown Length: 20 Value: 4C 01 04 00 1B A1 02 48 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 572131964 |
File read | Path: C:\WINDOWS\system32\user32.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 F4 05 00 00 E2 02 00 00 00 00 00 17 B2 00 00 00 10 00 00 00 B0 05 00 00 00 41 7E 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 00 00 00 00 00 00 00 10 09 00 00 04 00 00 76 FC 08 00 02 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 39 00 00 | success or wait | 572145249 |
File other op | Path: C:\WINDOWS\system32\user32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@ffc1c | success or wait | 572148381 |
File read | Path: C:\WINDOWS\system32\user32.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 83 F2 05 00 00 10 00 00 00 F4 05 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 80 11 00 00 00 10 06 00 00 0C 00 00 00 F8 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 88 A0 02 00 00 30 06 00 00 A2 02 00 | success or wait | 572186303 |
File other op | Path: C:\WINDOWS\system32\user32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@170c7a3 | success or wait | 572189821 |
Section loaded | Path: C:\WINDOWS\system32\user32.dll Access: query and read Type: commit Baseaddress: F10000 Size: 57344 Protection: readonly Mapped to pid: own pid | success or wait | 572192148 |
Memory attributes changed | PID: 376 Path: C:\WINDOWS\system32\msdtc.exe Base: 7E418BF6 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 572214774 |
Memory attributes changed | PID: 376 Path: C:\WINDOWS\system32\msdtc.exe Base: BB02140 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 572217781 |
File opened | Path: C:\skhfushjflw\config.bin Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: normal Content Overwritten: true | success or wait | 572220211 |
File read | Path: C:\skhfushjflw\config.bin Offset: unknown Length: 74019 Value: 50 5F A6 6E 46 82 4F 8B 57 93 A9 9E 12 94 50 94 50 94 50 94 50 94 65 A2 66 A2 68 AC 79 BD E4 97 C1 E3 88 2B 9D C5 E2 92 23 B3 04 C0 03 7C B1 2A B3 BE CE AD 37 FD 39 FD 3B 6B 1F 81 21 06 02 04 95 44 7B 58 4F 33 E4 CF A8 3F D4 7E 21 05 7D B3 67 3E 96 B1 22 34 C2 F2 16 A5 36 26 B2 39 84 48 E5 22 EE 43 | success or wait | 572226441 |
Memory attributes changed | PID: 376 Path: C:\WINDOWS\system32\msdtc.exe Base: 3D949088 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 572617254 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@142d884 | success or wait | 572637534 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 572675191 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@194d431 | success or wait | 572678981 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 572684182 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 572691036 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1f71b53 | success or wait | 572696402 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 572699226 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@22f376 | success or wait | 572701952 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: F10000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 572714956 |
Memory attributes changed | PID: 376 Path: C:\WINDOWS\system32\msdtc.exe Base: 3D949088 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 573057489 |
Memory attributes changed | PID: 376 Path: C:\WINDOWS\system32\msdtc.exe Base: BB17598 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 573095940 |
Memory attributes changed | PID: 376 Path: C:\WINDOWS\system32\msdtc.exe Base: 3D95EE89 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 573098518 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@142d884 | success or wait | 573109469 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 573111850 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@194d431 | success or wait | 573127823 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 573130443 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 573133353 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1f71b53 | success or wait | 573135611 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 573137971 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@22f376 | success or wait | 573153447 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: F10000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 573155668 |
Memory attributes changed | PID: 376 Path: C:\WINDOWS\system32\msdtc.exe Base: 3D95EE89 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 573210318 |
Memory attributes changed | PID: 376 Path: C:\WINDOWS\system32\msdtc.exe Base: BB16B68 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 573212813 |
Memory attributes changed | PID: 376 Path: C:\WINDOWS\system32\msdtc.exe Base: 3D94FABE Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 573215688 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@142d884 | success or wait | 573268642 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 573271525 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@194d431 | success or wait | 573275094 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 573277575 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 573279707 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1f71b53 | success or wait | 573284584 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 573289311 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@22f376 | success or wait | 573302841 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: F10000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 573304888 |
Memory attributes changed | PID: 376 Path: C:\WINDOWS\system32\msdtc.exe Base: 3D94FABE Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 573398446 |
Memory attributes changed | PID: 376 Path: C:\WINDOWS\system32\msdtc.exe Base: BAFC6D0 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 573404693 |
Memory attributes changed | PID: 376 Path: C:\WINDOWS\system32\msdtc.exe Base: 3D9A608E Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 573415084 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@142d884 | success or wait | 573441740 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 573467994 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@194d431 | success or wait | 573476375 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 573481570 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 573488098 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1f71b53 | success or wait | 573493705 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 573521938 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@22f376 | success or wait | 573548877 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: F10000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 573555515 |
Memory attributes changed | PID: 376 Path: C:\WINDOWS\system32\msdtc.exe Base: 3D9A608E Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 573620855 |
Memory attributes changed | PID: 376 Path: C:\WINDOWS\system32\msdtc.exe Base: BB05EA0 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 573627428 |
File opened | Path: C:\skhfushjflw\config.bin Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: normal Content Overwritten: true | success or wait | 573634615 |
File read | Path: C:\skhfushjflw\config.bin Offset: unknown Length: 74019 Value: 50 5F A6 6E 46 82 4F 8B 57 93 A9 9E 12 94 50 94 50 94 50 94 50 94 65 A2 66 A2 68 AC 79 BD E4 97 C1 E3 88 2B 9D C5 E2 92 23 B3 04 C0 03 7C B1 2A B3 BE CE AD 37 FD 39 FD 3B 6B 1F 81 21 06 02 04 95 44 7B 58 4F 33 E4 CF A8 3F D4 7E 21 05 7D B3 67 3E 96 B1 22 34 C2 F2 16 A5 36 26 B2 39 84 48 E5 22 EE 43 | success or wait | 573694796 |
Memory attributes changed | PID: 376 Path: C:\WINDOWS\system32\msdtc.exe Base: 3D94D508 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 574565471 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@142d884 | success or wait | 574610941 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 574618771 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@194d431 | success or wait | 574624142 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 574629475 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 574636529 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1f71b53 | success or wait | 574641896 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 574647999 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@22f376 | success or wait | 574655352 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: F10000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 574661138 |
Memory attributes changed | PID: 376 Path: C:\WINDOWS\system32\msdtc.exe Base: 3D94D508 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 574843223 |
Memory attributes changed | PID: 376 Path: C:\WINDOWS\system32\msdtc.exe Base: BB06620 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 574850006 |
Memory attributes changed | PID: 376 Path: C:\WINDOWS\system32\msdtc.exe Base: 3D94CF4E Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 574895429 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@142d884 | success or wait | 574946933 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 574953026 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@194d431 | success or wait | 574958497 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 574964908 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 574971982 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1f71b53 | success or wait | 574977357 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 574981732 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@22f376 | success or wait | 574987057 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: F10000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 574991181 |
Memory attributes changed | PID: 376 Path: C:\WINDOWS\system32\msdtc.exe Base: 3D94CF4E Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 575032211 |
Memory attributes changed | PID: 376 Path: C:\WINDOWS\system32\msdtc.exe Base: BB17758 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 575039908 |
Memory attributes changed | PID: 376 Path: C:\WINDOWS\system32\msdtc.exe Base: 3D94878D Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 575063994 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@142d884 | success or wait | 575091466 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 575096610 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@194d431 | success or wait | 575099742 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 575103333 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 575112893 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1f71b53 | success or wait | 575116692 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 575120184 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@22f376 | success or wait | 575124906 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: F10000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 575128803 |
Memory attributes changed | PID: 376 Path: C:\WINDOWS\system32\msdtc.exe Base: 3D94878D Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 575169919 |
Memory attributes changed | PID: 376 Path: C:\WINDOWS\system32\msdtc.exe Base: BB033B0 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 575175028 |
Memory attributes changed | PID: 376 Path: C:\WINDOWS\system32\msdtc.exe Base: 3D940049 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 575178899 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@142d884 | success or wait | 575229303 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 575238077 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@194d431 | success or wait | 575246200 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 575251151 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 575261660 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1f71b53 | success or wait | 575266713 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 575270518 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@22f376 | success or wait | 575275075 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: F10000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 575281167 |
Memory attributes changed | PID: 376 Path: C:\WINDOWS\system32\msdtc.exe Base: 3D940049 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 575322455 |
Memory attributes changed | PID: 376 Path: C:\WINDOWS\system32\msdtc.exe Base: BB17AA8 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 575327752 |
Memory attributes changed | PID: 376 Path: C:\WINDOWS\system32\msdtc.exe Base: 3D94BF83 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 575332125 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@142d884 | success or wait | 575378849 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 575382669 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@194d431 | success or wait | 575389198 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 575393642 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 575398663 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1f71b53 | success or wait | 575406334 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 575410133 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@22f376 | success or wait | 575417430 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: F10000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 575422334 |
Memory attributes changed | PID: 376 Path: C:\WINDOWS\system32\msdtc.exe Base: 3D94BF83 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 576039665 |
Memory attributes changed | PID: 376 Path: C:\WINDOWS\system32\msdtc.exe Base: BB02C30 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 576680145 |
Memory attributes changed | PID: 376 Path: C:\WINDOWS\system32\msdtc.exe Base: 3D94654B Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 576720017 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@142d884 | success or wait | 576746392 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 576751625 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@194d431 | success or wait | 576757367 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 576761446 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 576766201 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1f71b53 | success or wait | 576770765 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 576777495 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@22f376 | success or wait | 576797824 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: F10000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 576802559 |
Memory attributes changed | PID: 376 Path: C:\WINDOWS\system32\msdtc.exe Base: 3D94654B Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 577208502 |
Memory attributes changed | PID: 376 Path: C:\WINDOWS\system32\msdtc.exe Base: BB035C0 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 577213287 |
Memory attributes changed | PID: 376 Path: C:\WINDOWS\system32\msdtc.exe Base: 3D963381 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 577239106 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@142d884 | success or wait | 577283804 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 577288597 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@194d431 | success or wait | 577293260 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 577300485 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 577307972 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1f71b53 | success or wait | 577315470 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 577319997 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@22f376 | success or wait | 577325594 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: F10000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 577516867 |
Memory attributes changed | PID: 376 Path: C:\WINDOWS\system32\msdtc.exe Base: 3D963381 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 578460520 |
Memory attributes changed | PID: 376 Path: C:\WINDOWS\system32\msdtc.exe Base: BAFCB48 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 578475173 |
Memory attributes changed | PID: 376 Path: C:\WINDOWS\system32\msdtc.exe Base: 71AB4C27 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 578479842 |
File opened | Path: C:\WINDOWS\system32\WS2_32.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 578724615 |
File other op | Path: C:\WINDOWS\system32\ws2_32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@9ddfa3 | success or wait | 578918206 |
File read | Path: C:\WINDOWS\system32\ws2_32.dll Offset: unknown Length: 4 Value: F0 00 00 00 | success or wait | 578927663 |
File other op | Path: C:\WINDOWS\system32\ws2_32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@c58432 | success or wait | 578937305 |
File read | Path: C:\WINDOWS\system32\ws2_32.dll Offset: unknown Length: 20 Value: 4C 01 04 00 63 A1 02 48 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 578944556 |
File read | Path: C:\WINDOWS\system32\ws2_32.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 22 01 00 00 1C 00 00 00 00 00 00 73 12 00 00 00 10 00 00 00 20 01 00 00 00 AB 71 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 0A 00 00 00 00 00 00 70 01 00 00 04 00 00 20 F0 01 00 03 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 04 14 00 00 | success or wait | 578956464 |
File other op | Path: C:\WINDOWS\system32\ws2_32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@16a11e4 | success or wait | 578960195 |
File read | Path: C:\WINDOWS\system32\ws2_32.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 53 21 01 00 00 10 00 00 00 22 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 14 09 00 00 00 40 01 00 00 0A 00 00 00 26 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 F8 03 00 00 00 50 01 00 00 04 00 00 | success or wait | 578963794 |
File other op | Path: C:\WINDOWS\system32\ws2_32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@bc917c | success or wait | 578968402 |
Section loaded | Path: C:\WINDOWS\system32\ws2_32.dll Access: query and read Type: commit Baseaddress: F10000 Size: 20480 Protection: readonly Mapped to pid: own pid | success or wait | 578972975 |
Memory attributes changed | PID: 376 Path: C:\WINDOWS\system32\msdtc.exe Base: 71AB4C27 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 579005964 |
File opened | Path: C:\WINDOWS\system32\ADVAPI32.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 579026000 |
File other op | Path: C:\WINDOWS\system32\advapi32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1f378c8 | success or wait | 579030197 |
File read | Path: C:\WINDOWS\system32\advapi32.dll Offset: unknown Length: 4 Value: F0 00 00 00 | success or wait | 579036202 |
File other op | Path: C:\WINDOWS\system32\advapi32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@17ecdf0 | success or wait | 579041346 |
File read | Path: C:\WINDOWS\system32\advapi32.dll Offset: unknown Length: 20 Value: 4C 01 04 00 48 1D 90 49 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 579047738 |
File read | Path: C:\WINDOWS\system32\advapi32.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 46 07 00 00 3E 02 00 00 00 00 00 0B 71 00 00 00 10 00 00 00 20 07 00 00 00 DD 77 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 00 00 00 00 00 00 00 B0 09 00 00 04 00 00 B8 5B 0A 00 03 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 A4 16 00 00 | success or wait | 579057177 |
File other op | Path: C:\WINDOWS\system32\advapi32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@283d3 | success or wait | 579061861 |
File read | Path: C:\WINDOWS\system32\advapi32.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 C9 45 07 00 00 10 00 00 00 46 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 28 46 00 00 00 60 07 00 00 2C 00 00 00 4A 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 80 A9 01 00 00 B0 07 00 00 AA 01 00 | success or wait | 579066237 |
File other op | Path: C:\WINDOWS\system32\advapi32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@11cbec9 | success or wait | 579074015 |
Section loaded | Path: C:\WINDOWS\system32\advapi32.dll Access: query and read Type: commit Baseaddress: F10000 Size: 28672 Protection: readonly Mapped to pid: own pid | success or wait | 579077866 |
File opened | Path: C:\WINDOWS\system32\CRYPT32.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 579119567 |
File other op | Path: C:\WINDOWS\system32\crypt32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@3184d8 | success or wait | 579123187 |
File read | Path: C:\WINDOWS\system32\crypt32.dll Offset: unknown Length: 4 Value: F0 00 00 00 | success or wait | 579126629 |
File other op | Path: C:\WINDOWS\system32\crypt32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@108af2a | success or wait | 579129254 |
File read | Path: C:\WINDOWS\system32\crypt32.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D7 A0 02 48 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 579132645 |
File read | Path: C:\WINDOWS\system32\crypt32.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 44 08 00 00 DC 00 00 00 00 00 00 32 16 00 00 00 10 00 00 00 20 08 00 00 00 A8 77 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 00 00 00 00 00 00 00 50 09 00 00 04 00 00 30 C5 09 00 02 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 9C 1A 00 00 | success or wait | 579137181 |
File other op | Path: C:\WINDOWS\system32\crypt32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1242445 | success or wait | 579140149 |
File read | Path: C:\WINDOWS\system32\crypt32.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 C4 43 08 00 00 10 00 00 00 44 08 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 E8 23 00 00 00 60 08 00 00 24 00 00 00 48 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 50 67 00 00 00 90 08 00 00 68 00 00 | success or wait | 579142747 |
File other op | Path: C:\WINDOWS\system32\crypt32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1c94b51 | success or wait | 579145301 |
Section loaded | Path: C:\WINDOWS\system32\crypt32.dll Access: query and read Type: commit Baseaddress: F10000 Size: 77824 Protection: readonly Mapped to pid: own pid | success or wait | 579151995 |
Mutant created | Name: \BaseNamedObjects\WTFGQ7AIWawyMYWWRAk3SWXkgj39MdG | access denied | 580293693 |
Thread created | PID: 376 TID: 196 EIP: 7C8106F9 Imagepath: C:\WINDOWS\system32\msdtc.exe | success or wait | 582382566 |
Thread resumed | TID: 196 PID: 376 Path: C:\WINDOWS\system32\msdtc.exe | success or wait | 582423004 |
File opened | Path: \pipe\globpluginspipe Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: none Content Overwritten: true | success or wait | 582614157 |
File read | Path: \globpluginspipe Offset: unknown Length: 4 Value: 41 0C 02 00 | success or wait | 582632415 |
Thread created | PID: 376 TID: 1368 EIP: 7C8106F9 Imagepath: C:\WINDOWS\system32\msdtc.exe | success or wait | 582831187 |
Thread resumed | TID: 1368 PID: 376 Path: C:\WINDOWS\system32\msdtc.exe | success or wait | 582842552 |
Thread delayed | Time: 0 TID: 1368 | success or wait | 582849585 |
File read | Path: \globpluginspipe Offset: unknown Length: 134209 Value: 67 6C 6F 62 70 6C 75 67 69 6E 73 00 04 00 00 00 72 73 74 5F 31 5F 31 00 00 0C 02 00 4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF 00 00 B8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 E8 00 00 00 0E 1F BA 0E 00 B4 09 CD | success or wait | 583833392 |
Thread delayed | Time: 0 TID: 1368 | success or wait | 584023081 |
Memory allocated | PID: 376 Path: C:\WINDOWS\system32\msdtc.exe Base: 7E0000 Length: F4FF2C Allocation Type: unknown Protection: page execute and read and write | success or wait | 584043129 |
Memory allocated | PID: 376 Path: C:\WINDOWS\system32\msdtc.exe Base: FE0000 Length: F4FE78 Allocation Type: unknown Protection: page read and write | success or wait | 584059228 |
Memory allocated | PID: 376 Path: C:\WINDOWS\system32\msdtc.exe Base: FE0000 Length: F4FE7C Allocation Type: unknown Protection: page read and write | success or wait | 584063669 |
Memory allocated | PID: 376 Path: C:\WINDOWS\system32\msdtc.exe Base: FE1000 Length: F4FB58 Allocation Type: unknown Protection: page read and write | success or wait | 584070673 |
Process information queried | PID: 376 Info Class: Cookie | success or wait | 584075743 |
Process information queried | PID: 376 Info Class: Cookie | success or wait | 584079197 |
Process information queried | PID: 376 Info Class: Cookie | success or wait | 584084944 |
Process information queried | PID: 376 Info Class: Cookie | success or wait | 584088628 |
Process information queried | PID: 376 Info Class: Cookie | success or wait | 584092061 |
Process information queried | PID: 376 Info Class: Cookie | success or wait | 584096906 |
Process information queried | PID: 376 Info Class: Cookie | success or wait | 584099638 |
Process information queried | PID: 376 Info Class: Cookie | success or wait | 584286671 |
Process information queried | PID: 376 Info Class: Cookie | success or wait | 585020213 |
Process information queried | PID: 376 Info Class: Cookie | success or wait | 585048638 |
Process information queried | PID: 376 Info Class: Cookie | success or wait | 585059365 |
Process information queried | PID: 376 Info Class: Cookie | success or wait | 585071581 |
Process information queried | PID: 376 Info Class: Cookie | success or wait | 585074820 |
Process information queried | PID: 376 Info Class: Cookie | success or wait | 585081988 |
Process information queried | PID: 376 Info Class: Cookie | success or wait | 585084592 |
Process information queried | PID: 376 Info Class: Cookie | success or wait | 585087070 |
Process information queried | PID: 376 Info Class: Cookie | success or wait | 585089982 |
Process information queried | PID: 376 Info Class: Cookie | success or wait | 585092443 |
Process information queried | PID: 376 Info Class: Cookie | success or wait | 585095264 |
Process information queried | PID: 376 Info Class: Cookie | success or wait | 585098497 |
Process information queried | PID: 376 Info Class: Cookie | success or wait | 585101388 |
Process information queried | PID: 376 Info Class: Cookie | success or wait | 585104028 |
Process information queried | PID: 376 Info Class: Cookie | success or wait | 585106663 |
Process information queried | PID: 376 Info Class: Cookie | success or wait | 585109715 |
Process information queried | PID: 376 Info Class: Cookie | success or wait | 585112457 |
Process information queried | PID: 376 Info Class: Cookie | success or wait | 585116055 |
Process information queried | PID: 376 Info Class: Cookie | success or wait | 585119105 |
Thread delayed | Time: 0 TID: 1368 | success or wait | 585119377 |
Process information queried | PID: 376 Info Class: Cookie | success or wait | 585121864 |
Process information queried | PID: 376 Info Class: Cookie | success or wait | 585125661 |
Process information queried | PID: 376 Info Class: Cookie | success or wait | 585128264 |
Process information queried | PID: 376 Info Class: Cookie | success or wait | 585131293 |
Process information queried | PID: 376 Info Class: Cookie | success or wait | 585137103 |
Process information queried | PID: 376 Info Class: Cookie | success or wait | 585139683 |
Process information queried | PID: 376 Info Class: Cookie | success or wait | 585142339 |
Process information queried | PID: 376 Info Class: Cookie | success or wait | 585145115 |
Process information queried | PID: 376 Info Class: Cookie | success or wait | 585147722 |
Process information queried | PID: 376 Info Class: Cookie | success or wait | 585150228 |
Process information queried | PID: 376 Info Class: Cookie | success or wait | 585154294 |
Process information queried | PID: 376 Info Class: Cookie | success or wait | 585156682 |
Process information queried | PID: 376 Info Class: Cookie | success or wait | 585159188 |
Process information queried | PID: 376 Info Class: Cookie | success or wait | 585161904 |
Process information queried | PID: 376 Info Class: Cookie | success or wait | 585164400 |
Process information queried | PID: 376 Info Class: Cookie | success or wait | 585167387 |
Process information queried | PID: 376 Info Class: Cookie | success or wait | 585170684 |
Process information queried | PID: 376 Info Class: Cookie | success or wait | 585173556 |
Process information queried | PID: 376 Info Class: Cookie | success or wait | 585176476 |
Process information queried | PID: 376 Info Class: Cookie | success or wait | 585179354 |
Process information queried | PID: 376 Info Class: Cookie | success or wait | 585181967 |
Process information queried | PID: 376 Info Class: Cookie | success or wait | 585184566 |
Process information queried | PID: 376 Info Class: Cookie | success or wait | 585188090 |
Thread delayed | Time: 0 TID: 1368 | success or wait | 586636741 |
Thread created | PID: 376 TID: 644 EIP: 7C8106F9 Imagepath: C:\WINDOWS\system32\msdtc.exe | success or wait | 586935006 |
Thread resumed | TID: 644 PID: 376 Path: C:\WINDOWS\system32\msdtc.exe | success or wait | 586935555 |
Thread created | PID: 376 TID: 960 EIP: 7C8106F9 Imagepath: C:\WINDOWS\system32\msdtc.exe | success or wait | 586940822 |
Thread resumed | TID: 960 PID: 376 Path: C:\WINDOWS\system32\msdtc.exe | success or wait | 586941229 |
Key created | Path: HKEY_USERS\Software\Microsoft\Internet Explorer\DBControl | success or wait | 586944843 |
Thread delayed | Time: 0 TID: 1368 | success or wait | 587748043 |
Thread delayed | Time: 0 TID: 1368 | success or wait | 588869975 |
Thread delayed | Time: 0 TID: 1368 | success or wait | 589988713 |
Thread delayed | Time: 0 TID: 1368 | success or wait | 591107633 |
Thread delayed | Time: 0 TID: 1368 | success or wait | 592225987 |
Thread delayed | Time: 0 TID: 1368 | success or wait | 593344524 |
Thread delayed | Time: 0 TID: 1368 | success or wait | 594648958 |
Thread delayed | Time: 0 TID: 1368 | success or wait | 596043050 |
Thread delayed | Time: 0 TID: 1368 | success or wait | 597144317 |
Thread delayed | Time: 0 TID: 1368 | success or wait | 598275118 |
Thread delayed | Time: 0 TID: 1368 | success or wait | 599578770 |
Thread delayed | Time: 0 TID: 1368 | success or wait | 600673199 |
Thread delayed | Time: 0 TID: 1368 | success or wait | 601794571 |
Thread delayed | Time: 0 TID: 1368 | success or wait | 602915216 |
Thread delayed | Time: 0 TID: 1368 | success or wait | 604211342 |
Thread delayed | Time: 0 TID: 1368 | success or wait | 605418467 |
Thread delayed | Time: 0 TID: 1368 | success or wait | 606488884 |
Thread delayed | Time: 0 TID: 1368 | success or wait | 607606792 |
Thread delayed | Time: 0 TID: 1368 | success or wait | 608745594 |
Thread delayed | Time: 0 TID: 1368 | success or wait | 609843352 |
Thread delayed | Time: 0 TID: 1368 | success or wait | 610959641 |
Thread delayed | Time: 0 TID: 1368 | success or wait | 612080962 |
Thread delayed | Time: 0 TID: 1368 | success or wait | 613200551 |
Thread delayed | Time: 0 TID: 1368 | success or wait | 614321431 |
Thread delayed | Time: 0 TID: 1368 | success or wait | 615437504 |
Thread delayed | Time: 0 TID: 1368 | success or wait | 616555873 |
Thread delayed | Time: 0 TID: 1368 | success or wait | 617677488 |
Thread delayed | Time: 0 TID: 1368 | success or wait | 618793245 |
Thread delayed | Time: 0 TID: 1368 | success or wait | 619919824 |
Thread delayed | Time: 0 TID: 1368 | success or wait | 621030260 |
Thread delayed | Time: 0 TID: 1368 | success or wait | 622149534 |
Thread delayed | Time: 0 TID: 1368 | success or wait | 623267498 |
Thread delayed | Time: 0 TID: 1368 | success or wait | 624388792 |
Thread delayed | Time: 0 TID: 1368 | success or wait | 625504792 |
Thread delayed | Time: 0 TID: 1368 | success or wait | 626626531 |
Thread delayed | Time: 0 TID: 1368 | success or wait | 627742162 |
Thread delayed | Time: 0 TID: 1368 | success or wait | 628864896 |
Thread delayed | Time: 0 TID: 1368 | success or wait | 629979953 |
Thread delayed | Time: 0 TID: 1368 | success or wait | 631098216 |
Thread delayed | Time: 0 TID: 1368 | success or wait | 632216330 |
Thread delayed | Time: 0 TID: 1368 | success or wait | 633335071 |
Thread delayed | Time: 0 TID: 1368 | success or wait | 634463143 |
Thread delayed | Time: 0 TID: 1368 | success or wait | 635572289 |
Thread delayed | Time: 0 TID: 1368 | success or wait | 636690902 |
Thread delayed | Time: 0 TID: 1368 | success or wait | 637809377 |
Thread delayed | Time: 0 TID: 1368 | success or wait | 638930670 |
Mutant created | Name: \BaseNamedObjects\ofjwkwufhdjfgki | access denied | 703592549 |
File opened | Path: \pipe\globpluginspipe Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: none Content Overwritten: true | success or wait | 703780219 |
File read | Path: \globpluginspipe Offset: unknown Length: 4 Value: 41 0C 02 00 | success or wait | 703785088 |
File read | Path: \globpluginspipe Offset: unknown Length: 134209 Value: 67 6C 6F 62 70 6C 75 67 69 6E 73 00 04 00 00 00 72 73 74 5F 31 5F 31 00 00 0C 02 00 4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF 00 00 B8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 E8 00 00 00 0E 1F BA 0E 00 B4 09 CD | success or wait | 703828129 |
Mutant created | Name: \BaseNamedObjects\ofjwkwufhdjfgki | access denied | 823302072 |
File opened | Path: \pipe\globpluginspipe Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: none Content Overwritten: true | pipe not available | 823471063 |
File opened | Path: \pipe\globpluginspipe Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: none Content Overwritten: true | pipe not available | 823508291 |
Sections | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
File Activities:
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Section Activities:
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Mutant Activities:
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Process Activities:
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Thread Activities:
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Memory Activities:
|
Chronological sections | |||
Operation | Data | Completion | Time |
Section loaded | Path: \KnownDlls\WS2_32.dll Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 564112206 |
Section loaded | Path: C:\WINDOWS\system32\ws2_32.dll Access: query and write and read and execute Type: image Baseaddress: 71AB0000 Size: 94208 Protection: read write Mapped to pid: own pid | success or wait | 564166079 |
Section loaded | Path: \KnownDlls\WS2HELP.dll Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 564293126 |
Section loaded | Path: C:\WINDOWS\system32\ws2help.dll Access: query and write and read and execute Type: image Baseaddress: 71AA0000 Size: 32768 Protection: read write Mapped to pid: own pid | success or wait | 564303371 |
Section loaded | Path: \KnownDlls\WININET.dll Access: write and read and execute Type: unknown Baseaddress: 3D930000 Size: 942080 Protection: read write Mapped to pid: own pid | success or wait | 564682955 |
Section loaded | Path: \KnownDlls\Normaliz.dll Access: write and read and execute Type: unknown Baseaddress: 3B0000 Size: 36864 Protection: read write Mapped to pid: own pid | conflicting addresses | 564887671 |
Section loaded | Path: \KnownDlls\urlmon.dll Access: write and read and execute Type: unknown Baseaddress: 78130000 Size: 1257472 Protection: read write Mapped to pid: own pid | success or wait | 566214287 |
Section loaded | Path: \KnownDlls\iertutil.dll Access: write and read and execute Type: unknown Baseaddress: 3DFD0000 Size: 2002944 Protection: read write Mapped to pid: own pid | success or wait | 568060332 |
Memory attributes changed | PID: 1452 Path: C:\WINDOWS\system32\msiexec.exe Base: 7C90D76E Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 569770096 |
File opened | Path: C:\WINDOWS\system32\ntdll.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 570240875 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@813486 | success or wait | 570251760 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 4 Value: D0 00 00 00 | success or wait | 570262509 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@9f624a | success or wait | 570273029 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 20 Value: 4C 01 04 00 7D F2 00 4D 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 570286222 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 D0 07 00 00 3C 03 00 00 00 00 00 F8 20 01 00 00 10 00 00 00 90 07 00 00 00 90 7C 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 0A 00 00 00 00 00 00 20 0B 00 00 04 00 00 30 FD 0A 00 03 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 34 00 00 | success or wait | 570304571 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1ee2310 | success or wait | 570314643 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 DA CE 07 00 00 10 00 00 00 D0 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 20 4A 00 00 00 E0 07 00 00 32 00 00 00 D4 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 78 BE 02 00 00 30 08 00 00 C0 02 00 | success or wait | 570329274 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1400f33 | success or wait | 570340267 |
Section loaded | Path: C:\WINDOWS\system32\ntdll.dll Access: query and read Type: commit Baseaddress: BF0000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 570399971 |
Memory attributes changed | PID: 1452 Path: C:\WINDOWS\system32\msiexec.exe Base: 7C90D76E Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 570900349 |
Memory attributes changed | PID: 1452 Path: C:\WINDOWS\system32\msiexec.exe Base: BAFCD70 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 570910118 |
Memory attributes changed | PID: 1452 Path: C:\WINDOWS\system32\msiexec.exe Base: 7C90DF1E Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 571024207 |
File opened | Path: C:\WINDOWS\system32\ntdll.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 571045852 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@813486 | success or wait | 571053324 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 4 Value: D0 00 00 00 | success or wait | 571063761 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@9f624a | success or wait | 571067535 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 20 Value: 4C 01 04 00 7D F2 00 4D 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 571071253 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 D0 07 00 00 3C 03 00 00 00 00 00 F8 20 01 00 00 10 00 00 00 90 07 00 00 00 90 7C 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 0A 00 00 00 00 00 00 20 0B 00 00 04 00 00 30 FD 0A 00 03 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 34 00 00 | success or wait | 571075096 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1ee2310 | success or wait | 571089329 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 DA CE 07 00 00 10 00 00 00 D0 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 20 4A 00 00 00 E0 07 00 00 32 00 00 00 D4 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 78 BE 02 00 00 30 08 00 00 C0 02 00 | success or wait | 571103711 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1400f33 | success or wait | 571107418 |
Section loaded | Path: C:\WINDOWS\system32\ntdll.dll Access: query and read Type: commit Baseaddress: BF0000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 571110248 |
Memory attributes changed | PID: 1452 Path: C:\WINDOWS\system32\msiexec.exe Base: 7C90DF1E Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 571136085 |
Memory attributes changed | PID: 1452 Path: C:\WINDOWS\system32\msiexec.exe Base: BB17110 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 571144506 |
Memory attributes changed | PID: 1452 Path: C:\WINDOWS\system32\msiexec.exe Base: 7C90D2EE Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 571153631 |
File opened | Path: C:\WINDOWS\system32\ntdll.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 571182519 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@813486 | success or wait | 571191907 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 4 Value: D0 00 00 00 | success or wait | 571198804 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@9f624a | success or wait | 571206764 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 20 Value: 4C 01 04 00 7D F2 00 4D 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 571215471 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 D0 07 00 00 3C 03 00 00 00 00 00 F8 20 01 00 00 10 00 00 00 90 07 00 00 00 90 7C 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 0A 00 00 00 00 00 00 20 0B 00 00 04 00 00 30 FD 0A 00 03 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 34 00 00 | success or wait | 571266703 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1ee2310 | success or wait | 571282782 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 DA CE 07 00 00 10 00 00 00 D0 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 20 4A 00 00 00 E0 07 00 00 32 00 00 00 D4 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 78 BE 02 00 00 30 08 00 00 C0 02 00 | success or wait | 571311771 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1400f33 | success or wait | 571888627 |
Section loaded | Path: C:\WINDOWS\system32\ntdll.dll Access: query and read Type: commit Baseaddress: BF0000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 571894218 |
Memory attributes changed | PID: 1452 Path: C:\WINDOWS\system32\msiexec.exe Base: 7C90D2EE Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 571974010 |
Memory attributes changed | PID: 1452 Path: C:\WINDOWS\system32\msiexec.exe Base: BB02A80 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 571977240 |
Memory attributes changed | PID: 1452 Path: C:\WINDOWS\system32\msiexec.exe Base: 7C90DB3E Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 571981302 |
File opened | Path: C:\WINDOWS\system32\ntdll.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 571990507 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@813486 | success or wait | 571993904 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 4 Value: D0 00 00 00 | success or wait | 571996489 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@9f624a | success or wait | 572013782 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 20 Value: 4C 01 04 00 7D F2 00 4D 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 572016637 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 D0 07 00 00 3C 03 00 00 00 00 00 F8 20 01 00 00 10 00 00 00 90 07 00 00 00 90 7C 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 0A 00 00 00 00 00 00 20 0B 00 00 04 00 00 30 FD 0A 00 03 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 34 00 00 | success or wait | 572056715 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1ee2310 | success or wait | 572060662 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 DA CE 07 00 00 10 00 00 00 D0 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 20 4A 00 00 00 E0 07 00 00 32 00 00 00 D4 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 78 BE 02 00 00 30 08 00 00 C0 02 00 | success or wait | 572077288 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1400f33 | success or wait | 572080067 |
Section loaded | Path: C:\WINDOWS\system32\ntdll.dll Access: query and read Type: commit Baseaddress: BF0000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 572082816 |
Memory attributes changed | PID: 1452 Path: C:\WINDOWS\system32\msiexec.exe Base: 7C90DB3E Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 572108780 |
Memory attributes changed | PID: 1452 Path: C:\WINDOWS\system32\msiexec.exe Base: BB169A8 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 572122085 |
Memory attributes changed | PID: 1452 Path: C:\WINDOWS\system32\msiexec.exe Base: 7C91632D Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 572126183 |
File opened | Path: C:\WINDOWS\system32\ntdll.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 572133590 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@813486 | success or wait | 572147057 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 4 Value: D0 00 00 00 | success or wait | 572149489 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@9f624a | success or wait | 572188262 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 20 Value: 4C 01 04 00 7D F2 00 4D 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 572190542 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 D0 07 00 00 3C 03 00 00 00 00 00 F8 20 01 00 00 10 00 00 00 90 07 00 00 00 90 7C 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 0A 00 00 00 00 00 00 20 0B 00 00 04 00 00 30 FD 0A 00 03 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 34 00 00 | success or wait | 572193039 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1ee2310 | success or wait | 572195294 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 DA CE 07 00 00 10 00 00 00 D0 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 20 4A 00 00 00 E0 07 00 00 32 00 00 00 D4 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 78 BE 02 00 00 30 08 00 00 C0 02 00 | success or wait | 572197955 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1400f33 | success or wait | 572200413 |
Section loaded | Path: C:\WINDOWS\system32\ntdll.dll Access: query and read Type: commit Baseaddress: BF0000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 572203647 |
Memory attributes changed | PID: 1452 Path: C:\WINDOWS\system32\msiexec.exe Base: 7C91632D Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 572227538 |
Memory attributes changed | PID: 1452 Path: C:\WINDOWS\system32\msiexec.exe Base: BB031F0 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 572264945 |
Memory attributes changed | PID: 1452 Path: C:\WINDOWS\system32\msiexec.exe Base: 7E418BF6 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 572268449 |
File opened | Path: C:\WINDOWS\system32\USER32.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 572332683 |
File other op | Path: C:\WINDOWS\system32\user32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@a60d19 | success or wait | 572616063 |
File read | Path: C:\WINDOWS\system32\user32.dll Offset: unknown Length: 4 Value: D8 00 00 00 | success or wait | 572618882 |
File other op | Path: C:\WINDOWS\system32\user32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1a5f0f3 | success or wait | 572622818 |
File read | Path: C:\WINDOWS\system32\user32.dll Offset: unknown Length: 20 Value: 4C 01 04 00 1B A1 02 48 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 572626038 |
File read | Path: C:\WINDOWS\system32\user32.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 F4 05 00 00 E2 02 00 00 00 00 00 17 B2 00 00 00 10 00 00 00 B0 05 00 00 00 41 7E 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 00 00 00 00 00 00 00 10 09 00 00 04 00 00 76 FC 08 00 02 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 39 00 00 | success or wait | 572637682 |
File other op | Path: C:\WINDOWS\system32\user32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@16e0123 | success or wait | 572675648 |
File read | Path: C:\WINDOWS\system32\user32.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 83 F2 05 00 00 10 00 00 00 F4 05 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 80 11 00 00 00 10 06 00 00 0C 00 00 00 F8 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 88 A0 02 00 00 30 06 00 00 A2 02 00 | success or wait | 572679237 |
File other op | Path: C:\WINDOWS\system32\user32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@10cceb3 | success or wait | 572683385 |
Section loaded | Path: C:\WINDOWS\system32\user32.dll Access: query and read Type: commit Baseaddress: BF0000 Size: 57344 Protection: readonly Mapped to pid: own pid | success or wait | 572690620 |
Memory attributes changed | PID: 1452 Path: C:\WINDOWS\system32\msiexec.exe Base: 7E418BF6 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 572723883 |
Memory attributes changed | PID: 1452 Path: C:\WINDOWS\system32\msiexec.exe Base: BB02140 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 572728178 |
File opened | Path: C:\skhfushjflw\config.bin Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: normal Content Overwritten: true | success or wait | 573049006 |
File read | Path: C:\skhfushjflw\config.bin Offset: unknown Length: 74019 Value: 50 5F A6 6E 46 82 4F 8B 57 93 A9 9E 12 94 50 94 50 94 50 94 50 94 65 A2 66 A2 68 AC 79 BD E4 97 C1 E3 88 2B 9D C5 E2 92 23 B3 04 C0 03 7C B1 2A B3 BE CE AD 37 FD 39 FD 3B 6B 1F 81 21 06 02 04 95 44 7B 58 4F 33 E4 CF A8 3F D4 7E 21 05 7D B3 67 3E 96 B1 22 34 C2 F2 16 A5 36 26 B2 39 84 48 E5 22 EE 43 | success or wait | 573056848 |
Memory attributes changed | PID: 1452 Path: C:\WINDOWS\system32\msiexec.exe Base: 3D949088 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 573103844 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 573112495 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1d66d2f | success or wait | 573129341 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 573131474 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@9a4f8e | success or wait | 573134359 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 573136888 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 573138762 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@dd2a4f | success or wait | 573154353 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 573156966 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@4c5b3 | success or wait | 573160265 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: BF0000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 573162672 |
Memory attributes changed | PID: 1452 Path: C:\WINDOWS\system32\msiexec.exe Base: 3D949088 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 573216668 |
Memory attributes changed | PID: 1452 Path: C:\WINDOWS\system32\msiexec.exe Base: BB17598 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 573219670 |
Memory attributes changed | PID: 1452 Path: C:\WINDOWS\system32\msiexec.exe Base: 3D95EE89 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 573257369 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 573271078 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1d66d2f | success or wait | 573274660 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 573277144 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@9a4f8e | success or wait | 573279853 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 573283930 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 573289071 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@dd2a4f | success or wait | 573303240 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 573305034 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@4c5b3 | success or wait | 573307405 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: BF0000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 573309927 |
Memory attributes changed | PID: 1452 Path: C:\WINDOWS\system32\msiexec.exe Base: 3D95EE89 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 573409160 |
Memory attributes changed | PID: 1452 Path: C:\WINDOWS\system32\msiexec.exe Base: BB16B68 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 573416162 |
Memory attributes changed | PID: 1452 Path: C:\WINDOWS\system32\msiexec.exe Base: 3D94FABE Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 573421988 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 573442313 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1d66d2f | success or wait | 573469329 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 573476196 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@9a4f8e | success or wait | 573485182 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 573490904 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 573496858 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@dd2a4f | success or wait | 573548207 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 573553529 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@4c5b3 | success or wait | 573559809 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: BF0000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 573588201 |
Memory attributes changed | PID: 1452 Path: C:\WINDOWS\system32\msiexec.exe Base: 3D94FABE Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 573670072 |
Memory attributes changed | PID: 1452 Path: C:\WINDOWS\system32\msiexec.exe Base: BAFC6D0 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 573693611 |
Memory attributes changed | PID: 1452 Path: C:\WINDOWS\system32\msiexec.exe Base: 3D9A608E Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 574475905 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 574499183 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1d66d2f | success or wait | 574507321 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 574513392 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@9a4f8e | success or wait | 574519067 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 574528991 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 574563274 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@dd2a4f | success or wait | 574568759 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 574573897 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@4c5b3 | success or wait | 574579096 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: BF0000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 574607964 |
Memory attributes changed | PID: 1452 Path: C:\WINDOWS\system32\msiexec.exe Base: 3D9A608E Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 574649281 |
Memory attributes changed | PID: 1452 Path: C:\WINDOWS\system32\msiexec.exe Base: BB05EA0 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 574655030 |
File opened | Path: C:\skhfushjflw\config.bin Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: normal Content Overwritten: true | success or wait | 574664188 |
File read | Path: C:\skhfushjflw\config.bin Offset: unknown Length: 74019 Value: 50 5F A6 6E 46 82 4F 8B 57 93 A9 9E 12 94 50 94 50 94 50 94 50 94 65 A2 66 A2 68 AC 79 BD E4 97 C1 E3 88 2B 9D C5 E2 92 23 B3 04 C0 03 7C B1 2A B3 BE CE AD 37 FD 39 FD 3B 6B 1F 81 21 06 02 04 95 44 7B 58 4F 33 E4 CF A8 3F D4 7E 21 05 7D B3 67 3E 96 B1 22 34 C2 F2 16 A5 36 26 B2 39 84 48 E5 22 EE 43 | success or wait | 574670371 |
Memory attributes changed | PID: 1452 Path: C:\WINDOWS\system32\msiexec.exe Base: 3D94D508 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 574830103 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 574875335 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1d66d2f | success or wait | 574904897 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 574910932 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@9a4f8e | success or wait | 574916555 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 574947114 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 574952722 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@dd2a4f | success or wait | 574957958 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 574965177 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@4c5b3 | success or wait | 574970973 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: BF0000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 574976283 |
Memory attributes changed | PID: 1452 Path: C:\WINDOWS\system32\msiexec.exe Base: 3D94D508 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 575013153 |
Memory attributes changed | PID: 1452 Path: C:\WINDOWS\system32\msiexec.exe Base: BB06620 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 575019681 |
Memory attributes changed | PID: 1452 Path: C:\WINDOWS\system32\msiexec.exe Base: 3D94CF4E Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 575025340 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 575044140 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1d66d2f | success or wait | 575070615 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 575076218 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@9a4f8e | success or wait | 575080495 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 575088230 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 575093719 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@dd2a4f | success or wait | 575098067 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 575104897 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@4c5b3 | success or wait | 575113559 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: BF0000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 575117519 |
Memory attributes changed | PID: 1452 Path: C:\WINDOWS\system32\msiexec.exe Base: 3D94CF4E Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 575151303 |
Memory attributes changed | PID: 1452 Path: C:\WINDOWS\system32\msiexec.exe Base: BB17758 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 575156233 |
Memory attributes changed | PID: 1452 Path: C:\WINDOWS\system32\msiexec.exe Base: 3D94878D Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 575167140 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 575182674 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1d66d2f | success or wait | 575187668 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 575192855 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@9a4f8e | success or wait | 575227662 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 575234300 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 575240979 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@dd2a4f | success or wait | 575258203 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 575262282 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@4c5b3 | success or wait | 575267139 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: BF0000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 575271030 |
Memory attributes changed | PID: 1452 Path: C:\WINDOWS\system32\msiexec.exe Base: 3D94878D Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 575317444 |
Memory attributes changed | PID: 1452 Path: C:\WINDOWS\system32\msiexec.exe Base: BB033B0 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 575321296 |
Memory attributes changed | PID: 1452 Path: C:\WINDOWS\system32\msiexec.exe Base: 3D940049 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 575327450 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 575346225 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1d66d2f | success or wait | 575350014 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 575375762 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@9a4f8e | success or wait | 575381213 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 575384965 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 575389018 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@dd2a4f | success or wait | 575393824 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 575398178 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@4c5b3 | success or wait | 575405863 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: BF0000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 575409644 |
Memory attributes changed | PID: 1452 Path: C:\WINDOWS\system32\msiexec.exe Base: 3D940049 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 575453665 |
Memory attributes changed | PID: 1452 Path: C:\WINDOWS\system32\msiexec.exe Base: BB17AA8 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 575655596 |
Memory attributes changed | PID: 1452 Path: C:\WINDOWS\system32\msiexec.exe Base: 3D94BF83 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 575666236 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 576722160 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1d66d2f | success or wait | 576730318 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 576735910 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@9a4f8e | success or wait | 576742755 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 576746945 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 576752077 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@dd2a4f | success or wait | 576757901 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 576763322 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@4c5b3 | success or wait | 576767148 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: BF0000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 576772444 |
Memory attributes changed | PID: 1452 Path: C:\WINDOWS\system32\msiexec.exe Base: 3D94BF83 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 577180335 |
Memory attributes changed | PID: 1452 Path: C:\WINDOWS\system32\msiexec.exe Base: BB02C30 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 577186039 |
Memory attributes changed | PID: 1452 Path: C:\WINDOWS\system32\msiexec.exe Base: 3D94654B Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 577197939 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 577212771 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1d66d2f | success or wait | 577238932 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 577245317 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@9a4f8e | success or wait | 577248861 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 577253003 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 577282421 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@dd2a4f | success or wait | 577288413 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 577293017 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@4c5b3 | success or wait | 577300298 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: BF0000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 577304558 |
Memory attributes changed | PID: 1452 Path: C:\WINDOWS\system32\msiexec.exe Base: 3D94654B Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 578414783 |
Memory attributes changed | PID: 1452 Path: C:\WINDOWS\system32\msiexec.exe Base: BB035C0 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 578419652 |
Memory attributes changed | PID: 1452 Path: C:\WINDOWS\system32\msiexec.exe Base: 3D963381 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 578441448 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 578473085 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1d66d2f | success or wait | 578478332 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 578483078 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@9a4f8e | success or wait | 578515254 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 578718947 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 578914413 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@dd2a4f | success or wait | 578925772 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 578936123 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@4c5b3 | success or wait | 578945373 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: BF0000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 578950365 |
Memory attributes changed | PID: 1452 Path: C:\WINDOWS\system32\msiexec.exe Base: 3D963381 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 578981762 |
Memory attributes changed | PID: 1452 Path: C:\WINDOWS\system32\msiexec.exe Base: BAFCB48 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 578986040 |
Memory attributes changed | PID: 1452 Path: C:\WINDOWS\system32\msiexec.exe Base: 71AB4C27 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 578989588 |
File opened | Path: C:\WINDOWS\system32\WS2_32.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 579005280 |
File other op | Path: C:\WINDOWS\system32\ws2_32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@14f8b9a | success or wait | 579009079 |
File read | Path: C:\WINDOWS\system32\ws2_32.dll Offset: unknown Length: 4 Value: F0 00 00 00 | success or wait | 579018688 |
File other op | Path: C:\WINDOWS\system32\ws2_32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@15669ae | success or wait | 579022717 |
File read | Path: C:\WINDOWS\system32\ws2_32.dll Offset: unknown Length: 20 Value: 4C 01 04 00 63 A1 02 48 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 579025714 |
File read | Path: C:\WINDOWS\system32\ws2_32.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 22 01 00 00 1C 00 00 00 00 00 00 73 12 00 00 00 10 00 00 00 20 01 00 00 00 AB 71 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 0A 00 00 00 00 00 00 70 01 00 00 04 00 00 20 F0 01 00 03 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 04 14 00 00 | success or wait | 579030482 |
File other op | Path: C:\WINDOWS\system32\ws2_32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@344a47 | success or wait | 579035646 |
File read | Path: C:\WINDOWS\system32\ws2_32.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 53 21 01 00 00 10 00 00 00 22 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 14 09 00 00 00 40 01 00 00 0A 00 00 00 26 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 F8 03 00 00 00 50 01 00 00 04 00 00 | success or wait | 579040952 |
File other op | Path: C:\WINDOWS\system32\ws2_32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@f889c8 | success or wait | 579047496 |
Section loaded | Path: C:\WINDOWS\system32\ws2_32.dll Access: query and read Type: commit Baseaddress: BF0000 Size: 20480 Protection: readonly Mapped to pid: own pid | success or wait | 579051843 |
Memory attributes changed | PID: 1452 Path: C:\WINDOWS\system32\msiexec.exe Base: 71AB4C27 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 579085647 |
File opened | Path: C:\WINDOWS\system32\ADVAPI32.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 579103150 |
File other op | Path: C:\WINDOWS\system32\advapi32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@11dc088 | success or wait | 579106451 |
File read | Path: C:\WINDOWS\system32\advapi32.dll Offset: unknown Length: 4 Value: F0 00 00 00 | success or wait | 579110156 |
File other op | Path: C:\WINDOWS\system32\advapi32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@4b5abc | success or wait | 579112307 |
File read | Path: C:\WINDOWS\system32\advapi32.dll Offset: unknown Length: 20 Value: 4C 01 04 00 48 1D 90 49 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 579114730 |
File read | Path: C:\WINDOWS\system32\advapi32.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 46 07 00 00 3E 02 00 00 00 00 00 0B 71 00 00 00 10 00 00 00 20 07 00 00 00 DD 77 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 00 00 00 00 00 00 00 B0 09 00 00 04 00 00 B8 5B 0A 00 03 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 A4 16 00 00 | success or wait | 579120730 |
File other op | Path: C:\WINDOWS\system32\advapi32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@13219ed | success or wait | 579124467 |
File read | Path: C:\WINDOWS\system32\advapi32.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 C9 45 07 00 00 10 00 00 00 46 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 28 46 00 00 00 60 07 00 00 2C 00 00 00 4A 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 80 A9 01 00 00 B0 07 00 00 AA 01 00 | success or wait | 579126965 |
File other op | Path: C:\WINDOWS\system32\advapi32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@4434f7 | success or wait | 579133184 |
Section loaded | Path: C:\WINDOWS\system32\advapi32.dll Access: query and read Type: commit Baseaddress: BF0000 Size: 28672 Protection: readonly Mapped to pid: own pid | success or wait | 579135903 |
File opened | Path: C:\WINDOWS\system32\CRYPT32.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 580090189 |
File other op | Path: C:\WINDOWS\system32\crypt32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1f17060 | success or wait | 580292913 |
File read | Path: C:\WINDOWS\system32\crypt32.dll Offset: unknown Length: 4 Value: F0 00 00 00 | success or wait | 580296965 |
File other op | Path: C:\WINDOWS\system32\crypt32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@8bae7 | success or wait | 580485721 |
File read | Path: C:\WINDOWS\system32\crypt32.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D7 A0 02 48 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 580499458 |
File read | Path: C:\WINDOWS\system32\crypt32.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 44 08 00 00 DC 00 00 00 00 00 00 32 16 00 00 00 10 00 00 00 20 08 00 00 00 A8 77 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 00 00 00 00 00 00 00 50 09 00 00 04 00 00 30 C5 09 00 02 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 9C 1A 00 00 | success or wait | 582412467 |
File other op | Path: C:\WINDOWS\system32\crypt32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@126cb1a | success or wait | 582423451 |
File read | Path: C:\WINDOWS\system32\crypt32.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 C4 43 08 00 00 10 00 00 00 44 08 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 E8 23 00 00 00 60 08 00 00 24 00 00 00 48 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 50 67 00 00 00 90 08 00 00 68 00 00 | success or wait | 582437909 |
File other op | Path: C:\WINDOWS\system32\crypt32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1e0312b | success or wait | 582630017 |
Section loaded | Path: C:\WINDOWS\system32\crypt32.dll Access: query and read Type: commit Baseaddress: BF0000 Size: 77824 Protection: readonly Mapped to pid: own pid | success or wait | 582818093 |
Mutant created | Name: \BaseNamedObjects\WTFGQ7AIWawyMYWWRAk3SWXkgj39MdG | object name exists | 582879658 |
Thread created | PID: 1452 TID: 2000 EIP: 7C8106F9 Imagepath: C:\WINDOWS\system32\msiexec.exe | success or wait | 584044238 |
Thread resumed | TID: 2000 PID: 1452 Path: C:\WINDOWS\system32\msiexec.exe | success or wait | 584053692 |
File opened | Path: \pipe\globpluginspipe Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: none Content Overwritten: true | success or wait | 584059760 |
File read | Path: \globpluginspipe Offset: unknown Length: 4 Value: 41 0C 02 00 | success or wait | 584064437 |
Thread created | PID: 1452 TID: 1652 EIP: 7C8106F9 Imagepath: C:\WINDOWS\system32\msiexec.exe | success or wait | 584080510 |
Thread resumed | TID: 1652 PID: 1452 Path: C:\WINDOWS\system32\msiexec.exe | success or wait | 584085089 |
Thread delayed | Time: 0 TID: 1652 | success or wait | 584089114 |
File read | Path: \globpluginspipe Offset: unknown Length: 134209 Value: 67 6C 6F 62 70 6C 75 67 69 6E 73 00 04 00 00 00 72 73 74 5F 31 5F 31 00 00 0C 02 00 4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF 00 00 B8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 E8 00 00 00 0E 1F BA 0E 00 B4 09 CD | success or wait | 584294117 |
Memory allocated | PID: 1452 Path: C:\WINDOWS\system32\msiexec.exe Base: B50000 Length: 119FF2C Allocation Type: unknown Protection: page execute and read and write | success or wait | 585057788 |
Memory allocated | PID: 1452 Path: C:\WINDOWS\system32\msiexec.exe Base: BF0000 Length: 119FE78 Allocation Type: unknown Protection: page read and write | success or wait | 585073887 |
Memory allocated | PID: 1452 Path: C:\WINDOWS\system32\msiexec.exe Base: BF0000 Length: 119FE7C Allocation Type: unknown Protection: page read and write | success or wait | 585078896 |
Memory allocated | PID: 1452 Path: C:\WINDOWS\system32\msiexec.exe Base: BF1000 Length: 119FB58 Allocation Type: unknown Protection: page read and write | success or wait | 585082194 |
Process information queried | PID: 1452 Info Class: Cookie | success or wait | 585084760 |
Process information queried | PID: 1452 Info Class: Cookie | success or wait | 585087239 |
Process information queried | PID: 1452 Info Class: Cookie | success or wait | 585090553 |
Process information queried | PID: 1452 Info Class: Cookie | success or wait | 585092933 |
Process information queried | PID: 1452 Info Class: Cookie | success or wait | 585095746 |
Process information queried | PID: 1452 Info Class: Cookie | success or wait | 585098666 |
Process information queried | PID: 1452 Info Class: Cookie | success or wait | 585101568 |
Process information queried | PID: 1452 Info Class: Cookie | success or wait | 585104197 |
Process information queried | PID: 1452 Info Class: Cookie | success or wait | 585107922 |
Process information queried | PID: 1452 Info Class: Cookie | success or wait | 585113400 |
Process information queried | PID: 1452 Info Class: Cookie | success or wait | 585117347 |
Process information queried | PID: 1452 Info Class: Cookie | success or wait | 585120416 |
Process information queried | PID: 1452 Info Class: Cookie | success or wait | 585122994 |
Process information queried | PID: 1452 Info Class: Cookie | success or wait | 585128884 |
Process information queried | PID: 1452 Info Class: Cookie | success or wait | 585131928 |
Process information queried | PID: 1452 Info Class: Cookie | success or wait | 585134499 |
Process information queried | PID: 1452 Info Class: Cookie | success or wait | 585137305 |
Process information queried | PID: 1452 Info Class: Cookie | success or wait | 585139884 |
Process information queried | PID: 1452 Info Class: Cookie | success or wait | 585142541 |
Process information queried | PID: 1452 Info Class: Cookie | success or wait | 585146546 |
Process information queried | PID: 1452 Info Class: Cookie | success or wait | 585149284 |
Process information queried | PID: 1452 Info Class: Cookie | success or wait | 585151775 |
Process information queried | PID: 1452 Info Class: Cookie | success or wait | 585154484 |
Process information queried | PID: 1452 Info Class: Cookie | success or wait | 585156873 |
Process information queried | PID: 1452 Info Class: Cookie | success or wait | 585159391 |
Process information queried | PID: 1452 Info Class: Cookie | success or wait | 585162512 |
Process information queried | PID: 1452 Info Class: Cookie | success or wait | 585164927 |
Process information queried | PID: 1452 Info Class: Cookie | success or wait | 585167939 |
Process information queried | PID: 1452 Info Class: Cookie | success or wait | 585170915 |
Process information queried | PID: 1452 Info Class: Cookie | success or wait | 585173789 |
Thread delayed | Time: 0 TID: 1652 | success or wait | 585175097 |
Process information queried | PID: 1452 Info Class: Cookie | success or wait | 585176708 |
Process information queried | PID: 1452 Info Class: Cookie | success or wait | 585180237 |
Process information queried | PID: 1452 Info Class: Cookie | success or wait | 585182828 |
Process information queried | PID: 1452 Info Class: Cookie | success or wait | 585185436 |
Process information queried | PID: 1452 Info Class: Cookie | success or wait | 585189253 |
Process information queried | PID: 1452 Info Class: Cookie | success or wait | 585191864 |
Process information queried | PID: 1452 Info Class: Cookie | success or wait | 585194368 |
Process information queried | PID: 1452 Info Class: Cookie | success or wait | 585197991 |
Process information queried | PID: 1452 Info Class: Cookie | success or wait | 585199936 |
Process information queried | PID: 1452 Info Class: Cookie | success or wait | 585202856 |
Process information queried | PID: 1452 Info Class: Cookie | success or wait | 585205794 |
Process information queried | PID: 1452 Info Class: Cookie | success or wait | 585208294 |
Process information queried | PID: 1452 Info Class: Cookie | success or wait | 585210904 |
Process information queried | PID: 1452 Info Class: Cookie | success or wait | 585215108 |
Process information queried | PID: 1452 Info Class: Cookie | success or wait | 585217633 |
Process information queried | PID: 1452 Info Class: Cookie | success or wait | 585220232 |
Process information queried | PID: 1452 Info Class: Cookie | success or wait | 585223102 |
Process information queried | PID: 1452 Info Class: Cookie | success or wait | 585225696 |
Process information queried | PID: 1452 Info Class: Cookie | success or wait | 585228298 |
Process information queried | PID: 1452 Info Class: Cookie | success or wait | 585232364 |
Thread delayed | Time: 0 TID: 1652 | success or wait | 586636795 |
Thread created | PID: 1452 TID: 1620 EIP: 7C8106F9 Imagepath: C:\WINDOWS\system32\msiexec.exe | success or wait | 586946462 |
Thread resumed | TID: 1620 PID: 1452 Path: C:\WINDOWS\system32\msiexec.exe | success or wait | 586946812 |
Thread created | PID: 1452 TID: 2036 EIP: 7C8106F9 Imagepath: C:\WINDOWS\system32\msiexec.exe | success or wait | 586951276 |
Thread resumed | TID: 2036 PID: 1452 Path: C:\WINDOWS\system32\msiexec.exe | success or wait | 586951530 |
Thread delayed | Time: 0 TID: 1652 | success or wait | 587748152 |
Thread delayed | Time: 0 TID: 1652 | success or wait | 588870247 |
Thread delayed | Time: 0 TID: 1652 | success or wait | 589988986 |
Thread delayed | Time: 0 TID: 1652 | success or wait | 591108202 |
Thread delayed | Time: 0 TID: 1652 | success or wait | 592226274 |
Thread delayed | Time: 0 TID: 1652 | success or wait | 593344816 |
Thread delayed | Time: 0 TID: 1652 | success or wait | 594649107 |
Thread delayed | Time: 0 TID: 1652 | success or wait | 596043199 |
Thread delayed | Time: 0 TID: 1652 | success or wait | 597144370 |
Thread delayed | Time: 0 TID: 1652 | success or wait | 598275170 |
Thread delayed | Time: 0 TID: 1652 | success or wait | 599578824 |
Thread delayed | Time: 0 TID: 1652 | success or wait | 600673259 |
Thread delayed | Time: 0 TID: 1652 | success or wait | 601794622 |
Thread delayed | Time: 0 TID: 1652 | success or wait | 602915268 |
Thread delayed | Time: 0 TID: 1652 | success or wait | 604211397 |
Thread delayed | Time: 0 TID: 1652 | success or wait | 605418519 |
Thread delayed | Time: 0 TID: 1652 | success or wait | 606489033 |
Thread delayed | Time: 0 TID: 1652 | success or wait | 607606925 |
Thread delayed | Time: 0 TID: 1652 | success or wait | 608745727 |
Thread delayed | Time: 0 TID: 1652 | success or wait | 609843453 |
Thread delayed | Time: 0 TID: 1652 | success or wait | 610959737 |
Thread delayed | Time: 0 TID: 1652 | success or wait | 612081211 |
Thread delayed | Time: 0 TID: 1652 | success or wait | 613200836 |
Thread delayed | Time: 0 TID: 1652 | success or wait | 614321702 |
Thread delayed | Time: 0 TID: 1652 | success or wait | 615437784 |
Thread delayed | Time: 0 TID: 1652 | success or wait | 616556143 |
Thread delayed | Time: 0 TID: 1652 | success or wait | 617677760 |
Thread delayed | Time: 0 TID: 1652 | success or wait | 618793522 |
Thread delayed | Time: 0 TID: 1652 | success or wait | 619920111 |
Thread delayed | Time: 0 TID: 1652 | success or wait | 621030531 |
Thread delayed | Time: 0 TID: 1652 | success or wait | 622149810 |
Thread delayed | Time: 0 TID: 1652 | success or wait | 623267770 |
Thread delayed | Time: 0 TID: 1652 | success or wait | 624389063 |
Thread delayed | Time: 0 TID: 1652 | success or wait | 625505074 |
Thread delayed | Time: 0 TID: 1652 | success or wait | 626626824 |
Thread delayed | Time: 0 TID: 1652 | success or wait | 627742448 |
Thread delayed | Time: 0 TID: 1652 | success or wait | 628865166 |
Thread delayed | Time: 0 TID: 1652 | success or wait | 629980235 |
Thread delayed | Time: 0 TID: 1652 | success or wait | 631098487 |
Thread delayed | Time: 0 TID: 1652 | success or wait | 632216599 |
Thread delayed | Time: 0 TID: 1652 | success or wait | 633335352 |
Thread delayed | Time: 0 TID: 1652 | success or wait | 634463430 |
Thread delayed | Time: 0 TID: 1652 | success or wait | 635572563 |
Thread delayed | Time: 0 TID: 1652 | success or wait | 636691173 |
Thread delayed | Time: 0 TID: 1652 | success or wait | 637809647 |
Thread delayed | Time: 0 TID: 1652 | success or wait | 638930942 |
Thread delayed | Time: 0 TID: 1652 | success or wait | 640050242 |
Mutant created | Name: \BaseNamedObjects\ofjwkwufhdjfgki | object name exists | 705028921 |
File opened | Path: \pipe\globpluginspipe Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: none Content Overwritten: true | success or wait | 705038326 |
File read | Path: \globpluginspipe Offset: unknown Length: 4 Value: 41 0C 02 00 | success or wait | 705038942 |
File read | Path: \globpluginspipe Offset: unknown Length: 134209 Value: 67 6C 6F 62 70 6C 75 67 69 6E 73 00 04 00 00 00 72 73 74 5F 31 5F 31 00 00 0C 02 00 4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF 00 00 B8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 E8 00 00 00 0E 1F BA 0E 00 B4 09 CD | success or wait | 705068561 |
Mutant created | Name: \BaseNamedObjects\ofjwkwufhdjfgki | object name exists | 823302384 |
File opened | Path: \pipe\globpluginspipe Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: none Content Overwritten: true | pipe not available | 823482801 |
File opened | Path: \pipe\globpluginspipe Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: none Content Overwritten: true | pipe not available | 823508674 |
Sections | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
File Activities:
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Section Activities:
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Registry Activities:
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Mutant Activities:
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Process Activities:
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Thread Activities:
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Memory Activities:
|
Chronological sections | |||
Operation | Data | Completion | Time |
Section loaded | Path: \KnownDlls\kernel32.dll Access: write and read and execute Type: unknown Baseaddress: 7C800000 Size: 1007616 Protection: read write Mapped to pid: own pid | success or wait | 641018841 |
Process information queried | PID: 2472 Info Class: Cookie | success or wait | 641026297 |
Section loaded | Path: unknown Access: query and write and read and execute and extend size Type: reserve Baseaddress: 7C800000 Size: 1007616 Protection: read write Mapped to pid: own pid | success or wait | 641027220 |
Section loaded | Path: \NLS\NlsSectionUnicode Access: read Type: unknown Baseaddress: 270000 Size: 90112 Protection: readonly Mapped to pid: own pid | success or wait | 641032994 |
Section loaded | Path: \NLS\NlsSectionLocale Access: read Type: unknown Baseaddress: 290000 Size: 266240 Protection: readonly Mapped to pid: own pid | success or wait | 641038519 |
Section loaded | Path: \NLS\NlsSectionSortkey Access: query and read Type: unknown Baseaddress: 2E0000 Size: 266240 Protection: readonly Mapped to pid: own pid | success or wait | 641040279 |
Section loaded | Path: \NLS\NlsSectionSortTbls Access: read Type: unknown Baseaddress: 330000 Size: 24576 Protection: readonly Mapped to pid: own pid | success or wait | 641041260 |
Section loaded | Path: \NLS\NlsSectionSortkey00000409 Access: read Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 641044806 |
Section loaded | Path: \NLS\NlsSectionSortkey00000409 Access: read Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 641045264 |
Section loaded | Path: \KnownDlls\ADVAPI32.dll Access: write and read and execute Type: unknown Baseaddress: 77DD0000 Size: 634880 Protection: read write Mapped to pid: own pid | success or wait | 641046828 |
Section loaded | Path: \KnownDlls\RPCRT4.dll Access: write and read and execute Type: unknown Baseaddress: 77E70000 Size: 602112 Protection: read write Mapped to pid: own pid | success or wait | 641052061 |
Section loaded | Path: \KnownDlls\Secur32.dll Access: write and read and execute Type: unknown Baseaddress: 77FE0000 Size: 69632 Protection: read write Mapped to pid: own pid | success or wait | 641059222 |
Section loaded | Path: \KnownDlls\USER32.dll Access: write and read and execute Type: unknown Baseaddress: 7E410000 Size: 593920 Protection: read write Mapped to pid: own pid | success or wait | 641067684 |
Section loaded | Path: \KnownDlls\GDI32.dll Access: write and read and execute Type: unknown Baseaddress: 77F10000 Size: 299008 Protection: read write Mapped to pid: own pid | success or wait | 641069121 |
Section loaded | Path: \KnownDlls\msvcrt.dll Access: write and read and execute Type: unknown Baseaddress: 77C10000 Size: 360448 Protection: read write Mapped to pid: own pid | success or wait | 641081339 |
Section loaded | Path: \KnownDlls\SHLWAPI.dll Access: write and read and execute Type: unknown Baseaddress: 77F60000 Size: 483328 Protection: read write Mapped to pid: own pid | success or wait | 641088792 |
Section loaded | Path: \KnownDlls\SHELL32.dll Access: write and read and execute Type: unknown Baseaddress: 7C9C0000 Size: 8482816 Protection: read write Mapped to pid: own pid | success or wait | 641096175 |
Section loaded | Path: \KnownDlls\ole32.dll Access: write and read and execute Type: unknown Baseaddress: 774E0000 Size: 1302528 Protection: read write Mapped to pid: own pid | success or wait | 641106337 |
Section loaded | Path: \KnownDlls\iertutil.dll Access: write and read and execute Type: unknown Baseaddress: 3DFD0000 Size: 2002944 Protection: read write Mapped to pid: own pid | success or wait | 641115700 |
Section loaded | Path: \KnownDlls\urlmon.dll Access: write and read and execute Type: unknown Baseaddress: 78130000 Size: 1257472 Protection: read write Mapped to pid: own pid | success or wait | 641123722 |
Section loaded | Path: \KnownDlls\OLEAUT32.dll Access: write and read and execute Type: unknown Baseaddress: 77120000 Size: 569344 Protection: read write Mapped to pid: own pid | success or wait | 641128974 |
Section loaded | Path: \KnownDlls\ShimEng.dll Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 641142934 |
Section loaded | Path: C:\WINDOWS\system32\shimeng.dll Access: query and write and read and execute Type: image Baseaddress: 5CB70000 Size: 155648 Protection: read write Mapped to pid: own pid | success or wait | 641144574 |
Section loaded | Path: C:\WINDOWS\AppPatch\sysmain.sdb Access: read Type: commit Baseaddress: 4A0000 Size: 1208320 Protection: readonly Mapped to pid: own pid | success or wait | 641158688 |
Process information queried | PID: 2472 Info Class: Wow64Information | success or wait | 641170441 |
Process information queried | PID: 2472 Info Class: Wow64Information | success or wait | 641172444 |
Section loaded | Path: C:\WINDOWS\AppPatch\aclayers.dll Access: write and read and execute Type: commit Baseaddress: 350000 Size: 475136 Protection: execute Mapped to pid: own pid | success or wait | 641185321 |
Section loaded | Path: C:\WINDOWS\AppPatch\aclayers.dll Access: write and read and execute Type: commit Baseaddress: 350000 Size: 475136 Protection: execute Mapped to pid: own pid | success or wait | 641190510 |
Section loaded | Path: C:\WINDOWS\AppPatch\aclayers.dll Access: query and write and read and execute Type: image Baseaddress: 71590000 Size: 495616 Protection: read write Mapped to pid: own pid | success or wait | 641193000 |
Section loaded | Path: \KnownDlls\USERENV.dll Access: write and read and execute Type: unknown Baseaddress: 769C0000 Size: 737280 Protection: read write Mapped to pid: own pid | success or wait | 641204896 |
Section loaded | Path: \KnownDlls\WINSPOOL.DRV Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 641212644 |
Section loaded | Path: C:\WINDOWS\system32\winspool.drv Access: query and write and read and execute Type: image Baseaddress: 73000000 Size: 155648 Protection: read write Mapped to pid: own pid | success or wait | 641214310 |
Section loaded | Path: \NLS\NlsSectionCType Access: read Type: unknown Baseaddress: 360000 Size: 12288 Protection: readonly Mapped to pid: own pid | success or wait | 641243836 |
Process information queried | PID: 2472 Info Class: Cookie | success or wait | 641249363 |
Process information queried | PID: 2472 Info Class: Cookie | success or wait | 641249673 |
Process information queried | PID: 2472 Info Class: ImageInformation | success or wait | 641304633 |
Section loaded | Path: C:\WINDOWS\system32\imm32.dll Access: write and read and execute Type: commit Baseaddress: 3B0000 Size: 110592 Protection: execute Mapped to pid: own pid | success or wait | 641329638 |
Process information queried | PID: 2472 Info Class: DefaultHardErrorMode | success or wait | 641334743 |
Section loaded | Path: C:\WINDOWS\system32\imm32.dll Access: write and read and execute Type: commit Baseaddress: 3B0000 Size: 110592 Protection: execute Mapped to pid: own pid | success or wait | 641336185 |
Section loaded | Path: C:\WINDOWS\system32\imm32.dll Access: query and write and read and execute Type: image Baseaddress: 76390000 Size: 118784 Protection: read write Mapped to pid: own pid | success or wait | 641338786 |
Process information queried | PID: 2472 Info Class: DefaultHardErrorMode | success or wait | 641348599 |
Process information queried | PID: 2472 Info Class: Cookie | success or wait | 641360557 |
Process information queried | PID: 2472 Info Class: Cookie | success or wait | 641360814 |
Section loaded | Path: C:\WINDOWS\system32\shell32.dll Access: read Type: commit Baseaddress: 980000 Size: 8462336 Protection: readonly Mapped to pid: own pid | success or wait | 641366365 |
Process information queried | PID: 2472 Info Class: DefaultHardErrorMode | success or wait | 641425437 |
Section loaded | Path: C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll Access: write and read and execute Type: commit Baseaddress: 980000 Size: 1056768 Protection: execute Mapped to pid: own pid | success or wait | 641428440 |
Section loaded | Path: C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll Access: query and write and read and execute Type: image Baseaddress: 773D0000 Size: 1060864 Protection: read write Mapped to pid: own pid | success or wait | 641433024 |
Section loaded | Path: C:\WINDOWS\WindowsShell.Manifest Access: write and read and execute Type: commit Baseaddress: 3E0000 Size: 4096 Protection: execute Mapped to pid: own pid | success or wait | 641449256 |
Section loaded | Path: C:\WINDOWS\WindowsShell.Manifest Access: query and read Type: commit Baseaddress: 3E0000 Size: 4096 Protection: readonly Mapped to pid: own pid | success or wait | 641454212 |
Section loaded | Path: C:\WINDOWS\WindowsShell.Manifest Access: read Type: commit Baseaddress: 3E0000 Size: 4096 Protection: readonly Mapped to pid: own pid | success or wait | 641457260 |
Process information queried | PID: 2472 Info Class: DefaultHardErrorMode | success or wait | 641494271 |
Process information queried | PID: 2472 Info Class: DefaultHardErrorMode | success or wait | 641497798 |
Section loaded | Path: \KnownDlls\comctl32.dll Access: write and read and execute Type: unknown Baseaddress: 5D090000 Size: 630784 Protection: read write Mapped to pid: own pid | success or wait | 641498304 |
Section loaded | Path: C:\WINDOWS\system32\comctl32.dll Access: read Type: commit Baseaddress: 980000 Size: 618496 Protection: readonly Mapped to pid: own pid | success or wait | 641514206 |
Process information queried | PID: 2472 Info Class: SessionInformation | success or wait | 641527619 |
Process information queried | PID: 2472 Info Class: DefaultHardErrorMode | success or wait | 641530811 |
Process information queried | PID: 2472 Info Class: DefaultHardErrorMode | success or wait | 641531321 |
Process information queried | PID: 2472 Info Class: DefaultHardErrorMode | success or wait | 641532737 |
Process information queried | PID: 2472 Info Class: DefaultHardErrorMode | success or wait | 641586006 |
Process information queried | PID: 2472 Info Class: DefaultHardErrorMode | success or wait | 641588007 |
Section loaded | Path: \KnownDlls\CRYPT32.dll Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 641756124 |
Section loaded | Path: C:\WINDOWS\system32\crypt32.dll Access: query and write and read and execute Type: image Baseaddress: 77A80000 Size: 610304 Protection: read write Mapped to pid: own pid | success or wait | 641758015 |
Section loaded | Path: \KnownDlls\MSASN1.dll Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 641767438 |
Section loaded | Path: C:\WINDOWS\system32\msasn1.dll Access: query and write and read and execute Type: image Baseaddress: 77B20000 Size: 73728 Protection: read write Mapped to pid: own pid | success or wait | 641769370 |
Process information queried | PID: 2472 Info Class: DefaultHardErrorMode | success or wait | 641786053 |
Process information queried | PID: 2472 Info Class: DefaultHardErrorMode | success or wait | 641786417 |
Process information queried | PID: 2472 Info Class: DefaultHardErrorMode | success or wait | 641787697 |
Process information queried | PID: 2472 Info Class: DefaultHardErrorMode | success or wait | 641788056 |
Process information queried | PID: 2472 Info Class: DefaultHardErrorMode | success or wait | 641789140 |
Process information queried | PID: 2472 Info Class: DefaultHardErrorMode | success or wait | 641789511 |
Section loaded | Path: \KnownDlls\WS2_32.dll Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 641791618 |
Section loaded | Path: C:\WINDOWS\system32\ws2_32.dll Access: query and write and read and execute Type: image Baseaddress: 71AB0000 Size: 94208 Protection: read write Mapped to pid: own pid | success or wait | 641793209 |
Section loaded | Path: \KnownDlls\WS2HELP.dll Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 641799617 |
Section loaded | Path: C:\WINDOWS\system32\ws2help.dll Access: query and write and read and execute Type: image Baseaddress: 71AA0000 Size: 32768 Protection: read write Mapped to pid: own pid | success or wait | 641801254 |
Section loaded | Path: \KnownDlls\WININET.dll Access: write and read and execute Type: unknown Baseaddress: 3D930000 Size: 942080 Protection: read write Mapped to pid: own pid | success or wait | 641812867 |
Section loaded | Path: \KnownDlls\Normaliz.dll Access: write and read and execute Type: unknown Baseaddress: 9A0000 Size: 36864 Protection: read write Mapped to pid: own pid | conflicting addresses | 641820510 |
Process information queried | PID: 2472 Info Class: DefaultHardErrorMode | success or wait | 641904472 |
Process information queried | PID: 2472 Info Class: DefaultHardErrorMode | success or wait | 641906677 |
Memory attributes changed | PID: 2472 Path: C:\Program Files\Internet Explorer\iexplore.exe Base: 7C90D76E Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 641919952 |
File opened | Path: C:\WINDOWS\system32\ntdll.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 641920916 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1114133 | success or wait | 641921764 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 4 Value: D0 00 00 00 | success or wait | 641922014 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1cfa3d2 | success or wait | 641924002 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 20 Value: 4C 01 04 00 7D F2 00 4D 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 641924249 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 D0 07 00 00 3C 03 00 00 00 00 00 F8 20 01 00 00 10 00 00 00 90 07 00 00 00 90 7C 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 0A 00 00 00 00 00 00 20 0B 00 00 04 00 00 30 FD 0A 00 03 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 34 00 00 | success or wait | 641924545 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@10c6c6b | success or wait | 641925125 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 DA CE 07 00 00 10 00 00 00 D0 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 20 4A 00 00 00 E0 07 00 00 32 00 00 00 D4 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 78 BE 02 00 00 30 08 00 00 C0 02 00 | success or wait | 641925370 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@a1ee92 | success or wait | 641926113 |
Section loaded | Path: C:\WINDOWS\system32\ntdll.dll Access: query and read Type: commit Baseaddress: 9C0000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 641926439 |
Memory attributes changed | PID: 2472 Path: C:\Program Files\Internet Explorer\iexplore.exe Base: 7C90D76E Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 641932107 |
Memory attributes changed | PID: 2472 Path: C:\Program Files\Internet Explorer\iexplore.exe Base: BAFCD70 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 641932397 |
Memory attributes changed | PID: 2472 Path: C:\Program Files\Internet Explorer\iexplore.exe Base: 7C90DF1E Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 641932690 |
File opened | Path: C:\WINDOWS\system32\ntdll.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 641933635 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1114133 | success or wait | 641934462 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 4 Value: D0 00 00 00 | success or wait | 641934709 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1cfa3d2 | success or wait | 641935078 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 20 Value: 4C 01 04 00 7D F2 00 4D 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 641935320 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 D0 07 00 00 3C 03 00 00 00 00 00 F8 20 01 00 00 10 00 00 00 90 07 00 00 00 90 7C 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 0A 00 00 00 00 00 00 20 0B 00 00 04 00 00 30 FD 0A 00 03 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 34 00 00 | success or wait | 641935612 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@10c6c6b | success or wait | 641936192 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 DA CE 07 00 00 10 00 00 00 D0 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 20 4A 00 00 00 E0 07 00 00 32 00 00 00 D4 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 78 BE 02 00 00 30 08 00 00 C0 02 00 | success or wait | 641936435 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@a1ee92 | success or wait | 641936941 |
Section loaded | Path: C:\WINDOWS\system32\ntdll.dll Access: query and read Type: commit Baseaddress: 9C0000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 641937261 |
Memory attributes changed | PID: 2472 Path: C:\Program Files\Internet Explorer\iexplore.exe Base: 7C90DF1E Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 641940311 |
Memory attributes changed | PID: 2472 Path: C:\Program Files\Internet Explorer\iexplore.exe Base: BB17110 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 641940597 |
Memory attributes changed | PID: 2472 Path: C:\Program Files\Internet Explorer\iexplore.exe Base: 7C90D2EE Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 641940889 |
File opened | Path: C:\WINDOWS\system32\ntdll.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 641941714 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1114133 | success or wait | 641942932 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 4 Value: D0 00 00 00 | success or wait | 641943178 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1cfa3d2 | success or wait | 641943548 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 20 Value: 4C 01 04 00 7D F2 00 4D 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 641943792 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 D0 07 00 00 3C 03 00 00 00 00 00 F8 20 01 00 00 10 00 00 00 90 07 00 00 00 90 7C 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 0A 00 00 00 00 00 00 20 0B 00 00 04 00 00 30 FD 0A 00 03 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 34 00 00 | success or wait | 641944084 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@10c6c6b | success or wait | 641944662 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 DA CE 07 00 00 10 00 00 00 D0 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 20 4A 00 00 00 E0 07 00 00 32 00 00 00 D4 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 78 BE 02 00 00 30 08 00 00 C0 02 00 | success or wait | 641944905 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@a1ee92 | success or wait | 641945409 |
Section loaded | Path: C:\WINDOWS\system32\ntdll.dll Access: query and read Type: commit Baseaddress: 9C0000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 641945731 |
Memory attributes changed | PID: 2472 Path: C:\Program Files\Internet Explorer\iexplore.exe Base: 7C90D2EE Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 641948388 |
Memory attributes changed | PID: 2472 Path: C:\Program Files\Internet Explorer\iexplore.exe Base: BB02A80 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 641948674 |
Memory attributes changed | PID: 2472 Path: C:\Program Files\Internet Explorer\iexplore.exe Base: 7C90DB3E Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 641948967 |
File opened | Path: C:\WINDOWS\system32\ntdll.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 641949907 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1114133 | success or wait | 641950714 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 4 Value: D0 00 00 00 | success or wait | 641950961 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1cfa3d2 | success or wait | 641951330 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 20 Value: 4C 01 04 00 7D F2 00 4D 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 641951572 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 D0 07 00 00 3C 03 00 00 00 00 00 F8 20 01 00 00 10 00 00 00 90 07 00 00 00 90 7C 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 0A 00 00 00 00 00 00 20 0B 00 00 04 00 00 30 FD 0A 00 03 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 34 00 00 | success or wait | 641951864 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@10c6c6b | success or wait | 641952442 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 DA CE 07 00 00 10 00 00 00 D0 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 20 4A 00 00 00 E0 07 00 00 32 00 00 00 D4 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 78 BE 02 00 00 30 08 00 00 C0 02 00 | success or wait | 641952685 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@a1ee92 | success or wait | 641953223 |
Section loaded | Path: C:\WINDOWS\system32\ntdll.dll Access: query and read Type: commit Baseaddress: 9C0000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 641953549 |
Memory attributes changed | PID: 2472 Path: C:\Program Files\Internet Explorer\iexplore.exe Base: 7C90DB3E Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 641956206 |
Memory attributes changed | PID: 2472 Path: C:\Program Files\Internet Explorer\iexplore.exe Base: BB169A8 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 641956493 |
Memory attributes changed | PID: 2472 Path: C:\Program Files\Internet Explorer\iexplore.exe Base: 7C91632D Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 641956997 |
File opened | Path: C:\WINDOWS\system32\ntdll.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 641957938 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1114133 | success or wait | 641958743 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 4 Value: D0 00 00 00 | success or wait | 641958989 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1cfa3d2 | success or wait | 641959358 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 20 Value: 4C 01 04 00 7D F2 00 4D 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 641959601 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 D0 07 00 00 3C 03 00 00 00 00 00 F8 20 01 00 00 10 00 00 00 90 07 00 00 00 90 7C 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 0A 00 00 00 00 00 00 20 0B 00 00 04 00 00 30 FD 0A 00 03 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 34 00 00 | success or wait | 641959892 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@10c6c6b | success or wait | 641960470 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 DA CE 07 00 00 10 00 00 00 D0 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 20 4A 00 00 00 E0 07 00 00 32 00 00 00 D4 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 78 BE 02 00 00 30 08 00 00 C0 02 00 | success or wait | 641960712 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@a1ee92 | success or wait | 641961216 |
Section loaded | Path: C:\WINDOWS\system32\ntdll.dll Access: query and read Type: commit Baseaddress: 9C0000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 641961538 |
Memory attributes changed | PID: 2472 Path: C:\Program Files\Internet Explorer\iexplore.exe Base: 7C91632D Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 641965655 |
Memory attributes changed | PID: 2472 Path: C:\Program Files\Internet Explorer\iexplore.exe Base: BB031F0 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 641965941 |
Memory attributes changed | PID: 2472 Path: C:\Program Files\Internet Explorer\iexplore.exe Base: 7E418BF6 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 641966655 |
File opened | Path: C:\WINDOWS\system32\USER32.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 641967656 |
File other op | Path: C:\WINDOWS\system32\user32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@135bdd3 | success or wait | 641968493 |
File read | Path: C:\WINDOWS\system32\user32.dll Offset: unknown Length: 4 Value: D8 00 00 00 | success or wait | 641968756 |
File other op | Path: C:\WINDOWS\system32\user32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@141717f | success or wait | 641970595 |
File read | Path: C:\WINDOWS\system32\user32.dll Offset: unknown Length: 20 Value: 4C 01 04 00 1B A1 02 48 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 641970859 |
File read | Path: C:\WINDOWS\system32\user32.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 F4 05 00 00 E2 02 00 00 00 00 00 17 B2 00 00 00 10 00 00 00 B0 05 00 00 00 41 7E 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 00 00 00 00 00 00 00 10 09 00 00 04 00 00 76 FC 08 00 02 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 39 00 00 | success or wait | 641971170 |
File other op | Path: C:\WINDOWS\system32\user32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@182600f | success or wait | 641971767 |
File read | Path: C:\WINDOWS\system32\user32.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 83 F2 05 00 00 10 00 00 00 F4 05 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 80 11 00 00 00 10 06 00 00 0C 00 00 00 F8 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 88 A0 02 00 00 30 06 00 00 A2 02 00 | success or wait | 641972026 |
File other op | Path: C:\WINDOWS\system32\user32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@708aff | success or wait | 641972546 |
Section loaded | Path: C:\WINDOWS\system32\user32.dll Access: query and read Type: commit Baseaddress: 9C0000 Size: 57344 Protection: readonly Mapped to pid: own pid | success or wait | 641972885 |
Memory attributes changed | PID: 2472 Path: C:\Program Files\Internet Explorer\iexplore.exe Base: 7E418BF6 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 641979104 |
Memory attributes changed | PID: 2472 Path: C:\Program Files\Internet Explorer\iexplore.exe Base: BB02140 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 641979406 |
File opened | Path: C:\skhfushjflw\config.bin Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: normal Content Overwritten: true | success or wait | 641980120 |
File read | Path: C:\skhfushjflw\config.bin Offset: unknown Length: 74019 Value: 50 5F A6 6E 46 82 4F 8B 57 93 A9 9E 12 94 50 94 50 94 50 94 50 94 65 A2 66 A2 68 AC 79 BD E4 97 C1 E3 88 2B 9D C5 E2 92 23 B3 04 C0 03 7C B1 2A B3 BE CE AD 37 FD 39 FD 3B 6B 1F 81 21 06 02 04 95 44 7B 58 4F 33 E4 CF A8 3F D4 7E 21 05 7D B3 67 3E 96 B1 22 34 C2 F2 16 A5 36 26 B2 39 84 48 E5 22 EE 43 | success or wait | 641982253 |
Memory attributes changed | PID: 2472 Path: C:\Program Files\Internet Explorer\iexplore.exe Base: 3D949088 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 642090992 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 642091977 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@b58e73 | success or wait | 642092844 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 642093103 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@19b3d1b | success or wait | 642094948 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 642095205 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 642095509 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@c8c3b8 | success or wait | 642096100 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 642096353 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@a98e77 | success or wait | 642096869 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: 9C0000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 642097201 |
Memory attributes changed | PID: 2472 Path: C:\Program Files\Internet Explorer\iexplore.exe Base: 3D949088 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 642103141 |
Memory attributes changed | PID: 2472 Path: C:\Program Files\Internet Explorer\iexplore.exe Base: BB17598 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 642103428 |
Memory attributes changed | PID: 2472 Path: C:\Program Files\Internet Explorer\iexplore.exe Base: 3D95EE89 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 642103787 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 642104759 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@b58e73 | success or wait | 642105601 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 642105858 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@19b3d1b | success or wait | 642106236 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 642106490 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 642106792 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@c8c3b8 | success or wait | 642107382 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 642107635 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@a98e77 | success or wait | 642108148 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: 9C0000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 642108479 |
Memory attributes changed | PID: 2472 Path: C:\Program Files\Internet Explorer\iexplore.exe Base: 3D95EE89 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 642112788 |
Memory attributes changed | PID: 2472 Path: C:\Program Files\Internet Explorer\iexplore.exe Base: BB16B68 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 642112892 |
Memory attributes changed | PID: 2472 Path: C:\Program Files\Internet Explorer\iexplore.exe Base: 3D94FABE Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 642113024 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 642113377 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@b58e73 | success or wait | 642113688 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 642113915 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@19b3d1b | success or wait | 642114290 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 642114545 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 642114845 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@c8c3b8 | success or wait | 642115433 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 642115687 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@a98e77 | success or wait | 642116487 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: 9C0000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 642116815 |
Memory attributes changed | PID: 2472 Path: C:\Program Files\Internet Explorer\iexplore.exe Base: 3D94FABE Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 642120112 |
Memory attributes changed | PID: 2472 Path: C:\Program Files\Internet Explorer\iexplore.exe Base: BAFC6D0 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 642120399 |
Memory attributes changed | PID: 2472 Path: C:\Program Files\Internet Explorer\iexplore.exe Base: 3D9A608E Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 642120977 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 642121935 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@b58e73 | success or wait | 642122763 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 642123022 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@19b3d1b | success or wait | 642123398 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 642123654 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 642123956 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@c8c3b8 | success or wait | 642124546 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 642124800 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@a98e77 | success or wait | 642125315 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: 9C0000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 642125646 |
Memory attributes changed | PID: 2472 Path: C:\Program Files\Internet Explorer\iexplore.exe Base: 3D9A608E Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 642130226 |
Memory attributes changed | PID: 2472 Path: C:\Program Files\Internet Explorer\iexplore.exe Base: BB05EA0 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 642130512 |
File opened | Path: C:\skhfushjflw\config.bin Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: normal Content Overwritten: true | success or wait | 642131263 |
File read | Path: C:\skhfushjflw\config.bin Offset: unknown Length: 74019 Value: 50 5F A6 6E 46 82 4F 8B 57 93 A9 9E 12 94 50 94 50 94 50 94 50 94 65 A2 66 A2 68 AC 79 BD E4 97 C1 E3 88 2B 9D C5 E2 92 23 B3 04 C0 03 7C B1 2A B3 BE CE AD 37 FD 39 FD 3B 6B 1F 81 21 06 02 04 95 44 7B 58 4F 33 E4 CF A8 3F D4 7E 21 05 7D B3 67 3E 96 B1 22 34 C2 F2 16 A5 36 26 B2 39 84 48 E5 22 EE 43 | success or wait | 642133188 |
Memory attributes changed | PID: 2472 Path: C:\Program Files\Internet Explorer\iexplore.exe Base: 3D94D508 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 642255053 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 642256038 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@b58e73 | success or wait | 642256877 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 642257135 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@19b3d1b | success or wait | 642257513 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 642257766 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 642258071 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@c8c3b8 | success or wait | 642258658 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 642258912 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@a98e77 | success or wait | 642259424 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: 9C0000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 642259754 |
Memory attributes changed | PID: 2472 Path: C:\Program Files\Internet Explorer\iexplore.exe Base: 3D94D508 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 642263403 |
Memory attributes changed | PID: 2472 Path: C:\Program Files\Internet Explorer\iexplore.exe Base: BB06620 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 642263691 |
Memory attributes changed | PID: 2472 Path: C:\Program Files\Internet Explorer\iexplore.exe Base: 3D94CF4E Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 642264047 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 642265135 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@b58e73 | success or wait | 642265967 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 642266224 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@19b3d1b | success or wait | 642266602 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 642266855 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 642267157 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@c8c3b8 | success or wait | 642267744 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 642267997 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@a98e77 | success or wait | 642268514 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: 9C0000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 642268845 |
Memory attributes changed | PID: 2472 Path: C:\Program Files\Internet Explorer\iexplore.exe Base: 3D94CF4E Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 642272014 |
Memory attributes changed | PID: 2472 Path: C:\Program Files\Internet Explorer\iexplore.exe Base: BB17758 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 642272310 |
Memory attributes changed | PID: 2472 Path: C:\Program Files\Internet Explorer\iexplore.exe Base: 3D94878D Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 642272662 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 642273641 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@b58e73 | success or wait | 642274463 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 642274720 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@19b3d1b | success or wait | 642275097 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 642275351 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 642275654 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@c8c3b8 | success or wait | 642276243 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 642276498 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@a98e77 | success or wait | 642277012 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: 9C0000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 642277296 |
Memory attributes changed | PID: 2472 Path: C:\Program Files\Internet Explorer\iexplore.exe Base: 3D94878D Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 642289305 |
Memory attributes changed | PID: 2472 Path: C:\Program Files\Internet Explorer\iexplore.exe Base: BB033B0 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 642289601 |
Memory attributes changed | PID: 2472 Path: C:\Program Files\Internet Explorer\iexplore.exe Base: 3D940049 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 642289955 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 642290927 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@b58e73 | success or wait | 642291755 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 642292011 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@19b3d1b | success or wait | 642292388 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 642292641 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 642292943 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@c8c3b8 | success or wait | 642293530 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 642293785 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@a98e77 | success or wait | 642294299 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: 9C0000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 642294630 |
Memory attributes changed | PID: 2472 Path: C:\Program Files\Internet Explorer\iexplore.exe Base: 3D940049 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 642299720 |
Memory attributes changed | PID: 2472 Path: C:\Program Files\Internet Explorer\iexplore.exe Base: BB17AA8 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 642300088 |
Memory attributes changed | PID: 2472 Path: C:\Program Files\Internet Explorer\iexplore.exe Base: 3D94BF83 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 642300444 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 642301430 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@b58e73 | success or wait | 642302261 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 642302519 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@19b3d1b | success or wait | 642302897 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 642303150 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 642303454 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@c8c3b8 | success or wait | 642304043 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 642304298 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@a98e77 | success or wait | 642304813 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: 9C0000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 642305144 |
Memory attributes changed | PID: 2472 Path: C:\Program Files\Internet Explorer\iexplore.exe Base: 3D94BF83 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 642308325 |
Memory attributes changed | PID: 2472 Path: C:\Program Files\Internet Explorer\iexplore.exe Base: BB02C30 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 642308623 |
Memory attributes changed | PID: 2472 Path: C:\Program Files\Internet Explorer\iexplore.exe Base: 3D94654B Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 642308978 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 642309951 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@b58e73 | success or wait | 642310775 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 642311032 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@19b3d1b | success or wait | 642311411 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 642311666 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 642311969 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@c8c3b8 | success or wait | 642312559 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 642312813 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@a98e77 | success or wait | 642313329 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: 9C0000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 642313661 |
Memory attributes changed | PID: 2472 Path: C:\Program Files\Internet Explorer\iexplore.exe Base: 3D94654B Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 642316833 |
Memory attributes changed | PID: 2472 Path: C:\Program Files\Internet Explorer\iexplore.exe Base: BB035C0 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 642317120 |
Memory attributes changed | PID: 2472 Path: C:\Program Files\Internet Explorer\iexplore.exe Base: 3D963381 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 642317474 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 642318666 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@b58e73 | success or wait | 642319489 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 642319747 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@19b3d1b | success or wait | 642320125 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 642320379 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 642320682 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@c8c3b8 | success or wait | 642321272 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 642321526 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@a98e77 | success or wait | 642322041 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: 9C0000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 642322373 |
Memory attributes changed | PID: 2472 Path: C:\Program Files\Internet Explorer\iexplore.exe Base: 3D963381 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 642325760 |
Memory attributes changed | PID: 2472 Path: C:\Program Files\Internet Explorer\iexplore.exe Base: BAFCB48 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 642326048 |
Memory attributes changed | PID: 2472 Path: C:\Program Files\Internet Explorer\iexplore.exe Base: 71AB4C27 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 642326565 |
File opened | Path: C:\WINDOWS\system32\WS2_32.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 642327611 |
File other op | Path: C:\WINDOWS\system32\ws2_32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1c83d89 | success or wait | 642328437 |
File read | Path: C:\WINDOWS\system32\ws2_32.dll Offset: unknown Length: 4 Value: F0 00 00 00 | success or wait | 642328693 |
File other op | Path: C:\WINDOWS\system32\ws2_32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@14005e1 | success or wait | 642330539 |
File read | Path: C:\WINDOWS\system32\ws2_32.dll Offset: unknown Length: 20 Value: 4C 01 04 00 63 A1 02 48 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 642330796 |
File read | Path: C:\WINDOWS\system32\ws2_32.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 22 01 00 00 1C 00 00 00 00 00 00 73 12 00 00 00 10 00 00 00 20 01 00 00 00 AB 71 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 0A 00 00 00 00 00 00 70 01 00 00 04 00 00 20 F0 01 00 03 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 04 14 00 00 | success or wait | 642331100 |
File other op | Path: C:\WINDOWS\system32\ws2_32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@41f871 | success or wait | 642331693 |
File read | Path: C:\WINDOWS\system32\ws2_32.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 53 21 01 00 00 10 00 00 00 22 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 14 09 00 00 00 40 01 00 00 0A 00 00 00 26 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 F8 03 00 00 00 50 01 00 00 04 00 00 | success or wait | 642331947 |
File other op | Path: C:\WINDOWS\system32\ws2_32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@11df416 | success or wait | 642332662 |
Section loaded | Path: C:\WINDOWS\system32\ws2_32.dll Access: query and read Type: commit Baseaddress: 9C0000 Size: 20480 Protection: readonly Mapped to pid: own pid | success or wait | 642332991 |
Memory attributes changed | PID: 2472 Path: C:\Program Files\Internet Explorer\iexplore.exe Base: 71AB4C27 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 642342092 |
File opened | Path: C:\WINDOWS\system32\ADVAPI32.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 642344128 |
File other op | Path: C:\WINDOWS\system32\advapi32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@183d60d | success or wait | 642345679 |
File read | Path: C:\WINDOWS\system32\advapi32.dll Offset: unknown Length: 4 Value: F0 00 00 00 | success or wait | 642345964 |
File other op | Path: C:\WINDOWS\system32\advapi32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@5a1e6b | success or wait | 642349929 |
File read | Path: C:\WINDOWS\system32\advapi32.dll Offset: unknown Length: 20 Value: 4C 01 04 00 48 1D 90 49 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 642350213 |
File read | Path: C:\WINDOWS\system32\advapi32.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 46 07 00 00 3E 02 00 00 00 00 00 0B 71 00 00 00 10 00 00 00 20 07 00 00 00 DD 77 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 00 00 00 00 00 00 00 B0 09 00 00 04 00 00 B8 5B 0A 00 03 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 A4 16 00 00 | success or wait | 642350547 |
File other op | Path: C:\WINDOWS\system32\advapi32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@83198c | success or wait | 642353543 |
File read | Path: C:\WINDOWS\system32\advapi32.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 C9 45 07 00 00 10 00 00 00 46 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 28 46 00 00 00 60 07 00 00 2C 00 00 00 4A 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 80 A9 01 00 00 B0 07 00 00 AA 01 00 | success or wait | 642353829 |
File other op | Path: C:\WINDOWS\system32\advapi32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1025f9f | success or wait | 642354378 |
Section loaded | Path: C:\WINDOWS\system32\advapi32.dll Access: query and read Type: commit Baseaddress: 9C0000 Size: 28672 Protection: readonly Mapped to pid: own pid | success or wait | 642355259 |
File opened | Path: C:\WINDOWS\system32\CRYPT32.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 642370391 |
File other op | Path: C:\WINDOWS\system32\crypt32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@d3e83f | success or wait | 642371266 |
File read | Path: C:\WINDOWS\system32\crypt32.dll Offset: unknown Length: 4 Value: F0 00 00 00 | success or wait | 642371525 |
File other op | Path: C:\WINDOWS\system32\crypt32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@3492fc | success or wait | 642373426 |
File read | Path: C:\WINDOWS\system32\crypt32.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D7 A0 02 48 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 642373682 |
File read | Path: C:\WINDOWS\system32\crypt32.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 44 08 00 00 DC 00 00 00 00 00 00 32 16 00 00 00 10 00 00 00 20 08 00 00 00 A8 77 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 00 00 00 00 00 00 00 50 09 00 00 04 00 00 30 C5 09 00 02 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 9C 1A 00 00 | success or wait | 642373989 |
File other op | Path: C:\WINDOWS\system32\crypt32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@19e0994 | success or wait | 642374579 |
File read | Path: C:\WINDOWS\system32\crypt32.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 C4 43 08 00 00 10 00 00 00 44 08 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 E8 23 00 00 00 60 08 00 00 24 00 00 00 48 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 50 67 00 00 00 90 08 00 00 68 00 00 | success or wait | 642374832 |
File other op | Path: C:\WINDOWS\system32\crypt32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@86f847 | success or wait | 642375346 |
Section loaded | Path: C:\WINDOWS\system32\crypt32.dll Access: query and read Type: commit Baseaddress: 9C0000 Size: 77824 Protection: readonly Mapped to pid: own pid | success or wait | 642375678 |
Mutant created | Name: \BaseNamedObjects\WTFGQ7AIWawyMYWWRAk3SWXkgj39MdG | access denied | 642382659 |
Thread created | PID: 2472 TID: 2548 EIP: 7C8106F9 Imagepath: C:\Program Files\Internet Explorer\iexplore.exe | success or wait | 642384161 |
Thread resumed | TID: 2548 PID: 2472 Path: C:\Program Files\Internet Explorer\iexplore.exe | success or wait | 642385085 |
File opened | Path: \pipe\globpluginspipe Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: none Content Overwritten: true | success or wait | 642386363 |
File read | Path: \globpluginspipe Offset: unknown Length: 4 Value: 41 0C 02 00 | success or wait | 642387572 |
Thread created | PID: 2472 TID: 2552 EIP: 7C8106F9 Imagepath: C:\Program Files\Internet Explorer\iexplore.exe | success or wait | 642388485 |
Thread resumed | TID: 2552 PID: 2472 Path: C:\Program Files\Internet Explorer\iexplore.exe | success or wait | 642389155 |
Thread delayed | Time: 0 TID: 2552 | success or wait | 642390398 |
Process information queried | PID: 2472 Info Class: Cookie | success or wait | 642394434 |
Process information queried | PID: 2472 Info Class: Cookie | success or wait | 642396012 |
File read | Path: \globpluginspipe Offset: unknown Length: 134209 Value: 67 6C 6F 62 70 6C 75 67 69 6E 73 00 04 00 00 00 72 73 74 5F 31 5F 31 00 00 0C 02 00 4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF 00 00 B8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 E8 00 00 00 0E 1F BA 0E 00 B4 09 CD | success or wait | 642582701 |
Thread delayed | Time: 0 TID: 2552 | success or wait | 644188675 |
Memory allocated | PID: 2472 Path: C:\Program Files\Internet Explorer\iexplore.exe Base: 9C0000 Length: D2FF2C Allocation Type: unknown Protection: page execute and read and write | success or wait | 644193374 |
Memory allocated | PID: 2472 Path: C:\Program Files\Internet Explorer\iexplore.exe Base: A00000 Length: D2FE78 Allocation Type: unknown Protection: page read and write | success or wait | 644194517 |
Memory allocated | PID: 2472 Path: C:\Program Files\Internet Explorer\iexplore.exe Base: A00000 Length: D2FE7C Allocation Type: unknown Protection: page read and write | success or wait | 644194621 |
Memory allocated | PID: 2472 Path: C:\Program Files\Internet Explorer\iexplore.exe Base: A01000 Length: D2FB58 Allocation Type: unknown Protection: page read and write | success or wait | 644196032 |
Process information queried | PID: 2472 Info Class: Cookie | success or wait | 644198014 |
Process information queried | PID: 2472 Info Class: Cookie | success or wait | 644198123 |
Process information queried | PID: 2472 Info Class: Cookie | success or wait | 644198473 |
Process information queried | PID: 2472 Info Class: Cookie | success or wait | 644199918 |
Process information queried | PID: 2472 Info Class: Cookie | success or wait | 644200020 |
Process information queried | PID: 2472 Info Class: Cookie | success or wait | 644200115 |
Process information queried | PID: 2472 Info Class: Cookie | success or wait | 644200209 |
Process information queried | PID: 2472 Info Class: Cookie | success or wait | 644200312 |
Process information queried | PID: 2472 Info Class: Cookie | success or wait | 644200689 |
Process information queried | PID: 2472 Info Class: Cookie | success or wait | 644204080 |
Process information queried | PID: 2472 Info Class: Cookie | success or wait | 644204412 |
Process information queried | PID: 2472 Info Class: Cookie | success or wait | 644204855 |
Process information queried | PID: 2472 Info Class: Cookie | success or wait | 644204947 |
Process information queried | PID: 2472 Info Class: Cookie | success or wait | 644205037 |
Process information queried | PID: 2472 Info Class: Cookie | success or wait | 644205127 |
Process information queried | PID: 2472 Info Class: Cookie | success or wait | 644205217 |
Process information queried | PID: 2472 Info Class: Cookie | success or wait | 644205722 |
Process information queried | PID: 2472 Info Class: Cookie | success or wait | 644207186 |
Process information queried | PID: 2472 Info Class: Cookie | success or wait | 644207282 |
Process information queried | PID: 2472 Info Class: Cookie | success or wait | 644207835 |
Process information queried | PID: 2472 Info Class: Wow64Information | success or wait | 644210602 |
Process information queried | PID: 2472 Info Class: Cookie | success or wait | 644211330 |
Process information queried | PID: 2472 Info Class: Cookie | success or wait | 644211690 |
Process information queried | PID: 2472 Info Class: DefaultHardErrorMode | success or wait | 644212278 |
Process information queried | PID: 2472 Info Class: DefaultHardErrorMode | success or wait | 644212608 |
Process information queried | PID: 2472 Info Class: DefaultHardErrorMode | success or wait | 644212928 |
Process information queried | PID: 2472 Info Class: Cookie | success or wait | 644214201 |
Process information queried | PID: 2472 Info Class: Cookie | success or wait | 644214315 |
Process information queried | PID: 2472 Info Class: Cookie | success or wait | 644214697 |
Process information queried | PID: 2472 Info Class: Cookie | success or wait | 644215946 |
Process information queried | PID: 2472 Info Class: Cookie | success or wait | 644216067 |
Process information queried | PID: 2472 Info Class: Cookie | success or wait | 644216453 |
Process information queried | PID: 2472 Info Class: Cookie | success or wait | 644216711 |
Process information queried | PID: 2472 Info Class: Cookie | success or wait | 644216814 |
Process information queried | PID: 2472 Info Class: Cookie | success or wait | 644216915 |
Process information queried | PID: 2472 Info Class: Cookie | success or wait | 644217238 |
Process information queried | PID: 2472 Info Class: Cookie | success or wait | 644218938 |
Process information queried | PID: 2472 Info Class: Cookie | success or wait | 644219045 |
Process information queried | PID: 2472 Info Class: Cookie | success or wait | 644219853 |
Process information queried | PID: 2472 Info Class: DefaultHardErrorMode | success or wait | 644220402 |
Section loaded | Path: \KnownDlls\IEFRAME.dll Access: write and read and execute Type: unknown Baseaddress: 3E1C0000 Size: 11096064 Protection: read write Mapped to pid: own pid | success or wait | 644220762 |
Process information queried | PID: 2472 Info Class: Cookie | success or wait | 644221720 |
Process information queried | PID: 2472 Info Class: Cookie | success or wait | 644221824 |
Process information queried | PID: 2472 Info Class: Cookie | success or wait | 644221925 |
Process information queried | PID: 2472 Info Class: Cookie | success or wait | 644222025 |
Process information queried | PID: 2472 Info Class: Cookie | success or wait | 644222125 |
Process information queried | PID: 2472 Info Class: Cookie | success or wait | 644223041 |
Process information queried | PID: 2472 Info Class: Cookie | success or wait | 644223148 |
Process information queried | PID: 2472 Info Class: Cookie | success or wait | 644223249 |
Process information queried | PID: 2472 Info Class: DefaultHardErrorMode | success or wait | 644245345 |
Process information queried | PID: 2472 Info Class: DefaultHardErrorMode | success or wait | 644245680 |
Process information queried | PID: 2472 Info Class: DefaultHardErrorMode | success or wait | 644246006 |
Process information queried | PID: 2472 Info Class: DefaultHardErrorMode | success or wait | 644246328 |
Process information queried | PID: 2472 Info Class: DefaultHardErrorMode | success or wait | 644246792 |
Process information queried | PID: 2472 Info Class: DefaultHardErrorMode | success or wait | 644247960 |
Process information queried | PID: 2472 Info Class: DefaultHardErrorMode | success or wait | 644248289 |
Process information queried | PID: 2472 Info Class: DefaultHardErrorMode | success or wait | 644248612 |
Process information queried | PID: 2472 Info Class: DefaultHardErrorMode | success or wait | 644248933 |
Process information queried | PID: 2472 Info Class: DefaultHardErrorMode | success or wait | 644249254 |
Process information queried | PID: 2472 Info Class: DefaultHardErrorMode | success or wait | 644249580 |
Process information queried | PID: 2472 Info Class: DefaultHardErrorMode | success or wait | 644250502 |
Process information queried | PID: 2472 Info Class: DefaultHardErrorMode | success or wait | 644297891 |
Process information queried | PID: 2472 Info Class: DefaultHardErrorMode | success or wait | 644299035 |
Process information queried | PID: 2472 Info Class: DefaultHardErrorMode | success or wait | 644299573 |
Process information queried | PID: 2472 Info Class: DefaultHardErrorMode | success or wait | 644300116 |
Section loaded | Path: C:\WINDOWS\system32\en-us\ieframe.dll.mui Access: query and read Type: commit Baseaddress: E30000 Size: 1241088 Protection: write copy Mapped to pid: own pid | success or wait | 644303303 |
Process information queried | PID: 2472 Info Class: DefaultHardErrorMode | success or wait | 644318065 |
Process information queried | PID: 2472 Info Class: DefaultHardErrorMode | success or wait | 644323217 |
Process information queried | PID: 2472 Info Class: DefaultHardErrorMode | success or wait | 644323648 |
Process information queried | PID: 2472 Info Class: DefaultHardErrorMode | success or wait | 644338180 |
Process information queried | PID: 2472 Info Class: DefaultHardErrorMode | success or wait | 644338515 |
Process information queried | PID: 2472 Info Class: DefaultHardErrorMode | success or wait | 644346721 |
Process information queried | PID: 2472 Info Class: DefaultHardErrorMode | success or wait | 644347134 |
Section loaded | Path: \BaseNamedObjects\Local\C:_Documents and Settings_Administrator_Local Settings_Temporary Internet Files_Content.IE5_index.dat_32768 Access: write Type: unknown Baseaddress: F60000 Size: 32768 Protection: read write Mapped to pid: own pid | success or wait | 644388410 |
Section loaded | Path: \BaseNamedObjects\Local\C:_Documents and Settings_Administrator_Cookies_index.dat_16384 Access: write Type: unknown Baseaddress: 1070000 Size: 16384 Protection: read write Mapped to pid: own pid | success or wait | 644393848 |
Thread created | PID: 2472 TID: 2568 EIP: 7C8106F9 Imagepath: C:\Program Files\Internet Explorer\iexplore.exe | success or wait | 644395882 |
Thread resumed | TID: 2568 PID: 2472 Path: C:\Program Files\Internet Explorer\iexplore.exe | success or wait | 644396141 |
Thread created | PID: 2472 TID: 2572 EIP: 7C8106F9 Imagepath: C:\Program Files\Internet Explorer\iexplore.exe | success or wait | 644398818 |
Section loaded | Path: \BaseNamedObjects\Local\C:_Documents and Settings_Administrator_Local Settings_History_History.IE5_index.dat_32768 Access: write Type: unknown Baseaddress: 1180000 Size: 32768 Protection: read write Mapped to pid: own pid | success or wait | 644404580 |
Thread resumed | TID: 2572 PID: 2472 Path: C:\Program Files\Internet Explorer\iexplore.exe | success or wait | 644405110 |
Process information queried | PID: 2472 Info Class: DefaultHardErrorMode | success or wait | 644494521 |
Process information queried | PID: 2472 Info Class: DefaultHardErrorMode | success or wait | 644494897 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters Name: WinSock_Registry_Version | success or wait | 644495482 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9 Name: Serial_Access_Num | success or wait | 644496334 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9 Name: Serial_Access_Num | success or wait | 644496768 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9 Name: Next_Catalog_Entry_ID | success or wait | 644497177 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9 Name: Num_Catalog_Entries | success or wait | 644497597 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001 Name: PackedCatalogItem | buffer overflow | 644499357 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001 Name: PackedCatalogItem | buffer overflow | 644499781 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001 Name: PackedCatalogItem | success or wait | 644500176 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002 Name: PackedCatalogItem | buffer overflow | 644501258 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002 Name: PackedCatalogItem | buffer overflow | 644501658 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002 Name: PackedCatalogItem | success or wait | 644502050 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003 Name: PackedCatalogItem | buffer overflow | 644504507 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003 Name: PackedCatalogItem | buffer overflow | 644504913 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003 Name: PackedCatalogItem | success or wait | 644505306 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004 Name: PackedCatalogItem | buffer overflow | 644507629 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004 Name: PackedCatalogItem | buffer overflow | 644508052 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004 Name: PackedCatalogItem | success or wait | 644508445 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005 Name: PackedCatalogItem | buffer overflow | 644509536 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005 Name: PackedCatalogItem | buffer overflow | 644509933 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005 Name: PackedCatalogItem | success or wait | 644510325 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006 Name: PackedCatalogItem | buffer overflow | 644512619 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006 Name: PackedCatalogItem | buffer overflow | 644513027 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006 Name: PackedCatalogItem | success or wait | 644513421 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007 Name: PackedCatalogItem | buffer overflow | 644514512 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007 Name: PackedCatalogItem | buffer overflow | 644515671 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007 Name: PackedCatalogItem | success or wait | 644516073 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008 Name: PackedCatalogItem | buffer overflow | 644517191 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008 Name: PackedCatalogItem | buffer overflow | 644517606 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008 Name: PackedCatalogItem | success or wait | 644517999 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009 Name: PackedCatalogItem | buffer overflow | 644519105 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009 Name: PackedCatalogItem | buffer overflow | 644519504 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009 Name: PackedCatalogItem | success or wait | 644519897 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010 Name: PackedCatalogItem | buffer overflow | 644520961 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010 Name: PackedCatalogItem | buffer overflow | 644521360 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010 Name: PackedCatalogItem | success or wait | 644521751 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011 Name: PackedCatalogItem | buffer overflow | 644522814 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011 Name: PackedCatalogItem | buffer overflow | 644523212 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011 Name: PackedCatalogItem | success or wait | 644523603 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012 Name: PackedCatalogItem | buffer overflow | 644524668 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012 Name: PackedCatalogItem | buffer overflow | 644525063 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012 Name: PackedCatalogItem | success or wait | 644525455 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000013 Name: PackedCatalogItem | buffer overflow | 644526521 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000013 Name: PackedCatalogItem | buffer overflow | 644526920 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000013 Name: PackedCatalogItem | success or wait | 644527312 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5 Name: Serial_Access_Num | success or wait | 644528686 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5 Name: Serial_Access_Num | success or wait | 644529107 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5 Name: Num_Catalog_Entries | success or wait | 644529516 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001 Name: LibraryPath | success or wait | 644529980 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001 Name: DisplayString | success or wait | 644530770 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001 Name: DisplayString | success or wait | 644531555 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001 Name: ProviderId | success or wait | 644532340 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001 Name: AddressFamily | object name not found | 644532735 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001 Name: SupportedNameSpace | success or wait | 644533130 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001 Name: Enabled | success or wait | 644533522 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001 Name: Version | success or wait | 644533914 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001 Name: StoresServiceClassInfo | success or wait | 644534309 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002 Name: LibraryPath | success or wait | 644535056 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002 Name: DisplayString | success or wait | 644535844 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002 Name: DisplayString | success or wait | 644536657 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002 Name: ProviderId | success or wait | 644537442 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002 Name: AddressFamily | object name not found | 644537834 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002 Name: SupportedNameSpace | success or wait | 644538229 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002 Name: Enabled | success or wait | 644538621 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002 Name: Version | success or wait | 644539013 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002 Name: StoresServiceClassInfo | success or wait | 644539406 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003 Name: LibraryPath | success or wait | 644540156 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003 Name: DisplayString | success or wait | 644540945 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003 Name: DisplayString | success or wait | 644541728 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003 Name: ProviderId | success or wait | 644542510 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003 Name: AddressFamily | object name not found | 644542902 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003 Name: SupportedNameSpace | success or wait | 644543298 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003 Name: Enabled | success or wait | 644543691 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003 Name: Version | success or wait | 644544083 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003 Name: StoresServiceClassInfo | success or wait | 644544478 |
Process information queried | PID: 2472 Info Class: DefaultHardErrorMode | success or wait | 644561617 |
Process information queried | PID: 2472 Info Class: DefaultHardErrorMode | success or wait | 644561992 |
Process information queried | PID: 2472 Info Class: DefaultHardErrorMode | success or wait | 644566374 |
Section loaded | Path: \KnownDlls\VERSION.dll Access: write and read and execute Type: unknown Baseaddress: 77C00000 Size: 32768 Protection: read write Mapped to pid: own pid | success or wait | 644572022 |
Thread resumed | TID: 2580 PID: 2472 Path: C:\Program Files\Internet Explorer\iexplore.exe | success or wait | 644588908 |
Section loaded | Path: C:\WINDOWS\system32\mswsock.dll Access: write and read and execute Type: commit Baseaddress: 1190000 Size: 245760 Protection: execute Mapped to pid: own pid | success or wait | 644590945 |
Section loaded | Path: C:\WINDOWS\system32\mswsock.dll Access: query and write and read and execute Type: image Baseaddress: 71A50000 Size: 258048 Protection: read write Mapped to pid: own pid | success or wait | 644593615 |
Section loaded | Path: \KnownDlls\DNSAPI.dll Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 644609495 |
Process information queried | PID: 2472 Info Class: QuotaLimits | success or wait | 644611304 |
Process information queried | PID: 2472 Info Class: VmCounters | success or wait | 644611628 |
Section loaded | Path: C:\WINDOWS\system32\dnsapi.dll Access: query and write and read and execute Type: image Baseaddress: 76F20000 Size: 159744 Protection: read write Mapped to pid: own pid | success or wait | 644612116 |
Section loaded | Path: \BaseNamedObjects\Internet Explorer Immutable Application State (000009A8-0000-0000-0000-000000000000) Access: query and write and read Type: commit Baseaddress: 1190000 Size: 4096 Protection: read write Mapped to pid: own pid | success or wait | 644642832 |
Section loaded | Path: \KnownDlls\comdlg32.dll Access: write and read and execute Type: unknown Baseaddress: 763B0000 Size: 299008 Protection: read write Mapped to pid: own pid | success or wait | 644658970 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters Name: WinSock_Registry_Version | success or wait | 644685432 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters Name: AutodialDLL | object name not found | 644685906 |
Section loaded | Path: \KnownDlls\rasadhlp.dll Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 644687111 |
Section loaded | Path: C:\WINDOWS\system32\rasadhlp.dll Access: query and write and read and execute Type: image Baseaddress: 76FC0000 Size: 24576 Protection: read write Mapped to pid: own pid | success or wait | 644689630 |
Section loaded | Path: C:\WINDOWS\system32\rpcss.dll Access: write and read and execute Type: commit Baseaddress: 11A0000 Size: 401408 Protection: execute Mapped to pid: own pid | success or wait | 644706525 |
Section loaded | Path: C:\WINDOWS\system32\msctf.dll Access: write and read and execute Type: commit Baseaddress: 11A0000 Size: 299008 Protection: execute Mapped to pid: own pid | success or wait | 644744235 |
Section loaded | Path: C:\WINDOWS\system32\msctf.dll Access: query and write and read and execute Type: image Baseaddress: 74720000 Size: 311296 Protection: read write Mapped to pid: own pid | success or wait | 644746379 |
Process information queried | PID: 2472 Info Class: Wow64Information | success or wait | 644755555 |
Section loaded | Path: \BaseNamedObjects\CiceroSharedMemDefaultS-1-5-21-507921405-1960408961-839522115-500 Access: query and write and read Type: commit Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name exists | 644756553 |
Section loaded | Path: \BaseNamedObjects\CTF.TimListCache.FMPDefaultS-1-5-21-507921405-1960408961-839522115-500SFM.DefaultS-1-5-21-507921405-1960408961-839522115-500 Access: query and write and read and execute and extend size Type: unknown Baseaddress: 11B0000 Size: 262144 Protection: read write Mapped to pid: own pid | success or wait | 644763913 |
Section loaded | Path: C:\WINDOWS\system32\winlogon.exe Access: write and read and execute Type: commit Baseaddress: 11F0000 Size: 507904 Protection: execute Mapped to pid: own pid | success or wait | 644767736 |
Section loaded | Path: \KnownDlls\xpsp2res.dll Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 644771883 |
Section loaded | Path: C:\WINDOWS\system32\xpsp2res.dll Access: query and write and read and execute Type: image Baseaddress: 11F0000 Size: 2904064 Protection: read write Mapped to pid: own pid | conflicting addresses | 644772886 |
Section loaded | Path: C:\Program Files\Internet Explorer\sqmapi.dll Access: write and read and execute Type: commit Baseaddress: 14C0000 Size: 135168 Protection: execute Mapped to pid: own pid | success or wait | 644802768 |
Section loaded | Path: C:\Program Files\Internet Explorer\sqmapi.dll Access: query and write and read and execute Type: image Baseaddress: 6CD00000 Size: 147456 Protection: read write Mapped to pid: own pid | success or wait | 644805763 |
Process information queried | PID: 2472 Info Class: Wow64Information | success or wait | 645068640 |
Section loaded | Path: \BaseNamedObjects\windows_ie_global_counters Access: write and read Type: unknown Baseaddress: 14C0000 Size: 4096 Protection: read write Mapped to pid: own pid | success or wait | 645089072 |
Section loaded | Path: \BaseNamedObjects\ie_lcie_main_9a8_S-1-5-21-507921405-1960408961-839522115-500 Access: query and write and read Type: commit Baseaddress: 14D0000 Size: 450560 Protection: read write Mapped to pid: own pid | success or wait | 645095134 |
Section loaded | Path: \BaseNamedObjects\Isolation Process Registry (0BC6299D-4667-11E1-97AA-08002763FBB4) Access: query and write and read Type: commit Baseaddress: 1540000 Size: 8192 Protection: read write Mapped to pid: own pid | success or wait | 645098621 |
Section loaded | Path: \BaseNamedObjects\Isolation Signal Registry (0BC6299D-4667-11E1-97AA-08002763FBB4, 0) Access: query and write and read Type: commit Baseaddress: 1550000 Size: 8192 Protection: read write Mapped to pid: own pid | success or wait | 645099380 |
Process information queried | PID: 2472 Info Class: BasicInformation | success or wait | 645100123 |
Thread resumed | TID: 2676 PID: 2472 Path: C:\Program Files\Internet Explorer\iexplore.exe | success or wait | 645106037 |
Thread resumed | TID: 2680 PID: 2472 Path: C:\Program Files\Internet Explorer\iexplore.exe | success or wait | 645108990 |
Section loaded | Path: \BaseNamedObjects\ie_lcie_LogonMedium_S-1-5-21-507921405-1960408961-839522115-500 Access: query and write and read Type: commit Baseaddress: 1960000 Size: 4096 Protection: read write Mapped to pid: own pid | success or wait | 645113759 |
Section loaded | Path: \BaseNamedObjects\Local\IEFrame!GetAsyncKeyStateSharedMem!2472 Access: query and write and read Type: commit Baseaddress: 1970000 Size: 4096 Protection: read write Mapped to pid: own pid | success or wait | 645119931 |
Thread resumed | TID: 2692 PID: 2472 Path: C:\Program Files\Internet Explorer\iexplore.exe | success or wait | 645122342 |
Section loaded | Path: \KnownDlls\RASAPI32.dll Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 645220011 |
Section loaded | Path: C:\WINDOWS\system32\rasapi32.dll Access: query and write and read and execute Type: image Baseaddress: 76EE0000 Size: 245760 Protection: read write Mapped to pid: own pid | success or wait | 645220899 |
Section loaded | Path: \KnownDlls\rasman.dll Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 645224393 |
Section loaded | Path: C:\WINDOWS\system32\rasman.dll Access: query and write and read and execute Type: image Baseaddress: 76E90000 Size: 73728 Protection: read write Mapped to pid: own pid | success or wait | 645225078 |
Section loaded | Path: \KnownDlls\NETAPI32.dll Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 645227589 |
Section loaded | Path: C:\WINDOWS\system32\netapi32.dll Access: query and write and read and execute Type: image Baseaddress: 5B860000 Size: 348160 Protection: read write Mapped to pid: own pid | success or wait | 645228272 |
Section loaded | Path: \KnownDlls\TAPI32.dll Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 645233166 |
Section loaded | Path: C:\WINDOWS\system32\tapi32.dll Access: query and write and read and execute Type: image Baseaddress: 76EB0000 Size: 192512 Protection: read write Mapped to pid: own pid | success or wait | 645233823 |
Section loaded | Path: \KnownDlls\rtutils.dll Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 645237017 |
Section loaded | Path: C:\WINDOWS\system32\rtutils.dll Access: query and write and read and execute Type: image Baseaddress: 76E80000 Size: 57344 Protection: read write Mapped to pid: own pid | success or wait | 645241315 |
Section loaded | Path: \KnownDlls\WINMM.dll Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 645266199 |
Section loaded | Path: C:\WINDOWS\system32\winmm.dll Access: query and write and read and execute Type: image Baseaddress: 76B40000 Size: 184320 Protection: read write Mapped to pid: own pid | success or wait | 645267251 |
Thread delayed | Time: 0 TID: 2552 | success or wait | 645301405 |
Section loaded | Path: C:\WINDOWS\system32\tapi32.dll Access: read Type: commit Baseaddress: 1B00000 Size: 184320 Protection: readonly Mapped to pid: own pid | success or wait | 645309840 |
Section loaded | Path: \KnownDlls\msapsspc.dll Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 645463330 |
Section loaded | Path: C:\WINDOWS\system32\msapsspc.dll Access: query and write and read and execute Type: image Baseaddress: 71E50000 Size: 86016 Protection: read write Mapped to pid: own pid | success or wait | 645482956 |
Section loaded | Path: \KnownDlls\MSVCRT40.dll Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 645495760 |
Section loaded | Path: C:\WINDOWS\system32\msvcrt40.dll Access: query and write and read and execute Type: image Baseaddress: 78080000 Size: 69632 Protection: read write Mapped to pid: own pid | success or wait | 645505706 |
Section loaded | Path: \KnownDlls\schannel.dll Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 645578331 |
Section loaded | Path: C:\WINDOWS\system32\schannel.dll Access: query and write and read and execute Type: image Baseaddress: 767F0000 Size: 163840 Protection: read write Mapped to pid: own pid | success or wait | 645580252 |
Section loaded | Path: \KnownDlls\digest.dll Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 645683301 |
Section loaded | Path: C:\WINDOWS\system32\digest.dll Access: query and write and read and execute Type: image Baseaddress: 75B00000 Size: 86016 Protection: read write Mapped to pid: own pid | success or wait | 645694664 |
Section loaded | Path: \KnownDlls\sensapi.dll Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 645734270 |
Section loaded | Path: C:\WINDOWS\system32\sensapi.dll Access: query and write and read and execute Type: image Baseaddress: 722B0000 Size: 20480 Protection: read write Mapped to pid: own pid | success or wait | 645737203 |
Section loaded | Path: \KnownDlls\msnsspc.dll Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 645755834 |
Section loaded | Path: C:\WINDOWS\system32\msnsspc.dll Access: query and write and read and execute Type: image Baseaddress: 747B0000 Size: 290816 Protection: read write Mapped to pid: own pid | success or wait | 645761276 |
Section loaded | Path: \KnownDlls\MSVCRT40.dll Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 645767164 |
Section loaded | Path: C:\WINDOWS\system32\msvcrt40.dll Access: query and write and read and execute Type: image Baseaddress: 78080000 Size: 69632 Protection: read write Mapped to pid: own pid | success or wait | 645769208 |
Section loaded | Path: \BaseNamedObjects\SENS Information Cache Access: read Type: unknown Baseaddress: 1B00000 Size: 4096 Protection: readonly Mapped to pid: own pid | success or wait | 645783565 |
Section loaded | Path: \BaseNamedObjects\ie_lcie_ConnHashTable<2472>_S-1-5-21-507921405-1960408961-839522115-500 Access: query and write and read Type: commit Baseaddress: 1B40000 Size: 380928 Protection: read write Mapped to pid: own pid | success or wait | 645863408 |
Section loaded | Path: C:\WINDOWS\system32\msv1_0.dll Access: write and read and execute Type: commit Baseaddress: 1BA0000 Size: 139264 Protection: execute Mapped to pid: own pid | success or wait | 645896527 |
Section loaded | Path: C:\WINDOWS\system32\msv1_0.dll Access: query and write and read and execute Type: image Baseaddress: 77C70000 Size: 151552 Protection: read write Mapped to pid: own pid | success or wait | 645966512 |
Section loaded | Path: \KnownDlls\cryptdll.dll Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 645983821 |
Section loaded | Path: C:\WINDOWS\system32\cryptdll.dll Access: query and write and read and execute Type: image Baseaddress: 76790000 Size: 49152 Protection: read write Mapped to pid: own pid | success or wait | 645995908 |
Section loaded | Path: \KnownDlls\iphlpapi.dll Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 646014597 |
Section loaded | Path: C:\WINDOWS\system32\iphlpapi.dll Access: query and write and read and execute Type: image Baseaddress: 76D60000 Size: 102400 Protection: read write Mapped to pid: own pid | success or wait | 646016732 |
Section loaded | Path: C:\WINDOWS\system32\msctfime.ime Access: write and read and execute Type: commit Baseaddress: 1BA0000 Size: 180224 Protection: execute Mapped to pid: own pid | success or wait | 646135986 |
Section loaded | Path: C:\WINDOWS\system32\msctfime.ime Access: query and read Type: commit Baseaddress: 1BA0000 Size: 180224 Protection: readonly Mapped to pid: own pid | success or wait | 646149137 |
Section loaded | Path: C:\WINDOWS\system32\msctfime.ime Access: write and read and execute Type: commit Baseaddress: 1BA0000 Size: 180224 Protection: execute Mapped to pid: own pid | success or wait | 646283675 |
Section loaded | Path: C:\WINDOWS\system32\msctfime.ime Access: query and read Type: commit Baseaddress: 1BA0000 Size: 180224 Protection: readonly Mapped to pid: own pid | success or wait | 646290875 |
Thread delayed | Time: 0 TID: 2552 | success or wait | 646963154 |
Section loaded | Path: \KnownDlls\apphelp.dll Access: write and read and execute Type: unknown Baseaddress: 77B40000 Size: 139264 Protection: read write Mapped to pid: own pid | success or wait | 646979264 |
Section loaded | Path: C:\WINDOWS\AppPatch\sysmain.sdb Access: read Type: commit Baseaddress: 1BA0000 Size: 1208320 Protection: readonly Mapped to pid: own pid | success or wait | 647027520 |
Process information queried | PID: 2472 Info Class: Wow64Information | success or wait | 647031379 |
Process information queried | PID: 2472 Info Class: DeviceMap | success or wait | 647050980 |
Section loaded | Path: \BaseNamedObjects\ShimSharedMemory Access: write Type: unknown Baseaddress: 1B20000 Size: 57344 Protection: read write Mapped to pid: own pid | success or wait | 647056189 |
Section loaded | Path: C:\WINDOWS\system32\msctfime.ime Access: write and read and execute Type: commit Baseaddress: 1BA0000 Size: 180224 Protection: execute Mapped to pid: own pid | success or wait | 647061716 |
Section loaded | Path: C:\WINDOWS\system32\msctfime.ime Access: query and write and read and execute Type: image Baseaddress: 755C0000 Size: 188416 Protection: read write Mapped to pid: own pid | success or wait | 647067536 |
Section loaded | Path: C:\WINDOWS\AppPatch\sysmain.sdb Access: read Type: commit Baseaddress: 1BA0000 Size: 1208320 Protection: readonly Mapped to pid: own pid | success or wait | 647112892 |
Process information queried | PID: 2472 Info Class: DeviceMap | success or wait | 647133274 |
Section loaded | Path: \KnownDlls\IEUI.dll Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 647178361 |
Section loaded | Path: C:\WINDOWS\system32\ieui.dll Access: query and write and read and execute Type: image Baseaddress: 1C00000 Size: 172032 Protection: read write Mapped to pid: own pid | conflicting addresses | 647184638 |
Section loaded | Path: \KnownDlls\MSIMG32.dll Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 647224809 |
Section loaded | Path: C:\WINDOWS\system32\msimg32.dll Access: query and write and read and execute Type: image Baseaddress: 76380000 Size: 20480 Protection: read write Mapped to pid: own pid | success or wait | 647228289 |
Thread resumed | TID: 2876 PID: 2472 Path: C:\Program Files\Internet Explorer\iexplore.exe | success or wait | 647278864 |
Thread resumed | TID: 2880 PID: 2472 Path: C:\Program Files\Internet Explorer\iexplore.exe | success or wait | 647339525 |
Thread resumed | TID: 2884 PID: 2472 Path: C:\Program Files\Internet Explorer\iexplore.exe | success or wait | 647346427 |
Thread resumed | TID: 2888 PID: 2472 Path: C:\Program Files\Internet Explorer\iexplore.exe | success or wait | 647361433 |
Section loaded | Path: \KnownDlls\CLBCATQ.DLL Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 647380961 |
Section loaded | Path: C:\WINDOWS\system32\clbcatq.dll Access: query and write and read and execute Type: image Baseaddress: 76FD0000 Size: 520192 Protection: read write Mapped to pid: own pid | success or wait | 647383948 |
Section loaded | Path: \KnownDlls\COMRes.dll Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 647388542 |
Section loaded | Path: C:\WINDOWS\system32\comres.dll Access: query and write and read and execute Type: image Baseaddress: 77050000 Size: 806912 Protection: read write Mapped to pid: own pid | success or wait | 647390772 |
Process information queried | PID: 2472 Info Class: Wow64Information | success or wait | 647409956 |
Section loaded | Path: C:\Program Files\Internet Explorer\ieproxy.dll Access: write and read and execute Type: commit Baseaddress: 2040000 Size: 249856 Protection: execute Mapped to pid: own pid | success or wait | 647491209 |
Section loaded | Path: C:\Program Files\Internet Explorer\ieproxy.dll Access: query and write and read and execute Type: image Baseaddress: 439B0000 Size: 262144 Protection: read write Mapped to pid: own pid | success or wait | 647497897 |
Thread resumed | TID: 2896 PID: 2472 Path: C:\Program Files\Internet Explorer\iexplore.exe | success or wait | 647532113 |
Section loaded | Path: \BaseNamedObjects\DfRoot0001536B6 Access: query and write and read Type: commit Baseaddress: 2150000 Size: 4096 Protection: read write Mapped to pid: own pid | success or wait | 647542481 |
Thread resumed | TID: 2900 PID: 2472 Path: C:\Program Files\Internet Explorer\iexplore.exe | success or wait | 647570968 |
Process information queried | PID: 2472 Info Class: SessionInformation | success or wait | 647625269 |
Section loaded | Path: C:\WINDOWS\system32\msimtf.dll Access: write and read and execute Type: commit Baseaddress: 2260000 Size: 159744 Protection: execute Mapped to pid: own pid | success or wait | 647640209 |
Section loaded | Path: C:\WINDOWS\system32\msimtf.dll Access: query and write and read and execute Type: image Baseaddress: 746F0000 Size: 172032 Protection: read write Mapped to pid: own pid | success or wait | 647647953 |
Process information queried | PID: 2472 Info Class: SessionInformation | success or wait | 647743068 |
Process information queried | PID: 2472 Info Class: SessionInformation | success or wait | 647830720 |
Section loaded | Path: \BaseNamedObjects\CTF.AsmListCache.FMPDefaultS-1-5-21-507921405-1960408961-839522115-500 Access: query and write and read and execute and extend size Type: unknown Baseaddress: 2260000 Size: 4096 Protection: read write Mapped to pid: own pid | success or wait | 647886411 |
Process information queried | PID: 2472 Info Class: DeviceMap | success or wait | 648028087 |
Thread delayed | Time: 0 TID: 2552 | success or wait | 648045725 |
Section loaded | Path: \BaseNamedObjects\Local\UrlZonesSM_Administrator Access: query and write and read Type: commit Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name exists | 648065959 |
Section loaded | Path: \KnownDlls\UxTheme.dll Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 649139118 |
Section loaded | Path: C:\WINDOWS\system32\uxtheme.dll Access: query and write and read and execute Type: image Baseaddress: 5AD70000 Size: 229376 Protection: read write Mapped to pid: own pid | success or wait | 649142125 |
Thread delayed | Time: 0 TID: 2552 | success or wait | 649164310 |
Section loaded | Path: C:\WINDOWS\AppPatch\sysmain.sdb Access: read Type: commit Baseaddress: 23C0000 Size: 1208320 Protection: readonly Mapped to pid: own pid | success or wait | 649385069 |
Process information queried | PID: 2472 Info Class: DeviceMap | success or wait | 649405264 |
Process information queried | PID: 2472 Info Class: SessionInformation | success or wait | 649465444 |
Section loaded | Path: C:\WINDOWS\system32\cscui.dll Access: write and read and execute Type: commit Baseaddress: 23C0000 Size: 327680 Protection: execute Mapped to pid: own pid | success or wait | 649477510 |
Section loaded | Path: C:\WINDOWS\system32\cscui.dll Access: query and write and read and execute Type: image Baseaddress: 77A20000 Size: 344064 Protection: read write Mapped to pid: own pid | success or wait | 649484938 |
Section loaded | Path: \KnownDlls\CSCDLL.dll Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 649495469 |
Section loaded | Path: C:\WINDOWS\system32\cscdll.dll Access: query and write and read and execute Type: image Baseaddress: 76600000 Size: 118784 Protection: read write Mapped to pid: own pid | success or wait | 649498203 |
Section loaded | Path: C:\WINDOWS\system32\cscui.dll Access: read Type: commit Baseaddress: 23C0000 Size: 327680 Protection: readonly Mapped to pid: own pid | success or wait | 649553350 |
Process information queried | PID: 2472 Info Class: DeviceMap | success or wait | 649615697 |
Section loaded | Path: \KnownDlls\SETUPAPI.dll Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 649618445 |
Section loaded | Path: C:\WINDOWS\system32\setupapi.dll Access: query and write and read and execute Type: image Baseaddress: 77920000 Size: 995328 Protection: read write Mapped to pid: own pid | success or wait | 649620580 |
Process information queried | PID: 2472 Info Class: Wow64Information | success or wait | 649675059 |
Process information queried | PID: 2472 Info Class: DeviceMap | success or wait | 649889510 |
Process information queried | PID: 2472 Info Class: DeviceMap | success or wait | 649890492 |
Process information queried | PID: 2472 Info Class: DeviceMap | success or wait | 649891466 |
Section loaded | Path: C:\WINDOWS\system32\url.dll Access: query and read Type: commit Baseaddress: 23C0000 Size: 106496 Protection: readonly Mapped to pid: own pid | success or wait | 649904169 |
Process information queried | PID: 2472 Info Class: SessionInformation | success or wait | 649972659 |
Section loaded | Path: C:\WINDOWS\system32\oleacc.dll Access: write and read and execute Type: commit Baseaddress: 23C0000 Size: 163840 Protection: execute Mapped to pid: own pid | success or wait | 649988464 |
Section loaded | Path: C:\WINDOWS\system32\oleacc.dll Access: query and write and read and execute Type: image Baseaddress: 74C80000 Size: 180224 Protection: read write Mapped to pid: own pid | success or wait | 650000179 |
Section loaded | Path: \KnownDlls\MSVCP60.dll Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 650011101 |
Section loaded | Path: C:\WINDOWS\system32\msvcp60.dll Access: query and write and read and execute Type: image Baseaddress: 76080000 Size: 413696 Protection: read write Mapped to pid: own pid | success or wait | 650013790 |
Section loaded | Path: C:\WINDOWS\system32\oleaccrc.dll Access: query and read Type: commit Baseaddress: 23C0000 Size: 20480 Protection: readonly Mapped to pid: own pid | success or wait | 650057929 |
Section loaded | Path: C:\WINDOWS\system32\oleacc.dll Access: query and read Type: commit Baseaddress: 23D0000 Size: 12288 Protection: readonly Mapped to pid: own pid | success or wait | 650112726 |
Process information queried | PID: 2472 Info Class: DeviceMap | success or wait | 650120564 |
Thread delayed | Time: 0 TID: 2552 | success or wait | 650286756 |
Section loaded | Path: \BaseNamedObjects\windows_ie_global_counters Access: write and read Type: unknown Baseaddress: 23D0000 Size: 4096 Protection: read write Mapped to pid: own pid | success or wait | 650383319 |
Thread resumed | TID: 2928 PID: 2472 Path: C:\Program Files\Internet Explorer\iexplore.exe | success or wait | 650764741 |
Section loaded | Path: C:\WINDOWS\system32\xmllite.dll Access: write and read and execute Type: commit Baseaddress: 25B0000 Size: 122880 Protection: execute Mapped to pid: own pid | success or wait | 650905538 |
Section loaded | Path: C:\WINDOWS\system32\xmllite.dll Access: query and write and read and execute Type: image Baseaddress: 47060000 Size: 135168 Protection: read write Mapped to pid: own pid | success or wait | 650913487 |
Thread delayed | Time: 0 TID: 2552 | success or wait | 651401488 |
Section loaded | Path: C:\WINDOWS\system32\xpsp3res.dll Access: query and read Type: commit Baseaddress: 2800000 Size: 692224 Protection: readonly Mapped to pid: own pid | success or wait | 651476430 |
Section loaded | Path: C:\WINDOWS\system32\xpsp3res.dll Access: query and read Type: commit Baseaddress: 2800000 Size: 692224 Protection: write copy Mapped to pid: own pid | success or wait | 651488735 |
Section loaded | Path: C:\Program Files\Skype\Toolbars\Internet Explorer\icon.ico Access: query and read Type: commit Baseaddress: 2800000 Size: 8192 Protection: readonly Mapped to pid: own pid | success or wait | 651553309 |
Section loaded | Path: C:\Program Files\Skype\Toolbars\Internet Explorer\icon.ico Access: query and read Type: commit Baseaddress: 2800000 Size: 8192 Protection: readonly Mapped to pid: own pid | success or wait | 651564780 |
Section loaded | Path: C:\PROGRA~1\MICROS~2\OFFICE11\REFBAR.ICO Access: query and read Type: commit Baseaddress: 2800000 Size: 8192 Protection: readonly Mapped to pid: own pid | success or wait | 651637463 |
Section loaded | Path: C:\PROGRA~1\MICROS~2\OFFICE11\REFBAR.ICO Access: query and read Type: commit Baseaddress: 2800000 Size: 8192 Protection: readonly Mapped to pid: own pid | success or wait | 651649004 |
Section loaded | Path: C:\Program Files\Messenger\msmsgs.exe Access: write and read and execute Type: commit Baseaddress: 2850000 Size: 1695744 Protection: execute Mapped to pid: own pid | success or wait | 651669188 |
Section loaded | Path: C:\Program Files\Messenger\msmsgs.exe Access: query and read Type: commit Baseaddress: 2850000 Size: 1695744 Protection: readonly Mapped to pid: own pid | success or wait | 651677961 |
Section loaded | Path: C:\Program Files\Messenger\msmsgs.exe Access: write and read and execute Type: commit Baseaddress: 2850000 Size: 1695744 Protection: execute Mapped to pid: own pid | success or wait | 651710393 |
Section loaded | Path: C:\Program Files\Messenger\msmsgs.exe Access: query and read Type: commit Baseaddress: 2850000 Size: 1695744 Protection: readonly Mapped to pid: own pid | success or wait | 651719545 |
Process information queried | PID: 2472 Info Class: DeviceMap | success or wait | 651786816 |
Process information queried | PID: 2472 Info Class: DeviceMap | success or wait | 651787276 |
Thread delayed | Time: 0 TID: 2552 | success or wait | 652645329 |
Process information queried | PID: 2472 Info Class: DeviceMap | success or wait | 652647782 |
Process information queried | PID: 2472 Info Class: DeviceMap | success or wait | 652665790 |
Process information queried | PID: 2472 Info Class: DeviceMap | success or wait | 652670096 |
Process information queried | PID: 2472 Info Class: DeviceMap | success or wait | 652679219 |
Thread resumed | TID: 2684 PID: 2472 Path: C:\Program Files\Internet Explorer\iexplore.exe | success or wait | 652697262 |
Process information queried | PID: 2472 Info Class: DeviceMap | success or wait | 652698799 |
Thread resumed | TID: 2940 PID: 2472 Path: C:\Program Files\Internet Explorer\iexplore.exe | success or wait | 652702994 |
Process information queried | PID: 2472 Info Class: DeviceMap | success or wait | 652707949 |
Thread resumed | TID: 2944 PID: 2472 Path: C:\Program Files\Internet Explorer\iexplore.exe | success or wait | 652709090 |
Section loaded | Path: C:\Program Files\Internet Explorer\iexplore.exe Access: query and write and read and execute and extend size Type: image Baseaddress: 2850000 Size: 1695744 Protection: readonly Mapped to pid: own pid | success or wait | 652753638 |
Section loaded | Path: C:\WINDOWS\AppPatch\sysmain.sdb Access: read Type: commit Baseaddress: 2B90000 Size: 1208320 Protection: readonly Mapped to pid: own pid | success or wait | 652755540 |
Process information queried | PID: 2472 Info Class: DeviceMap | success or wait | 652761154 |
Section loaded | Path: C:\Program Files\Internet Explorer\iexplore.exe Access: query and read Type: commit Baseaddress: 2980000 Size: 638976 Protection: readonly Mapped to pid: own pid | success or wait | 652798972 |
Process created | PID: 2948 Path: C:\Program Files\Internet Explorer\iexplore.exe Cmdline: C:\Program Files\Internet Explorer\IEXPLORE.EXE SCODEF:2472 CREDAT:79873 Createflags: none | success or wait | 652804741 |
Process information queried | PID: 2948 Info Class: BasicInformation | success or wait | 652805448 |
Process information queried | PID: 2948 Info Class: BasicInformation | success or wait | 652809335 |
Process information queried | PID: 2948 Info Class: BasicInformation | success or wait | 653130424 |
Process information queried | PID: 2948 Info Class: ImageFileName | success or wait | 653131217 |
Process information queried | PID: 2472 Info Class: DeviceMap | success or wait | 653131709 |
Process information queried | PID: 2472 Info Class: DeviceMap | success or wait | 653132393 |
Memory read | PID: 2948 Path: C:\Program Files\Internet Explorer\iexplore.exe Base: 7FFDF000 Length: 2860 Value: FF FF FF FF 00 00 14 00 00 20 13 00 00 00 00 00 00 1E 00 00 00 00 00 00 00 F0 FD 7F 00 00 00 00 84 0B 00 00 88 0B 00 00 00 00 00 00 00 00 00 00 00 60 FD 7F 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 09 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | success or wait | 653133489 |
Memory read | PID: 2948 Path: C:\Program Files\Internet Explorer\iexplore.exe Base: 7FFD6000 Length: 488 Value: 00 00 00 00 FF FF FF FF 00 00 40 00 00 00 00 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FB 7F 00 10 FC 7F 00 20 FD 7F 01 00 00 00 00 00 00 00 00 00 00 00 00 80 9B 07 6D E8 FF FF 00 00 10 00 00 20 00 00 00 00 01 00 00 10 00 00 00 00 00 00 7C 03 00 00 10 62 FD 7F 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05 00 00 00 01 00 00 00 28 0A 00 03 02 00 00 00 02 00 00 00 05 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | success or wait | 653135176 |
Memory read | PID: 2948 Path: C:\Program Files\Internet Explorer\iexplore.exe Base: 40003C Length: 4 Value: E0 00 00 00 | success or wait | 653135736 |
Memory read | PID: 2948 Path: C:\Program Files\Internet Explorer\iexplore.exe Base: 4000F8 Length: 24 Value: 0B 01 08 00 00 A0 00 00 00 04 09 00 00 00 00 00 25 1A 00 00 00 10 00 00 | success or wait | 653136070 |
Memory allocated | PID: 2948 Path: C:\Program Files\Internet Explorer\iexplore.exe Base: BAD0000 Length: 13D294 Allocation Type: unknown Protection: page execute and read and write | success or wait | 653136557 |
Memory written | PID: 2948 Path: C:\Program Files\Internet Explorer\iexplore.exe Base: BAD0000 Length: 315392 Value: 4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF 00 00 B8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4C 01 02 00 9B 20 34 4D 00 00 00 00 00 00 00 00 E0 00 02 01 0B 01 0A 00 00 8C 04 00 00 22 00 00 00 00 00 00 72 44 02 00 00 10 00 | success or wait | 653149003 |
Memory read | PID: 2948 Path: C:\Program Files\Internet Explorer\iexplore.exe Base: 401A25 Length: 5 Value: E8 87 FD FF FF | success or wait | 653150690 |
Memory written | PID: 2948 Path: C:\Program Files\Internet Explorer\iexplore.exe Base: BAFC520 Length: 417 Value: 25 1A 40 00 AF 4A AF 0B E8 87 FD FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05 00 00 00 00 00 40 00 00 00 00 00 E9 85 30 6F 0B 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 43 3A 5C 50 72 6F 67 72 61 6D 20 46 69 6C 65 73 5C 49 6E 74 65 72 6E 65 74 20 45 78 70 6C 6F 72 65 72 5C 69 65 78 70 6C 6F 72 65 2E 65 78 65 00 78 70 6C 6F 72 65 72 5C 69 65 78 70 6C 6F 72 65 2E 65 78 65 00 00 00 00 28 8A 16 00 00 00 00 00 6C E0 20 00 00 00 00 00 A0 E8 20 00 64 D3 13 00 E8 E0 20 00 68 01 15 00 00 00 | success or wait | 653162946 |
Memory written | PID: 2948 Path: C:\Program Files\Internet Explorer\iexplore.exe Base: 401A25 Length: 5 Value: E9 85 30 6F 0B | success or wait | 653172731 |
Thread resumed | TID: 2952 PID: 2948 Path: C:\Program Files\Internet Explorer\iexplore.exe | success or wait | 653173416 |
Thread delayed | Time: 0 TID: 2552 | success or wait | 653882792 |
Thread resumed | TID: 3308 PID: 2472 Path: C:\Program Files\Internet Explorer\iexplore.exe | success or wait | 654458849 |
Thread delayed | Time: 0 TID: 2552 | success or wait | 655385013 |
Thread delayed | Time: 0 TID: 2552 | success or wait | 656623876 |
Section loaded | Path: \BaseNamedObjects\DfRoot00015477A Access: query and write and read Type: commit Baseaddress: 2830000 Size: 4096 Protection: read write Mapped to pid: own pid | success or wait | 656671206 |
Thread delayed | Time: 0 TID: 2552 | success or wait | 657716901 |
Thread delayed | Time: 0 TID: 2552 | success or wait | 659450414 |
Thread delayed | Time: 0 TID: 2552 | success or wait | 660589866 |
Thread resumed | TID: 3452 PID: 2472 Path: C:\Program Files\Internet Explorer\iexplore.exe | success or wait | 661089254 |
Section loaded | Path: \KnownDlls\SXS.DLL Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 661119260 |
Section loaded | Path: C:\WINDOWS\system32\sxs.dll Access: query and write and read and execute Type: image Baseaddress: 7E720000 Size: 720896 Protection: read write Mapped to pid: own pid | success or wait | 661120429 |
Section loaded | Path: C:\WINDOWS\system32\ieframe.dll Access: query and read Type: commit Baseaddress: 2C90000 Size: 69632 Protection: readonly Mapped to pid: own pid | success or wait | 661209932 |
Section loaded | Path: C:\WINDOWS\system32\stdole2.tlb Access: query and read Type: commit Baseaddress: 2A80000 Size: 16384 Protection: readonly Mapped to pid: own pid | success or wait | 661251334 |
Section loaded | Path: \BaseNamedObjects\CTF.AsmListCache.FMPDefaultS-1-5-21-507921405-1960408961-839522115-500 Access: query and write and read and execute and extend size Type: unknown Baseaddress: 2A80000 Size: 4096 Protection: read write Mapped to pid: own pid | success or wait | 661271410 |
Process information queried | PID: 2472 Info Class: DeviceMap | success or wait | 661291818 |
Process information queried | PID: 2472 Info Class: DeviceMap | success or wait | 661299816 |
Process information queried | PID: 2472 Info Class: DeviceMap | success or wait | 661311222 |
Process information queried | PID: 2472 Info Class: DeviceMap | success or wait | 661323646 |
Process information queried | PID: 2472 Info Class: DeviceMap | success or wait | 661593647 |
Process information queried | PID: 2472 Info Class: DeviceMap | success or wait | 661594036 |
Process information queried | PID: 2472 Info Class: DeviceMap | success or wait | 661599750 |
Section loaded | Path: \KnownDlls\msfeeds.dll Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 661618604 |
Section loaded | Path: C:\WINDOWS\system32\msfeeds.dll Access: query and write and read and execute Type: image Baseaddress: 435A0000 Size: 614400 Protection: read write Mapped to pid: own pid | success or wait | 661621130 |
Process information queried | PID: 2472 Info Class: DeviceMap | success or wait | 661648144 |
Thread delayed | Time: 0 TID: 2552 | success or wait | 661692898 |
Section loaded | Path: \BaseNamedObjects\Local\Feed Eventing Shared Memory S-1-5-21-507921405-1960408961-839522115-500 Access: query and write and read Type: commit Baseaddress: 2C90000 Size: 548864 Protection: read write Mapped to pid: own pid | success or wait | 661701467 |
Section loaded | Path: unknown Access: query and write and read Type: commit Baseaddress: 25A0000 Size: 4096 Protection: read write Mapped to pid: own pid | success or wait | 661771336 |
Process information queried | PID: 2472 Info Class: SessionInformation | success or wait | 661830919 |
Process information queried | PID: 2948 Info Class: SessionInformation | success or wait | 661831591 |
Section loaded | Path: C:\WINDOWS\system32\actxprxy.dll Access: write and read and execute Type: commit Baseaddress: 2D20000 Size: 98304 Protection: execute Mapped to pid: own pid | success or wait | 662126793 |
Section loaded | Path: C:\WINDOWS\system32\actxprxy.dll Access: query and write and read and execute Type: image Baseaddress: 71D40000 Size: 110592 Protection: read write Mapped to pid: own pid | success or wait | 662135315 |
Section loaded | Path: unknown Access: query and write and read Type: commit Baseaddress: 25A0000 Size: 4096 Protection: read write Mapped to pid: own pid | success or wait | 662387154 |
Section loaded | Path: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico Access: query and read Type: commit Baseaddress: 2D20000 Size: 4096 Protection: readonly Mapped to pid: own pid | success or wait | 662472693 |
Section loaded | Path: \KnownDlls\msi.dll Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 662773930 |
Section loaded | Path: C:\WINDOWS\system32\msi.dll Access: query and write and read and execute Type: image Baseaddress: 7D1E0000 Size: 2867200 Protection: read write Mapped to pid: own pid | success or wait | 662776942 |
Thread delayed | Time: 0 TID: 2552 | success or wait | 662810936 |
Process information queried | PID: 2472 Info Class: Wow64Information | success or wait | 662820586 |
Process information queried | PID: 2472 Info Class: Wow64Information | success or wait | 662828464 |
Process information queried | PID: 2472 Info Class: SessionInformation | success or wait | 663700474 |
Section loaded | Path: C:\Program Files\Common Files\Microsoft Shared\INK\SKCHUI.DLL Access: write and read and execute Type: commit Baseaddress: 2D30000 Size: 368640 Protection: execute Mapped to pid: own pid | success or wait | 663706064 |
Section loaded | Path: C:\Program Files\Common Files\Microsoft Shared\INK\SKCHUI.DLL Access: query and write and read and execute Type: image Baseaddress: 10000000 Size: 372736 Protection: read write Mapped to pid: own pid | success or wait | 663709722 |
Process information queried | PID: 2472 Info Class: SessionInformation | success or wait | 663744030 |
Section loaded | Path: \BaseNamedObjects\MSCTF.MarshalInterface.FileMap.MKJ..CLLAFB Access: query and write and read Type: commit Baseaddress: 2E70000 Size: 4096 Protection: read write Mapped to pid: own pid | success or wait | 663887695 |
Process information queried | PID: 2472 Info Class: SessionInformation | success or wait | 663914482 |
Thread delayed | Time: 0 TID: 2552 | success or wait | 663925400 |
Process information queried | PID: 2472 Info Class: SessionInformation | success or wait | 663938402 |
Process information queried | PID: 2472 Info Class: SessionInformation | success or wait | 663960654 |
Process information queried | PID: 2472 Info Class: SessionInformation | success or wait | 663975820 |
Section loaded | Path: \KnownDlls\MLANG.dll Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 663990145 |
Section loaded | Path: C:\WINDOWS\system32\mlang.dll Access: query and write and read and execute Type: image Baseaddress: 75CF0000 Size: 593920 Protection: read write Mapped to pid: own pid | success or wait | 663991310 |
Section loaded | Path: C:\WINDOWS\system32\mlang.dll Access: read Type: commit Baseaddress: 2E80000 Size: 589824 Protection: readonly Mapped to pid: own pid | success or wait | 664244744 |
Process information queried | PID: 2472 Info Class: DeviceMap | success or wait | 664279300 |
Process information queried | PID: 2472 Info Class: DeviceMap | success or wait | 664279671 |
Section loaded | Path: C:\WINDOWS\system32\url.dll Access: query and read Type: commit Baseaddress: 2E80000 Size: 106496 Protection: readonly Mapped to pid: own pid | success or wait | 664283055 |
Process information queried | PID: 2472 Info Class: DeviceMap | success or wait | 664312305 |
Process information queried | PID: 2472 Info Class: DeviceMap | success or wait | 664312672 |
Section loaded | Path: C:\WINDOWS\system32\url.dll Access: query and read Type: commit Baseaddress: 2E80000 Size: 106496 Protection: readonly Mapped to pid: own pid | success or wait | 664315968 |
Section loaded | Path: \BaseNamedObjects\MSCTF.Shared.SFM.EMG Access: query and write and read and execute and extend size Type: unknown Baseaddress: 2E80000 Size: 524288 Protection: read write Mapped to pid: own pid | success or wait | 664325846 |
Section loaded | Path: \BaseNamedObjects\MSCTF.MarshalInterface.FileMap.MKJ.B.PCMAFB Access: query and write and read Type: commit Baseaddress: 2E70000 Size: 4096 Protection: read write Mapped to pid: own pid | success or wait | 664329419 |
Section loaded | Path: \BaseNamedObjects\MSCTF.MarshalInterface.FileMap.MKJ.C.PCMAFB Access: query and write and read Type: commit Baseaddress: 2F00000 Size: 4096 Protection: read write Mapped to pid: own pid | success or wait | 664330209 |
Section loaded | Path: \BaseNamedObjects\MSCTF.MarshalInterface.FileMap.MKJ.D.PCMAFB Access: query and write and read Type: commit Baseaddress: 2F20000 Size: 4096 Protection: read write Mapped to pid: own pid | success or wait | 664330983 |
Section loaded | Path: \BaseNamedObjects\MSCTF.MarshalInterface.FileMap.MKJ.E.PCMAFB Access: query and write and read Type: commit Baseaddress: 2F30000 Size: 4096 Protection: read write Mapped to pid: own pid | success or wait | 664331764 |
Section loaded | Path: \BaseNamedObjects\MSCTF.MarshalInterface.FileMap.MKJ.F.PCMAFB Access: query and write and read Type: commit Baseaddress: 2F40000 Size: 4096 Protection: read write Mapped to pid: own pid | success or wait | 664332541 |
Section loaded | Path: \BaseNamedObjects\MSCTF.MarshalInterface.FileMap.MKJ.G.PCMAFB Access: query and write and read Type: commit Baseaddress: 2F50000 Size: 4096 Protection: read write Mapped to pid: own pid | success or wait | 664333319 |
Section loaded | Path: \BaseNamedObjects\MSCTF.MarshalInterface.FileMap.MKJ.H.PCMAFB Access: query and write and read Type: commit Baseaddress: 2F60000 Size: 4096 Protection: read write Mapped to pid: own pid | success or wait | 664334104 |
Section loaded | Path: \BaseNamedObjects\MSCTF.MarshalInterface.FileMap.MKJ.I.PCMAFB Access: query and write and read Type: commit Baseaddress: 2F70000 Size: 4096 Protection: read write Mapped to pid: own pid | success or wait | 664336845 |
Section loaded | Path: \BaseNamedObjects\MSCTF.MarshalInterface.FileMap.MKJ.J.PCMAFB Access: query and write and read Type: commit Baseaddress: 2F80000 Size: 4096 Protection: read write Mapped to pid: own pid | success or wait | 664337646 |
Section loaded | Path: \BaseNamedObjects\MSCTF.MarshalInterface.FileMap.MKJ.K.PCMAFB Access: query and write and read Type: commit Baseaddress: 2E70000 Size: 4096 Protection: read write Mapped to pid: own pid | success or wait | 664355976 |
Section loaded | Path: \BaseNamedObjects\MSCTF.MarshalInterface.FileMap.MKJ.L.ODMAFB Access: query and write and read Type: commit Baseaddress: 2E70000 Size: 4096 Protection: read write Mapped to pid: own pid | success or wait | 664378270 |
Section loaded | Path: \BaseNamedObjects\MSCTF.MarshalInterface.FileMap.MKJ.M.ODMAFB Access: query and write and read Type: commit Baseaddress: 2E70000 Size: 4096 Protection: read write Mapped to pid: own pid | success or wait | 664392017 |
Section loaded | Path: \BaseNamedObjects\MSCTF.MarshalInterface.FileMap.MKJ.N.ODMAFB Access: query and write and read Type: commit Baseaddress: 2E70000 Size: 4096 Protection: read write Mapped to pid: own pid | success or wait | 664401500 |
Section loaded | Path: \BaseNamedObjects\MSCTF.MarshalInterface.FileMap.MKJ.O.ODMAFB Access: query and write and read Type: commit Baseaddress: 2E70000 Size: 4096 Protection: read write Mapped to pid: own pid | success or wait | 664408679 |
Section loaded | Path: \BaseNamedObjects\MSCTF.MarshalInterface.FileMap.MKJ.P.ODMAFB Access: query and write and read Type: commit Baseaddress: 2E70000 Size: 4096 Protection: read write Mapped to pid: own pid | success or wait | 664424556 |
Section loaded | Path: \BaseNamedObjects\MSCTF.MarshalInterface.FileMap.MKJ.AB.OEMAFB Access: query and write and read Type: commit Baseaddress: 2E70000 Size: 4096 Protection: read write Mapped to pid: own pid | success or wait | 664436049 |
Section loaded | Path: \BaseNamedObjects\MSCTF.MarshalInterface.FileMap.MKJ.BB.OEMAFB Access: query and write and read Type: commit Baseaddress: 2E70000 Size: 4096 Protection: read write Mapped to pid: own pid | success or wait | 664447312 |
Section loaded | Path: \BaseNamedObjects\MSCTF.MarshalInterface.FileMap.MKJ.CB.OEMAFB Access: query and write and read Type: commit Baseaddress: 2E70000 Size: 4096 Protection: read write Mapped to pid: own pid | success or wait | 664459067 |
Section loaded | Path: \BaseNamedObjects\MSCTF.MarshalInterface.FileMap.EMG.HC.OEMAFB Access: query and write and read and execute and extend size Type: unknown Baseaddress: 2E70000 Size: 4096 Protection: read write Mapped to pid: own pid | success or wait | 664488667 |
Section loaded | Path: \BaseNamedObjects\MSCTF.MarshalInterface.FileMap.EMG.IC.OEMAFB Access: query and write and read and execute and extend size Type: unknown Baseaddress: 2E70000 Size: 4096 Protection: read write Mapped to pid: own pid | success or wait | 664489841 |
Section loaded | Path: \BaseNamedObjects\MSCTF.MarshalInterface.FileMap.EMG.JC.OEMAFB Access: query and write and read and execute and extend size Type: unknown Baseaddress: 2E70000 Size: 4096 Protection: read write Mapped to pid: own pid | success or wait | 664490911 |
Section loaded | Path: \BaseNamedObjects\MSCTF.MarshalInterface.FileMap.EMG.KC.NFMAFB Access: query and write and read and execute and extend size Type: unknown Baseaddress: 2E70000 Size: 4096 Protection: read write Mapped to pid: own pid | success or wait | 664491951 |
Section loaded | Path: \BaseNamedObjects\MSCTF.MarshalInterface.FileMap.EMG.LC.NFMAFB Access: query and write and read and execute and extend size Type: unknown Baseaddress: 2E70000 Size: 4096 Protection: read write Mapped to pid: own pid | success or wait | 664493005 |
Section loaded | Path: \BaseNamedObjects\MSCTF.MarshalInterface.FileMap.EMG.MC.NFMAFB Access: query and write and read and execute and extend size Type: unknown Baseaddress: 2E70000 Size: 4096 Protection: read write Mapped to pid: own pid | success or wait | 664494252 |
Section loaded | Path: \BaseNamedObjects\MSCTF.MarshalInterface.FileMap.EMG.NC.NFMAFB Access: query and write and read and execute and extend size Type: unknown Baseaddress: 2E70000 Size: 4096 Protection: read write Mapped to pid: own pid | success or wait | 664495285 |
Section loaded | Path: \BaseNamedObjects\MSCTF.MarshalInterface.FileMap.EMG.OC.NFMAFB Access: query and write and read and execute and extend size Type: unknown Baseaddress: 2E70000 Size: 4096 Protection: read write Mapped to pid: own pid | success or wait | 664498543 |
Section loaded | Path: \BaseNamedObjects\MSCTF.MarshalInterface.FileMap.EMG.PC.NFMAFB Access: query and write and read and execute and extend size Type: unknown Baseaddress: 2E70000 Size: 4096 Protection: read write Mapped to pid: own pid | success or wait | 664499604 |
Thread delayed | Time: 0 TID: 2552 | success or wait | 665049857 |
Thread delayed | Time: 0 TID: 2552 | success or wait | 666165441 |
Thread delayed | Time: 0 TID: 2552 | success or wait | 667281109 |
Section loaded | Path: \BaseNamedObjects\Local\C:_Documents and Settings_Administrator_IETldCache_index.dat_262144 Access: write Type: unknown Baseaddress: 2F20000 Size: 262144 Protection: read write Mapped to pid: own pid | success or wait | 668022618 |
Thread delayed | Time: 0 TID: 2552 | success or wait | 668406660 |
Thread delayed | Time: 0 TID: 2552 | success or wait | 669523506 |
Thread delayed | Time: 0 TID: 2552 | success or wait | 670644050 |
Thread delayed | Time: 0 TID: 2552 | success or wait | 671761861 |
Thread delayed | Time: 0 TID: 2552 | success or wait | 672883982 |
Thread delayed | Time: 0 TID: 2552 | success or wait | 673997039 |
Thread delayed | Time: 0 TID: 2552 | success or wait | 675115660 |
Thread delayed | Time: 0 TID: 2552 | success or wait | 676234370 |
Thread delayed | Time: 0 TID: 2552 | success or wait | 677353449 |
Thread delayed | Time: 0 TID: 2552 | success or wait | 678977974 |
Thread delayed | Time: 0 TID: 2552 | success or wait | 680567456 |
Thread delayed | Time: 0 TID: 2552 | success or wait | 682446443 |
Thread delayed | Time: 0 TID: 2552 | success or wait | 683643076 |
Section loaded | Path: \KnownDlls\USP10.dll Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 684584581 |
Section loaded | Path: C:\WINDOWS\system32\usp10.dll Access: query and write and read and execute Type: image Baseaddress: 74D90000 Size: 438272 Protection: read write Mapped to pid: own pid | success or wait | 684590421 |
Thread delayed | Time: 0 TID: 2552 | success or wait | 684731313 |
Thread delayed | Time: 0 TID: 2552 | success or wait | 686295004 |
Process information queried | PID: 2472 Info Class: DeviceMap | success or wait | 686669455 |
Process information queried | PID: 2472 Info Class: DeviceMap | success or wait | 686728176 |
Process information queried | PID: 2472 Info Class: DeviceMap | success or wait | 686762010 |
Process information queried | PID: 2472 Info Class: DeviceMap | success or wait | 686827048 |
Process information queried | PID: 2472 Info Class: DeviceMap | success or wait | 686828639 |
Process information queried | PID: 2472 Info Class: DeviceMap | success or wait | 686898154 |
Thread delayed | Time: 0 TID: 2552 | success or wait | 687426212 |
Thread delayed | Time: 0 TID: 2552 | success or wait | 688533656 |
Section loaded | Path: \BaseNamedObjects\Local\C:_Documents and Settings_Administrator_Local Settings_Application Data_Microsoft_Feeds Cache_index.dat_32768 Access: write Type: unknown Baseaddress: 2F00000 Size: 32768 Protection: read write Mapped to pid: own pid | success or wait | 688982193 |
Thread delayed | Time: 0 TID: 2552 | success or wait | 689910719 |
Section loaded | Path: \BaseNamedObjects\Local\Feed Arbitration Shared Memory [ User : S-1-5-21-507921405-1960408961-839522115-500 ] Access: query and write and read Type: commit Baseaddress: 2F60000 Size: 8192 Protection: read write Mapped to pid: own pid | success or wait | 690169031 |
Section loaded | Path: \BaseNamedObjects\DfSharedHeap158910 Access: query and write and read Type: reserve Baseaddress: 2F70000 Size: 4194304 Protection: read write Mapped to pid: own pid | success or wait | 690506688 |
Section loaded | Path: \BaseNamedObjects\DfRoot000158916 Access: query and write and read Type: commit Baseaddress: 3370000 Size: 4096 Protection: read write Mapped to pid: own pid | success or wait | 690592436 |
Process information queried | PID: 2472 Info Class: QuotaLimits | success or wait | 690636954 |
Process information queried | PID: 2472 Info Class: VmCounters | success or wait | 690638664 |
Section loaded | Path: \BaseNamedObjects\DFMap0-1411398 Access: query and write and read Type: commit Baseaddress: 3380000 Size: 524288 Protection: read write Mapped to pid: own pid | success or wait | 690639570 |
Process information queried | PID: 2472 Info Class: QuotaLimits | success or wait | 690746937 |
Process information queried | PID: 2472 Info Class: VmCounters | success or wait | 690747267 |
Section loaded | Path: \BaseNamedObjects\DFMap0-1411610 Access: query and write and read Type: commit Baseaddress: 3500000 Size: 524288 Protection: read write Mapped to pid: own pid | success or wait | 690747635 |
Thread delayed | Time: 0 TID: 2552 | success or wait | 691221691 |
Process information queried | PID: 2472 Info Class: SessionInformation | success or wait | 691277577 |
Section loaded | Path: C:\WINDOWS\system32\msxml3.dll Access: write and read and execute Type: commit Baseaddress: 3580000 Size: 1175552 Protection: execute Mapped to pid: own pid | success or wait | 691284549 |
Section loaded | Path: C:\WINDOWS\system32\msxml3.dll Access: query and write and read and execute Type: image Baseaddress: 74980000 Size: 1191936 Protection: read write Mapped to pid: own pid | success or wait | 691298958 |
Section loaded | Path: C:\WINDOWS\system32\msxml3r.dll Access: write and read and execute Type: commit Baseaddress: 3A50000 Size: 45056 Protection: execute Mapped to pid: own pid | success or wait | 691842959 |
Section loaded | Path: C:\WINDOWS\system32\msxml3r.dll Access: query and read Type: commit Baseaddress: 3A50000 Size: 45056 Protection: readonly Mapped to pid: own pid | success or wait | 691848965 |
Section loaded | Path: \BaseNamedObjects\DfSharedHeap158CEA Access: query and write and read Type: reserve Baseaddress: 3A80000 Size: 4194304 Protection: read write Mapped to pid: own pid | success or wait | 691914259 |
Section loaded | Path: \BaseNamedObjects\DfRoot000158CEA Access: query and write and read Type: commit Baseaddress: 3E80000 Size: 4096 Protection: read write Mapped to pid: own pid | success or wait | 691924686 |
Process information queried | PID: 2472 Info Class: QuotaLimits | success or wait | 691946412 |
Process information queried | PID: 2472 Info Class: VmCounters | success or wait | 691946740 |
Section loaded | Path: \BaseNamedObjects\DFMap0-1412368 Access: query and write and read Type: commit Baseaddress: 3E90000 Size: 524288 Protection: read write Mapped to pid: own pid | success or wait | 691947125 |
Process information queried | PID: 2472 Info Class: QuotaLimits | success or wait | 692044456 |
Process information queried | PID: 2472 Info Class: VmCounters | success or wait | 692044786 |
Section loaded | Path: \BaseNamedObjects\DFMap0-1412419 Access: query and write and read Type: commit Baseaddress: 3F10000 Size: 524288 Protection: read write Mapped to pid: own pid | success or wait | 692045150 |
Thread delayed | Time: 0 TID: 2552 | success or wait | 692342952 |
Thread delayed | Time: 0 TID: 2552 | success or wait | 694117806 |
Thread delayed | Time: 0 TID: 2552 | success or wait | 695414452 |
Section loaded | Path: \BaseNamedObjects\DfSharedHeap158FE5 Access: query and write and read Type: reserve Baseaddress: 3F90000 Size: 4194304 Protection: read write Mapped to pid: own pid | success or wait | 695435114 |
Section loaded | Path: \BaseNamedObjects\DfRoot000158FFB Access: query and write and read Type: commit Baseaddress: 3F90000 Size: 4096 Protection: read write Mapped to pid: own pid | success or wait | 695575972 |
Process information queried | PID: 2472 Info Class: QuotaLimits | success or wait | 696287510 |
Process information queried | PID: 2472 Info Class: VmCounters | success or wait | 696409454 |
Section loaded | Path: \BaseNamedObjects\DFMap0-1413152 Access: query and write and read Type: commit Baseaddress: 3FA0000 Size: 524288 Protection: read write Mapped to pid: own pid | success or wait | 696424327 |
Thread delayed | Time: 0 TID: 2552 | success or wait | 696536289 |
Thread delayed | Time: 0 TID: 2552 | success or wait | 697686399 |
Process information queried | PID: 2472 Info Class: QuotaLimits | success or wait | 698005606 |
Process information queried | PID: 2472 Info Class: VmCounters | success or wait | 698006075 |
Section loaded | Path: \BaseNamedObjects\DFMap0-1413345 Access: query and write and read Type: commit Baseaddress: 4020000 Size: 524288 Protection: read write Mapped to pid: own pid | success or wait | 698006458 |
Thread delayed | Time: 0 TID: 2552 | success or wait | 698769457 |
Thread delayed | Time: 0 TID: 2552 | success or wait | 700913140 |
Thread delayed | Time: 0 TID: 2552 | success or wait | 702013235 |
Section loaded | Path: unknown Access: query and write and read Type: commit Baseaddress: 40A0000 Size: 4096 Protection: read write Mapped to pid: own pid | success or wait | 702519132 |
Thread delayed | Time: 0 TID: 2552 | success or wait | 703592918 |
Thread delayed | Time: 0 TID: 2552 | success or wait | 705029139 |
Process information queried | PID: 1728 Info Class: BasicInformation | success or wait | 736555389 |
Section loaded | Path: \BaseNamedObjects\MSCTF.Shared.SFM.MKJ Access: query and write and read Type: reserve Baseaddress: 40A0000 Size: 524288 Protection: read write Mapped to pid: own pid | success or wait | 736558525 |
Section loaded | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LLFPAG1G\favicon[1].ico Access: query and read Type: commit Baseaddress: 2A80000 Size: 4096 Protection: readonly Mapped to pid: own pid | success or wait | 742824596 |
Section loaded | Path: C:\WINDOWS\system32\rsaenh.dll Access: query and read Type: commit Baseaddress: 4140000 Size: 208896 Protection: readonly Mapped to pid: own pid | success or wait | 754376218 |
Section loaded | Path: C:\WINDOWS\system32\rsaenh.dll Access: query and read Type: commit Baseaddress: 4140000 Size: 208896 Protection: readonly Mapped to pid: own pid | success or wait | 754380668 |
Section loaded | Path: \KnownDlls\rsaenh.dll Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 755633761 |
Section loaded | Path: C:\WINDOWS\system32\rsaenh.dll Access: query and write and read and execute Type: image Baseaddress: 68000000 Size: 221184 Protection: read write Mapped to pid: own pid | success or wait | 755670075 |
Section loaded | Path: C:\WINDOWS\system32\rsaenh.dll Access: query and read Type: commit Baseaddress: 1F30000 Size: 208896 Protection: readonly Mapped to pid: own pid | success or wait | 755831738 |
Mutant created | Name: \BaseNamedObjects\ofjwkwufhdjfgki | object name exists | 766667705 |
File opened | Path: \pipe\globpluginspipe Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: none Content Overwritten: true | success or wait | 766668353 |
File read | Path: \globpluginspipe Offset: unknown Length: 4 Value: 41 0C 02 00 | success or wait | 766668884 |
File read | Path: \globpluginspipe Offset: unknown Length: 134209 Value: 67 6C 6F 62 70 6C 75 67 69 6E 73 00 04 00 00 00 72 73 74 5F 31 5F 31 00 00 0C 02 00 4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF 00 00 B8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 E8 00 00 00 0E 1F BA 0E 00 B4 09 CD | success or wait | 766681374 |
Sections | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
File Activities:
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Section Activities:
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Registry Activities:
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Mutant Activities:
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Process Activities:
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Thread Activities:
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Memory Activities:
|
Chronological sections | |||
Operation | Data | Completion | Time |
Section loaded | Path: \KnownDlls\kernel32.dll Access: write and read and execute Type: unknown Baseaddress: 7C800000 Size: 1007616 Protection: read write Mapped to pid: own pid | success or wait | 653178771 |
Process information queried | PID: 2948 Info Class: Cookie | success or wait | 653180256 |
Section loaded | Path: unknown Access: query and write and read and execute and extend size Type: reserve Baseaddress: 7C800000 Size: 1007616 Protection: read write Mapped to pid: own pid | success or wait | 653180718 |
Section loaded | Path: \NLS\NlsSectionUnicode Access: read Type: unknown Baseaddress: 270000 Size: 90112 Protection: readonly Mapped to pid: own pid | success or wait | 653182229 |
Section loaded | Path: \NLS\NlsSectionLocale Access: read Type: unknown Baseaddress: 290000 Size: 266240 Protection: readonly Mapped to pid: own pid | success or wait | 653182823 |
Section loaded | Path: \NLS\NlsSectionSortkey Access: query and read Type: unknown Baseaddress: 2E0000 Size: 266240 Protection: readonly Mapped to pid: own pid | success or wait | 653183478 |
Section loaded | Path: \NLS\NlsSectionSortTbls Access: read Type: unknown Baseaddress: 330000 Size: 24576 Protection: readonly Mapped to pid: own pid | success or wait | 653183969 |
Section loaded | Path: \NLS\NlsSectionSortkey00000409 Access: read Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 653184608 |
Section loaded | Path: \NLS\NlsSectionSortkey00000409 Access: read Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 653184740 |
Section loaded | Path: \KnownDlls\ADVAPI32.dll Access: write and read and execute Type: unknown Baseaddress: 77DD0000 Size: 634880 Protection: read write Mapped to pid: own pid | success or wait | 653185369 |
Section loaded | Path: \KnownDlls\RPCRT4.dll Access: write and read and execute Type: unknown Baseaddress: 77E70000 Size: 602112 Protection: read write Mapped to pid: own pid | success or wait | 653186596 |
Section loaded | Path: \KnownDlls\Secur32.dll Access: write and read and execute Type: unknown Baseaddress: 77FE0000 Size: 69632 Protection: read write Mapped to pid: own pid | success or wait | 653188075 |
Section loaded | Path: \KnownDlls\USER32.dll Access: write and read and execute Type: unknown Baseaddress: 7E410000 Size: 593920 Protection: read write Mapped to pid: own pid | success or wait | 653190498 |
Section loaded | Path: \KnownDlls\GDI32.dll Access: write and read and execute Type: unknown Baseaddress: 77F10000 Size: 299008 Protection: read write Mapped to pid: own pid | success or wait | 653191021 |
Section loaded | Path: \KnownDlls\msvcrt.dll Access: write and read and execute Type: unknown Baseaddress: 77C10000 Size: 360448 Protection: read write Mapped to pid: own pid | success or wait | 653193603 |
Section loaded | Path: \KnownDlls\SHLWAPI.dll Access: write and read and execute Type: unknown Baseaddress: 77F60000 Size: 483328 Protection: read write Mapped to pid: own pid | success or wait | 653195179 |
Section loaded | Path: \KnownDlls\SHELL32.dll Access: write and read and execute Type: unknown Baseaddress: 7C9C0000 Size: 8482816 Protection: read write Mapped to pid: own pid | success or wait | 653197270 |
Section loaded | Path: \KnownDlls\ole32.dll Access: write and read and execute Type: unknown Baseaddress: 774E0000 Size: 1302528 Protection: read write Mapped to pid: own pid | success or wait | 653200273 |
Section loaded | Path: \KnownDlls\iertutil.dll Access: write and read and execute Type: unknown Baseaddress: 3DFD0000 Size: 2002944 Protection: read write Mapped to pid: own pid | success or wait | 653202876 |
Section loaded | Path: \KnownDlls\urlmon.dll Access: write and read and execute Type: unknown Baseaddress: 78130000 Size: 1257472 Protection: read write Mapped to pid: own pid | success or wait | 653205168 |
Section loaded | Path: \KnownDlls\OLEAUT32.dll Access: write and read and execute Type: unknown Baseaddress: 77120000 Size: 569344 Protection: read write Mapped to pid: own pid | success or wait | 653206520 |
Section loaded | Path: \KnownDlls\ShimEng.dll Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 653210990 |
Section loaded | Path: C:\WINDOWS\system32\shimeng.dll Access: query and write and read and execute Type: image Baseaddress: 5CB70000 Size: 155648 Protection: read write Mapped to pid: own pid | success or wait | 653211577 |
Section loaded | Path: C:\WINDOWS\AppPatch\sysmain.sdb Access: read Type: commit Baseaddress: 4A0000 Size: 1208320 Protection: readonly Mapped to pid: own pid | success or wait | 653213910 |
Process information queried | PID: 2948 Info Class: Wow64Information | success or wait | 653214718 |
Process information queried | PID: 2948 Info Class: Wow64Information | success or wait | 653215468 |
Section loaded | Path: C:\WINDOWS\AppPatch\aclayers.dll Access: write and read and execute Type: commit Baseaddress: 350000 Size: 475136 Protection: execute Mapped to pid: own pid | success or wait | 653218183 |
Section loaded | Path: C:\WINDOWS\AppPatch\aclayers.dll Access: write and read and execute Type: commit Baseaddress: 350000 Size: 475136 Protection: execute Mapped to pid: own pid | success or wait | 653219218 |
Section loaded | Path: C:\WINDOWS\AppPatch\aclayers.dll Access: query and write and read and execute Type: image Baseaddress: 71590000 Size: 495616 Protection: read write Mapped to pid: own pid | success or wait | 653220100 |
Section loaded | Path: \KnownDlls\USERENV.dll Access: write and read and execute Type: unknown Baseaddress: 769C0000 Size: 737280 Protection: read write Mapped to pid: own pid | success or wait | 653222661 |
Section loaded | Path: \KnownDlls\WINSPOOL.DRV Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 653224931 |
Section loaded | Path: C:\WINDOWS\system32\winspool.drv Access: query and write and read and execute Type: image Baseaddress: 73000000 Size: 155648 Protection: read write Mapped to pid: own pid | success or wait | 653225519 |
Section loaded | Path: \NLS\NlsSectionCType Access: read Type: unknown Baseaddress: 360000 Size: 12288 Protection: readonly Mapped to pid: own pid | success or wait | 653229030 |
Process information queried | PID: 2948 Info Class: Cookie | success or wait | 653229986 |
Process information queried | PID: 2948 Info Class: Cookie | success or wait | 653230096 |
Process information queried | PID: 2948 Info Class: ImageInformation | success or wait | 653252007 |
Section loaded | Path: C:\WINDOWS\system32\imm32.dll Access: write and read and execute Type: commit Baseaddress: 3B0000 Size: 110592 Protection: execute Mapped to pid: own pid | success or wait | 653255008 |
Process information queried | PID: 2948 Info Class: DefaultHardErrorMode | success or wait | 653257283 |
Section loaded | Path: C:\WINDOWS\system32\imm32.dll Access: write and read and execute Type: commit Baseaddress: 3B0000 Size: 110592 Protection: execute Mapped to pid: own pid | success or wait | 653258105 |
Section loaded | Path: C:\WINDOWS\system32\imm32.dll Access: query and write and read and execute Type: image Baseaddress: 76390000 Size: 118784 Protection: read write Mapped to pid: own pid | success or wait | 653260247 |
Process information queried | PID: 2948 Info Class: DefaultHardErrorMode | success or wait | 653264222 |
Process information queried | PID: 2948 Info Class: Cookie | success or wait | 653268109 |
Process information queried | PID: 2948 Info Class: Cookie | success or wait | 653268202 |
Section loaded | Path: C:\WINDOWS\system32\shell32.dll Access: read Type: commit Baseaddress: 980000 Size: 8462336 Protection: readonly Mapped to pid: own pid | success or wait | 653269849 |
Process information queried | PID: 2948 Info Class: DefaultHardErrorMode | success or wait | 653283654 |
Section loaded | Path: C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll Access: write and read and execute Type: commit Baseaddress: 980000 Size: 1056768 Protection: execute Mapped to pid: own pid | success or wait | 653284747 |
Section loaded | Path: C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll Access: query and write and read and execute Type: image Baseaddress: 773D0000 Size: 1060864 Protection: read write Mapped to pid: own pid | success or wait | 653285858 |
Section loaded | Path: C:\WINDOWS\WindowsShell.Manifest Access: write and read and execute Type: commit Baseaddress: 3E0000 Size: 4096 Protection: execute Mapped to pid: own pid | success or wait | 653290527 |
Section loaded | Path: C:\WINDOWS\WindowsShell.Manifest Access: query and read Type: commit Baseaddress: 3E0000 Size: 4096 Protection: readonly Mapped to pid: own pid | success or wait | 653291898 |
Section loaded | Path: C:\WINDOWS\WindowsShell.Manifest Access: read Type: commit Baseaddress: 3E0000 Size: 4096 Protection: readonly Mapped to pid: own pid | success or wait | 653292980 |
Process information queried | PID: 2948 Info Class: DefaultHardErrorMode | success or wait | 653308945 |
Process information queried | PID: 2948 Info Class: DefaultHardErrorMode | success or wait | 653309190 |
Section loaded | Path: \KnownDlls\comctl32.dll Access: write and read and execute Type: unknown Baseaddress: 5D090000 Size: 630784 Protection: read write Mapped to pid: own pid | success or wait | 653309338 |
Section loaded | Path: C:\WINDOWS\system32\comctl32.dll Access: read Type: commit Baseaddress: 980000 Size: 618496 Protection: readonly Mapped to pid: own pid | success or wait | 653317577 |
Process information queried | PID: 2948 Info Class: SessionInformation | success or wait | 653321675 |
Process information queried | PID: 2948 Info Class: DefaultHardErrorMode | success or wait | 653323066 |
Process information queried | PID: 2948 Info Class: DefaultHardErrorMode | success or wait | 653323259 |
Process information queried | PID: 2948 Info Class: DefaultHardErrorMode | success or wait | 653323808 |
Process information queried | PID: 2948 Info Class: DefaultHardErrorMode | success or wait | 653342067 |
Process information queried | PID: 2948 Info Class: DefaultHardErrorMode | success or wait | 653342828 |
Section loaded | Path: \KnownDlls\CRYPT32.dll Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 653350418 |
Section loaded | Path: C:\WINDOWS\system32\crypt32.dll Access: query and write and read and execute Type: image Baseaddress: 77A80000 Size: 610304 Protection: read write Mapped to pid: own pid | success or wait | 653351020 |
Section loaded | Path: \KnownDlls\MSASN1.dll Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 653355029 |
Section loaded | Path: C:\WINDOWS\system32\msasn1.dll Access: query and write and read and execute Type: image Baseaddress: 77B20000 Size: 73728 Protection: read write Mapped to pid: own pid | success or wait | 653355825 |
Process information queried | PID: 2948 Info Class: DefaultHardErrorMode | success or wait | 653360241 |
Process information queried | PID: 2948 Info Class: DefaultHardErrorMode | success or wait | 653360375 |
Process information queried | PID: 2948 Info Class: DefaultHardErrorMode | success or wait | 653360892 |
Process information queried | PID: 2948 Info Class: DefaultHardErrorMode | success or wait | 653361025 |
Process information queried | PID: 2948 Info Class: DefaultHardErrorMode | success or wait | 653361444 |
Process information queried | PID: 2948 Info Class: DefaultHardErrorMode | success or wait | 653361580 |
Section loaded | Path: \KnownDlls\WS2_32.dll Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 653362366 |
Section loaded | Path: C:\WINDOWS\system32\ws2_32.dll Access: query and write and read and execute Type: image Baseaddress: 71AB0000 Size: 94208 Protection: read write Mapped to pid: own pid | success or wait | 653362966 |
Section loaded | Path: \KnownDlls\WS2HELP.dll Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 653364793 |
Section loaded | Path: C:\WINDOWS\system32\ws2help.dll Access: query and write and read and execute Type: image Baseaddress: 71AA0000 Size: 32768 Protection: read write Mapped to pid: own pid | success or wait | 653365404 |
Section loaded | Path: \KnownDlls\WININET.dll Access: write and read and execute Type: unknown Baseaddress: 3D930000 Size: 942080 Protection: read write Mapped to pid: own pid | success or wait | 653368429 |
Section loaded | Path: \KnownDlls\Normaliz.dll Access: write and read and execute Type: unknown Baseaddress: 9A0000 Size: 36864 Protection: read write Mapped to pid: own pid | conflicting addresses | 653370850 |
Process information queried | PID: 2948 Info Class: DefaultHardErrorMode | success or wait | 653393387 |
Process information queried | PID: 2948 Info Class: DefaultHardErrorMode | success or wait | 653394196 |
Memory attributes changed | PID: 2948 Path: C:\Program Files\Internet Explorer\iexplore.exe Base: 7C90D76E Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 653399177 |
File opened | Path: C:\WINDOWS\system32\ntdll.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 653399537 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1b4b415 | success or wait | 653399862 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 4 Value: D0 00 00 00 | success or wait | 653399953 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@9addef | success or wait | 653400175 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 20 Value: 4C 01 04 00 7D F2 00 4D 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 653400264 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 D0 07 00 00 3C 03 00 00 00 00 00 F8 20 01 00 00 10 00 00 00 90 07 00 00 00 90 7C 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 0A 00 00 00 00 00 00 20 0B 00 00 04 00 00 30 FD 0A 00 03 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 34 00 00 | success or wait | 653400376 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1609812 | success or wait | 653400589 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 DA CE 07 00 00 10 00 00 00 D0 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 20 4A 00 00 00 E0 07 00 00 32 00 00 00 D4 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 78 BE 02 00 00 30 08 00 00 C0 02 00 | success or wait | 653400679 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@9fe953 | success or wait | 653400951 |
Section loaded | Path: C:\WINDOWS\system32\ntdll.dll Access: query and read Type: commit Baseaddress: 9C0000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 653401071 |
Memory attributes changed | PID: 2948 Path: C:\Program Files\Internet Explorer\iexplore.exe Base: 7C90D76E Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 653402050 |
Memory attributes changed | PID: 2948 Path: C:\Program Files\Internet Explorer\iexplore.exe Base: BAFCD70 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 653402154 |
Memory attributes changed | PID: 2948 Path: C:\Program Files\Internet Explorer\iexplore.exe Base: 7C90DF1E Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 653402261 |
File opened | Path: C:\WINDOWS\system32\ntdll.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 653402607 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1b4b415 | success or wait | 653402914 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 4 Value: D0 00 00 00 | success or wait | 653403005 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@9addef | success or wait | 653403141 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 20 Value: 4C 01 04 00 7D F2 00 4D 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 653403229 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 D0 07 00 00 3C 03 00 00 00 00 00 F8 20 01 00 00 10 00 00 00 90 07 00 00 00 90 7C 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 0A 00 00 00 00 00 00 20 0B 00 00 04 00 00 30 FD 0A 00 03 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 34 00 00 | success or wait | 653403337 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1609812 | success or wait | 653403549 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 DA CE 07 00 00 10 00 00 00 D0 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 20 4A 00 00 00 E0 07 00 00 32 00 00 00 D4 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 78 BE 02 00 00 30 08 00 00 C0 02 00 | success or wait | 653403638 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@9fe953 | success or wait | 653403822 |
Section loaded | Path: C:\WINDOWS\system32\ntdll.dll Access: query and read Type: commit Baseaddress: 9C0000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 653403941 |
Memory attributes changed | PID: 2948 Path: C:\Program Files\Internet Explorer\iexplore.exe Base: 7C90DF1E Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 653404923 |
Memory attributes changed | PID: 2948 Path: C:\Program Files\Internet Explorer\iexplore.exe Base: BB17110 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 653405027 |
Memory attributes changed | PID: 2948 Path: C:\Program Files\Internet Explorer\iexplore.exe Base: 7C90D2EE Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 653405134 |
File opened | Path: C:\WINDOWS\system32\ntdll.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 653405479 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1b4b415 | success or wait | 653405784 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 4 Value: D0 00 00 00 | success or wait | 653405875 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@9addef | success or wait | 653406010 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 20 Value: 4C 01 04 00 7D F2 00 4D 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 653406099 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 D0 07 00 00 3C 03 00 00 00 00 00 F8 20 01 00 00 10 00 00 00 90 07 00 00 00 90 7C 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 0A 00 00 00 00 00 00 20 0B 00 00 04 00 00 30 FD 0A 00 03 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 34 00 00 | success or wait | 653406206 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1609812 | success or wait | 653406417 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 DA CE 07 00 00 10 00 00 00 D0 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 20 4A 00 00 00 E0 07 00 00 32 00 00 00 D4 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 78 BE 02 00 00 30 08 00 00 C0 02 00 | success or wait | 653406506 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@9fe953 | success or wait | 653406691 |
Section loaded | Path: C:\WINDOWS\system32\ntdll.dll Access: query and read Type: commit Baseaddress: 9C0000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 653406809 |
Memory attributes changed | PID: 2948 Path: C:\Program Files\Internet Explorer\iexplore.exe Base: 7C90D2EE Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 653407835 |
Memory attributes changed | PID: 2948 Path: C:\Program Files\Internet Explorer\iexplore.exe Base: BB02A80 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 653407940 |
Memory attributes changed | PID: 2948 Path: C:\Program Files\Internet Explorer\iexplore.exe Base: 7C90DB3E Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 653408047 |
File opened | Path: C:\WINDOWS\system32\ntdll.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 653408394 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1b4b415 | success or wait | 653408729 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 4 Value: D0 00 00 00 | success or wait | 653408820 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@9addef | success or wait | 653408957 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 20 Value: 4C 01 04 00 7D F2 00 4D 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 653409045 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 D0 07 00 00 3C 03 00 00 00 00 00 F8 20 01 00 00 10 00 00 00 90 07 00 00 00 90 7C 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 0A 00 00 00 00 00 00 20 0B 00 00 04 00 00 30 FD 0A 00 03 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 34 00 00 | success or wait | 653409152 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1609812 | success or wait | 653409364 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 DA CE 07 00 00 10 00 00 00 D0 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 20 4A 00 00 00 E0 07 00 00 32 00 00 00 D4 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 78 BE 02 00 00 30 08 00 00 C0 02 00 | success or wait | 653409453 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@9fe953 | success or wait | 653409638 |
Section loaded | Path: C:\WINDOWS\system32\ntdll.dll Access: query and read Type: commit Baseaddress: 9C0000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 653409756 |
Memory attributes changed | PID: 2948 Path: C:\Program Files\Internet Explorer\iexplore.exe Base: 7C90DB3E Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 653410738 |
Memory attributes changed | PID: 2948 Path: C:\Program Files\Internet Explorer\iexplore.exe Base: BB169A8 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 653410843 |
Memory attributes changed | PID: 2948 Path: C:\Program Files\Internet Explorer\iexplore.exe Base: 7C91632D Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 653411363 |
File opened | Path: C:\WINDOWS\system32\ntdll.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 653411735 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1b4b415 | success or wait | 653412041 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 4 Value: D0 00 00 00 | success or wait | 653412132 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@9addef | success or wait | 653412268 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 20 Value: 4C 01 04 00 7D F2 00 4D 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 653412356 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 D0 07 00 00 3C 03 00 00 00 00 00 F8 20 01 00 00 10 00 00 00 90 07 00 00 00 90 7C 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 0A 00 00 00 00 00 00 20 0B 00 00 04 00 00 30 FD 0A 00 03 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 34 00 00 | success or wait | 653412463 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1609812 | success or wait | 653412675 |
File read | Path: C:\WINDOWS\system32\ntdll.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 DA CE 07 00 00 10 00 00 00 D0 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 20 4A 00 00 00 E0 07 00 00 32 00 00 00 D4 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 78 BE 02 00 00 30 08 00 00 C0 02 00 | success or wait | 653412764 |
File other op | Path: C:\WINDOWS\system32\ntdll.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@9fe953 | success or wait | 653412949 |
Section loaded | Path: C:\WINDOWS\system32\ntdll.dll Access: query and read Type: commit Baseaddress: 9C0000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 653413067 |
Memory attributes changed | PID: 2948 Path: C:\Program Files\Internet Explorer\iexplore.exe Base: 7C91632D Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 653414063 |
Memory attributes changed | PID: 2948 Path: C:\Program Files\Internet Explorer\iexplore.exe Base: BB031F0 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 653414168 |
Memory attributes changed | PID: 2948 Path: C:\Program Files\Internet Explorer\iexplore.exe Base: 7E418BF6 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 653414436 |
File opened | Path: C:\WINDOWS\system32\USER32.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 653414807 |
File other op | Path: C:\WINDOWS\system32\user32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@8f6d64 | success or wait | 653415124 |
File read | Path: C:\WINDOWS\system32\user32.dll Offset: unknown Length: 4 Value: D8 00 00 00 | success or wait | 653415221 |
File other op | Path: C:\WINDOWS\system32\user32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@56ff18 | success or wait | 653415448 |
File read | Path: C:\WINDOWS\system32\user32.dll Offset: unknown Length: 20 Value: 4C 01 04 00 1B A1 02 48 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 653415543 |
File read | Path: C:\WINDOWS\system32\user32.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 F4 05 00 00 E2 02 00 00 00 00 00 17 B2 00 00 00 10 00 00 00 B0 05 00 00 00 41 7E 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 00 00 00 00 00 00 00 10 09 00 00 04 00 00 76 FC 08 00 02 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 39 00 00 | success or wait | 653415657 |
File other op | Path: C:\WINDOWS\system32\user32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@185b10b | success or wait | 653415876 |
File read | Path: C:\WINDOWS\system32\user32.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 83 F2 05 00 00 10 00 00 00 F4 05 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 80 11 00 00 00 10 06 00 00 0C 00 00 00 F8 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 88 A0 02 00 00 30 06 00 00 A2 02 00 | success or wait | 653415971 |
File other op | Path: C:\WINDOWS\system32\user32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@2a5a5e | success or wait | 653416160 |
Section loaded | Path: C:\WINDOWS\system32\user32.dll Access: query and read Type: commit Baseaddress: 9C0000 Size: 57344 Protection: readonly Mapped to pid: own pid | success or wait | 653416284 |
Memory attributes changed | PID: 2948 Path: C:\Program Files\Internet Explorer\iexplore.exe Base: 7E418BF6 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 653417311 |
Memory attributes changed | PID: 2948 Path: C:\Program Files\Internet Explorer\iexplore.exe Base: BB02140 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 653417422 |
File opened | Path: C:\skhfushjflw\config.bin Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: normal Content Overwritten: true | success or wait | 653417685 |
File read | Path: C:\skhfushjflw\config.bin Offset: unknown Length: 74019 Value: 50 5F A6 6E 46 82 4F 8B 57 93 A9 9E 12 94 50 94 50 94 50 94 50 94 65 A2 66 A2 68 AC 79 BD E4 97 C1 E3 88 2B 9D C5 E2 92 23 B3 04 C0 03 7C B1 2A B3 BE CE AD 37 FD 39 FD 3B 6B 1F 81 21 06 02 04 95 44 7B 58 4F 33 E4 CF A8 3F D4 7E 21 05 7D B3 67 3E 96 B1 22 34 C2 F2 16 A5 36 26 B2 39 84 48 E5 22 EE 43 | success or wait | 653418480 |
Memory attributes changed | PID: 2948 Path: C:\Program Files\Internet Explorer\iexplore.exe Base: 3D949088 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 653457765 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 653458134 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@92fa70 | success or wait | 653458452 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 653458546 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@177d583 | success or wait | 653458771 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 653458864 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 653458976 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@628e42 | success or wait | 653459192 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 653459284 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@69cfe0 | success or wait | 653459473 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: 9C0000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 653459595 |
Memory attributes changed | PID: 2948 Path: C:\Program Files\Internet Explorer\iexplore.exe Base: 3D949088 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 653460737 |
Memory attributes changed | PID: 2948 Path: C:\Program Files\Internet Explorer\iexplore.exe Base: BB17598 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 653460841 |
Memory attributes changed | PID: 2948 Path: C:\Program Files\Internet Explorer\iexplore.exe Base: 3D95EE89 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 653460973 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 653461333 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@92fa70 | success or wait | 653461645 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 653461739 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@177d583 | success or wait | 653461878 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 653461970 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 653462081 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@628e42 | success or wait | 653462296 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 653462389 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@69cfe0 | success or wait | 653462577 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: 9C0000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 653462697 |
Memory attributes changed | PID: 2948 Path: C:\Program Files\Internet Explorer\iexplore.exe Base: 3D95EE89 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 653463812 |
Memory attributes changed | PID: 2948 Path: C:\Program Files\Internet Explorer\iexplore.exe Base: BB16B68 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 653463917 |
Memory attributes changed | PID: 2948 Path: C:\Program Files\Internet Explorer\iexplore.exe Base: 3D94FABE Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 653464050 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 653464327 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@92fa70 | success or wait | 653464641 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 653464735 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@177d583 | success or wait | 653464873 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 653464966 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 653465077 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@628e42 | success or wait | 653465292 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 653465389 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@69cfe0 | success or wait | 653465588 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: 9C0000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 653465709 |
Memory attributes changed | PID: 2948 Path: C:\Program Files\Internet Explorer\iexplore.exe Base: 3D94FABE Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 653466882 |
Memory attributes changed | PID: 2948 Path: C:\Program Files\Internet Explorer\iexplore.exe Base: BAFC6D0 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 653466987 |
Memory attributes changed | PID: 2948 Path: C:\Program Files\Internet Explorer\iexplore.exe Base: 3D9A608E Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 653467536 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 653467952 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@92fa70 | success or wait | 653468267 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 653468362 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@177d583 | success or wait | 653468501 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 653468594 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 653468705 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@628e42 | success or wait | 653468921 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 653469014 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@69cfe0 | success or wait | 653469202 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: 9C0000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 653469324 |
Memory attributes changed | PID: 2948 Path: C:\Program Files\Internet Explorer\iexplore.exe Base: 3D9A608E Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 653470486 |
Memory attributes changed | PID: 2948 Path: C:\Program Files\Internet Explorer\iexplore.exe Base: BB05EA0 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 653470590 |
File opened | Path: C:\skhfushjflw\config.bin Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: normal Content Overwritten: true | success or wait | 653470872 |
File read | Path: C:\skhfushjflw\config.bin Offset: unknown Length: 74019 Value: 50 5F A6 6E 46 82 4F 8B 57 93 A9 9E 12 94 50 94 50 94 50 94 50 94 65 A2 66 A2 68 AC 79 BD E4 97 C1 E3 88 2B 9D C5 E2 92 23 B3 04 C0 03 7C B1 2A B3 BE CE AD 37 FD 39 FD 3B 6B 1F 81 21 06 02 04 95 44 7B 58 4F 33 E4 CF A8 3F D4 7E 21 05 7D B3 67 3E 96 B1 22 34 C2 F2 16 A5 36 26 B2 39 84 48 E5 22 EE 43 | success or wait | 653471649 |
Memory attributes changed | PID: 2948 Path: C:\Program Files\Internet Explorer\iexplore.exe Base: 3D94D508 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 653515508 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 653515874 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@92fa70 | success or wait | 653516193 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 653516287 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@177d583 | success or wait | 653516427 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 653516519 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 653516630 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@628e42 | success or wait | 653516845 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 653516939 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@69cfe0 | success or wait | 653517127 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: 9C0000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 653517249 |
Memory attributes changed | PID: 2948 Path: C:\Program Files\Internet Explorer\iexplore.exe Base: 3D94D508 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 653518421 |
Memory attributes changed | PID: 2948 Path: C:\Program Files\Internet Explorer\iexplore.exe Base: BB06620 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 653518526 |
Memory attributes changed | PID: 2948 Path: C:\Program Files\Internet Explorer\iexplore.exe Base: 3D94CF4E Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 653518655 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 653519035 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@92fa70 | success or wait | 653519305 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 653519795 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@177d583 | success or wait | 653520019 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 653520112 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 653520223 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@628e42 | success or wait | 653520439 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 653520560 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@69cfe0 | success or wait | 653520749 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: 9C0000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 653520871 |
Memory attributes changed | PID: 2948 Path: C:\Program Files\Internet Explorer\iexplore.exe Base: 3D94CF4E Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 653522043 |
Memory attributes changed | PID: 2948 Path: C:\Program Files\Internet Explorer\iexplore.exe Base: BB17758 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 653522151 |
Memory attributes changed | PID: 2948 Path: C:\Program Files\Internet Explorer\iexplore.exe Base: 3D94878D Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 653522281 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 653522668 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@92fa70 | success or wait | 653523022 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 653523129 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@177d583 | success or wait | 653523279 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 653523371 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 653523482 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@628e42 | success or wait | 653523696 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 653523789 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@69cfe0 | success or wait | 653523977 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: 9C0000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 653524099 |
Memory attributes changed | PID: 2948 Path: C:\Program Files\Internet Explorer\iexplore.exe Base: 3D94878D Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 653525296 |
Memory attributes changed | PID: 2948 Path: C:\Program Files\Internet Explorer\iexplore.exe Base: BB033B0 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 653525403 |
Memory attributes changed | PID: 2948 Path: C:\Program Files\Internet Explorer\iexplore.exe Base: 3D940049 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 653525533 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 653525893 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@92fa70 | success or wait | 653526204 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 653526298 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@177d583 | success or wait | 653526437 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 653526529 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 653526639 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@628e42 | success or wait | 653526854 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 653526947 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@69cfe0 | success or wait | 653527134 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: 9C0000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 653527255 |
Memory attributes changed | PID: 2948 Path: C:\Program Files\Internet Explorer\iexplore.exe Base: 3D940049 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 653528425 |
Memory attributes changed | PID: 2948 Path: C:\Program Files\Internet Explorer\iexplore.exe Base: BB17AA8 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 653528528 |
Memory attributes changed | PID: 2948 Path: C:\Program Files\Internet Explorer\iexplore.exe Base: 3D94BF83 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 653528658 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 653529020 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@92fa70 | success or wait | 653529330 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 653529424 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@177d583 | success or wait | 653529562 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 653529655 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 653529765 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@628e42 | success or wait | 653529980 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 653530073 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@69cfe0 | success or wait | 653530261 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: 9C0000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 653530382 |
Memory attributes changed | PID: 2948 Path: C:\Program Files\Internet Explorer\iexplore.exe Base: 3D94BF83 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 653531548 |
Memory attributes changed | PID: 2948 Path: C:\Program Files\Internet Explorer\iexplore.exe Base: BB02C30 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 653531656 |
Memory attributes changed | PID: 2948 Path: C:\Program Files\Internet Explorer\iexplore.exe Base: 3D94654B Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 653531785 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 653532144 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@92fa70 | success or wait | 653532454 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 653532549 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@177d583 | success or wait | 653532688 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 653532781 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 653532892 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@628e42 | success or wait | 653533107 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 653533200 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@69cfe0 | success or wait | 653533388 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: 9C0000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 653533509 |
Memory attributes changed | PID: 2948 Path: C:\Program Files\Internet Explorer\iexplore.exe Base: 3D94654B Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 653534675 |
Memory attributes changed | PID: 2948 Path: C:\Program Files\Internet Explorer\iexplore.exe Base: BB035C0 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 653534779 |
Memory attributes changed | PID: 2948 Path: C:\Program Files\Internet Explorer\iexplore.exe Base: 3D963381 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 653534909 |
File opened | Path: C:\WINDOWS\system32\WININET.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 653535713 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@92fa70 | success or wait | 653535942 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 4 Value: F8 00 00 00 | success or wait | 653536036 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@177d583 | success or wait | 653536175 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D8 ED 0F 4D 00 00 00 00 00 00 00 00 E0 00 02 21 | success or wait | 653536267 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 224 Value: 0B 01 08 00 00 FA 0A 00 00 34 03 00 00 00 00 00 48 17 00 00 00 10 00 00 00 50 0C 00 00 00 93 3D 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 01 00 00 00 00 00 00 60 0E 00 00 04 00 00 8F D2 0E 00 02 00 40 01 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 F8 18 00 00 | success or wait | 653536377 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@628e42 | success or wait | 653536592 |
File read | Path: C:\WINDOWS\system32\wininet.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 B0 F9 0A 00 00 10 00 00 00 FA 0A 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 50 68 00 00 00 10 0B 00 00 34 00 00 00 FE 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 C0 61 02 00 00 80 0B 00 00 62 02 00 | success or wait | 653536684 |
File other op | Path: C:\WINDOWS\system32\wininet.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@69cfe0 | success or wait | 653536872 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and read Type: commit Baseaddress: 9C0000 Size: 65536 Protection: readonly Mapped to pid: own pid | success or wait | 653537003 |
Memory attributes changed | PID: 2948 Path: C:\Program Files\Internet Explorer\iexplore.exe Base: 3D963381 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 653538573 |
Memory attributes changed | PID: 2948 Path: C:\Program Files\Internet Explorer\iexplore.exe Base: BAFCB48 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 653538693 |
Memory attributes changed | PID: 2948 Path: C:\Program Files\Internet Explorer\iexplore.exe Base: 71AB4C27 Length: 2000 New Protection: page execute and read and write New Protection: page execute read | success or wait | 653538916 |
File opened | Path: C:\WINDOWS\system32\WS2_32.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 653539315 |
File other op | Path: C:\WINDOWS\system32\ws2_32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@ceb8e2 | success or wait | 653539631 |
File read | Path: C:\WINDOWS\system32\ws2_32.dll Offset: unknown Length: 4 Value: F0 00 00 00 | success or wait | 653539725 |
File other op | Path: C:\WINDOWS\system32\ws2_32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1cc3436 | success or wait | 653539979 |
File read | Path: C:\WINDOWS\system32\ws2_32.dll Offset: unknown Length: 20 Value: 4C 01 04 00 63 A1 02 48 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 653540072 |
File read | Path: C:\WINDOWS\system32\ws2_32.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 22 01 00 00 1C 00 00 00 00 00 00 73 12 00 00 00 10 00 00 00 20 01 00 00 00 AB 71 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 0A 00 00 00 00 00 00 70 01 00 00 04 00 00 20 F0 01 00 03 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 04 14 00 00 | success or wait | 653540184 |
File other op | Path: C:\WINDOWS\system32\ws2_32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@177daaa | success or wait | 653540399 |
File read | Path: C:\WINDOWS\system32\ws2_32.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 53 21 01 00 00 10 00 00 00 22 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 14 09 00 00 00 40 01 00 00 0A 00 00 00 26 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 F8 03 00 00 00 50 01 00 00 04 00 00 | success or wait | 653540491 |
File other op | Path: C:\WINDOWS\system32\ws2_32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1b4de03 | success or wait | 653540679 |
Section loaded | Path: C:\WINDOWS\system32\ws2_32.dll Access: query and read Type: commit Baseaddress: 9C0000 Size: 20480 Protection: readonly Mapped to pid: own pid | success or wait | 653540800 |
Memory attributes changed | PID: 2948 Path: C:\Program Files\Internet Explorer\iexplore.exe Base: 71AB4C27 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write | success or wait | 653541706 |
File opened | Path: C:\WINDOWS\system32\ADVAPI32.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 653542358 |
File other op | Path: C:\WINDOWS\system32\advapi32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@15bab52 | success or wait | 653542683 |
File read | Path: C:\WINDOWS\system32\advapi32.dll Offset: unknown Length: 4 Value: F0 00 00 00 | success or wait | 653542787 |
File other op | Path: C:\WINDOWS\system32\advapi32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@14cbf3f | success or wait | 653543049 |
File read | Path: C:\WINDOWS\system32\advapi32.dll Offset: unknown Length: 20 Value: 4C 01 04 00 48 1D 90 49 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 653543152 |
File read | Path: C:\WINDOWS\system32\advapi32.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 46 07 00 00 3E 02 00 00 00 00 00 0B 71 00 00 00 10 00 00 00 20 07 00 00 00 DD 77 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 00 00 00 00 00 00 00 B0 09 00 00 04 00 00 B8 5B 0A 00 03 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 A4 16 00 00 | success or wait | 653543273 |
File other op | Path: C:\WINDOWS\system32\advapi32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@19fd541 | success or wait | 653543498 |
File read | Path: C:\WINDOWS\system32\advapi32.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 C9 45 07 00 00 10 00 00 00 46 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 28 46 00 00 00 60 07 00 00 2C 00 00 00 4A 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 80 A9 01 00 00 B0 07 00 00 AA 01 00 | success or wait | 653543600 |
File other op | Path: C:\WINDOWS\system32\advapi32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@69ae9f | success or wait | 653543797 |
Section loaded | Path: C:\WINDOWS\system32\advapi32.dll Access: query and read Type: commit Baseaddress: 9C0000 Size: 28672 Protection: readonly Mapped to pid: own pid | success or wait | 653543928 |
File opened | Path: C:\WINDOWS\system32\CRYPT32.dll Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file and random access Attributes: none Content Overwritten: true | success or wait | 653545742 |
File other op | Path: C:\WINDOWS\system32\crypt32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@4764a1 | success or wait | 653546055 |
File read | Path: C:\WINDOWS\system32\crypt32.dll Offset: unknown Length: 4 Value: F0 00 00 00 | success or wait | 653546148 |
File other op | Path: C:\WINDOWS\system32\crypt32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@11fb141 | success or wait | 653546401 |
File read | Path: C:\WINDOWS\system32\crypt32.dll Offset: unknown Length: 20 Value: 4C 01 04 00 D7 A0 02 48 00 00 00 00 00 00 00 00 E0 00 0E 21 | success or wait | 653546494 |
File read | Path: C:\WINDOWS\system32\crypt32.dll Offset: unknown Length: 224 Value: 0B 01 07 0A 00 44 08 00 00 DC 00 00 00 00 00 00 32 16 00 00 00 10 00 00 00 20 08 00 00 00 A8 77 00 10 00 00 00 02 00 00 05 00 01 00 05 00 01 00 04 00 00 00 00 00 00 00 00 50 09 00 00 04 00 00 30 C5 09 00 02 00 00 00 00 00 04 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 9C 1A 00 00 | success or wait | 653546605 |
File other op | Path: C:\WINDOWS\system32\crypt32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@1ae3050 | success or wait | 653546820 |
File read | Path: C:\WINDOWS\system32\crypt32.dll Offset: unknown Length: 160 Value: 2E 74 65 78 74 00 00 00 C4 43 08 00 00 10 00 00 00 44 08 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 E8 23 00 00 00 60 08 00 00 24 00 00 00 48 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 72 73 72 63 00 00 00 50 67 00 00 00 90 08 00 00 68 00 00 | success or wait | 653546913 |
File other op | Path: C:\WINDOWS\system32\crypt32.dllNew path: Disposition: PositionInformation Data : abstraction.selector.functions.gen.NtFunc$FunctionData@e5f3d2 | success or wait | 653547100 |
Section loaded | Path: C:\WINDOWS\system32\crypt32.dll Access: query and read Type: commit Baseaddress: 9C0000 Size: 77824 Protection: readonly Mapped to pid: own pid | success or wait | 653547221 |
Mutant created | Name: \BaseNamedObjects\WTFGQ7AIWawyMYWWRAk3SWXkgj39MdG | access denied | 653548530 |
Thread created | PID: 2948 TID: 3104 EIP: 7C8106F9 Imagepath: C:\Program Files\Internet Explorer\iexplore.exe | success or wait | 653549088 |
Thread resumed | TID: 3104 PID: 2948 Path: C:\Program Files\Internet Explorer\iexplore.exe | success or wait | 653549378 |
File opened | Path: \pipe\globpluginspipe Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: none Content Overwritten: true | success or wait | 653549782 |
File read | Path: \globpluginspipe Offset: unknown Length: 4 Value: 41 0C 02 00 | success or wait | 653550231 |
Thread created | PID: 2948 TID: 3124 EIP: 7C8106F9 Imagepath: C:\Program Files\Internet Explorer\iexplore.exe | success or wait | 653550761 |
Thread resumed | TID: 3124 PID: 2948 Path: C:\Program Files\Internet Explorer\iexplore.exe | success or wait | 653551036 |
Thread delayed | Time: 0 TID: 3124 | success or wait | 653551442 |
Process information queried | PID: 2948 Info Class: Cookie | success or wait | 653552679 |
Process information queried | PID: 2948 Info Class: Cookie | success or wait | 653553317 |
File read | Path: \globpluginspipe Offset: unknown Length: 134209 Value: 67 6C 6F 62 70 6C 75 67 69 6E 73 00 04 00 00 00 72 73 74 5F 31 5F 31 00 00 0C 02 00 4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF 00 00 B8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 E8 00 00 00 0E 1F BA 0E 00 B4 09 CD | success or wait | 653621546 |
Memory allocated | PID: 2948 Path: C:\Program Files\Internet Explorer\iexplore.exe Base: 9C0000 Length: D2FF2C Allocation Type: unknown Protection: page execute and read and write | success or wait | 653887309 |
Memory allocated | PID: 2948 Path: C:\Program Files\Internet Explorer\iexplore.exe Base: A00000 Length: D2FE78 Allocation Type: unknown Protection: page read and write | success or wait | 653888563 |
Memory allocated | PID: 2948 Path: C:\Program Files\Internet Explorer\iexplore.exe Base: A00000 Length: D2FE7C Allocation Type: unknown Protection: page read and write | success or wait | 653888672 |
Memory allocated | PID: 2948 Path: C:\Program Files\Internet Explorer\iexplore.exe Base: A01000 Length: D2FB58 Allocation Type: unknown Protection: page read and write | success or wait | 653889000 |
Process information queried | PID: 2948 Info Class: Cookie | success or wait | 653889618 |
Process information queried | PID: 2948 Info Class: Cookie | success or wait | 653892031 |
Process information queried | PID: 2948 Info Class: Cookie | success or wait | 653892870 |
Process information queried | PID: 2948 Info Class: Cookie | success or wait | 653892971 |
Process information queried | PID: 2948 Info Class: Cookie | success or wait | 653893069 |
Process information queried | PID: 2948 Info Class: Cookie | success or wait | 653893227 |
Process information queried | PID: 2948 Info Class: Cookie | success or wait | 653893588 |
Process information queried | PID: 2948 Info Class: Cookie | success or wait | 653894295 |
Process information queried | PID: 2948 Info Class: Cookie | success or wait | 653897147 |
Process information queried | PID: 2948 Info Class: Cookie | success or wait | 653897496 |
Process information queried | PID: 2948 Info Class: Cookie | success or wait | 653897784 |
Process information queried | PID: 2948 Info Class: Cookie | success or wait | 653897967 |
Process information queried | PID: 2948 Info Class: Cookie | success or wait | 653898062 |
Process information queried | PID: 2948 Info Class: Cookie | success or wait | 653898157 |
Process information queried | PID: 2948 Info Class: Cookie | success or wait | 653898251 |
Process information queried | PID: 2948 Info Class: Cookie | success or wait | 653898345 |
Process information queried | PID: 2948 Info Class: Cookie | success or wait | 653898480 |
Process information queried | PID: 2948 Info Class: Wow64Information | success or wait | 653899715 |
Process information queried | PID: 2948 Info Class: DefaultHardErrorMode | success or wait | 653900657 |
Process information queried | PID: 2948 Info Class: DefaultHardErrorMode | success or wait | 653901002 |
Process information queried | PID: 2948 Info Class: Cookie | success or wait | 653901401 |
Process information queried | PID: 2948 Info Class: Cookie | success or wait | 653903434 |
Process information queried | PID: 2948 Info Class: Cookie | success or wait | 653903535 |
Process information queried | PID: 2948 Info Class: Cookie | success or wait | 653903660 |
Process information queried | PID: 2948 Info Class: Cookie | success or wait | 653903761 |
Process information queried | PID: 2948 Info Class: Cookie | success or wait | 653903882 |
Process information queried | PID: 2948 Info Class: DefaultHardErrorMode | success or wait | 653904161 |
Process information queried | PID: 2948 Info Class: DefaultHardErrorMode | success or wait | 653906018 |
Process information queried | PID: 2948 Info Class: Cookie | success or wait | 653906161 |
Process information queried | PID: 2948 Info Class: Cookie | success or wait | 653906290 |
Process information queried | PID: 2948 Info Class: Cookie | success or wait | 653906396 |
Process information queried | PID: 2948 Info Class: Cookie | success or wait | 653906500 |
Process information queried | PID: 2948 Info Class: Cookie | success or wait | 653906605 |
Process information queried | PID: 2948 Info Class: Cookie | success or wait | 653906743 |
Section loaded | Path: \KnownDlls\IEFRAME.dll Access: write and read and execute Type: unknown Baseaddress: 3E1C0000 Size: 11096064 Protection: read write Mapped to pid: own pid | success or wait | 653907048 |
Process information queried | PID: 2948 Info Class: Cookie | success or wait | 653909282 |
Process information queried | PID: 2948 Info Class: Cookie | success or wait | 653909388 |
Process information queried | PID: 2948 Info Class: Cookie | success or wait | 653909493 |
Process information queried | PID: 2948 Info Class: Cookie | success or wait | 653909601 |
Process information queried | PID: 2948 Info Class: Cookie | success or wait | 653909705 |
Process information queried | PID: 2948 Info Class: Cookie | success or wait | 653909824 |
Process information queried | PID: 2948 Info Class: Cookie | success or wait | 653913301 |
Process information queried | PID: 2948 Info Class: Cookie | success or wait | 653913499 |
Process information queried | PID: 2948 Info Class: Cookie | success or wait | 653913606 |
Process information queried | PID: 2948 Info Class: Cookie | success or wait | 653913726 |
Process information queried | PID: 2948 Info Class: Cookie | success or wait | 653913844 |
Process information queried | PID: 2948 Info Class: Cookie | success or wait | 653914008 |
Process information queried | PID: 2948 Info Class: Cookie | success or wait | 653916555 |
Process information queried | PID: 2948 Info Class: Cookie | success or wait | 653916661 |
Process information queried | PID: 2948 Info Class: DefaultHardErrorMode | success or wait | 653924580 |
Process information queried | PID: 2948 Info Class: DefaultHardErrorMode | success or wait | 653924962 |
Process information queried | PID: 2948 Info Class: DefaultHardErrorMode | success or wait | 653925357 |
Process information queried | PID: 2948 Info Class: DefaultHardErrorMode | success or wait | 653926465 |
Process information queried | PID: 2948 Info Class: DefaultHardErrorMode | success or wait | 653926850 |
Process information queried | PID: 2948 Info Class: DefaultHardErrorMode | success or wait | 653927234 |
Process information queried | PID: 2948 Info Class: DefaultHardErrorMode | success or wait | 653927620 |
Process information queried | PID: 2948 Info Class: DefaultHardErrorMode | success or wait | 653928001 |
Process information queried | PID: 2948 Info Class: DefaultHardErrorMode | success or wait | 653928396 |
Process information queried | PID: 2948 Info Class: DefaultHardErrorMode | success or wait | 653929363 |
Process information queried | PID: 2948 Info Class: DefaultHardErrorMode | success or wait | 653929701 |
Process information queried | PID: 2948 Info Class: DefaultHardErrorMode | success or wait | 653929959 |
Process information queried | PID: 2948 Info Class: DefaultHardErrorMode | success or wait | 653970088 |
Process information queried | PID: 2948 Info Class: DefaultHardErrorMode | success or wait | 653971248 |
Process information queried | PID: 2948 Info Class: DefaultHardErrorMode | success or wait | 653971798 |
Process information queried | PID: 2948 Info Class: DefaultHardErrorMode | success or wait | 653972997 |
Section loaded | Path: C:\WINDOWS\system32\en-us\ieframe.dll.mui Access: query and read Type: commit Baseaddress: E30000 Size: 1241088 Protection: write copy Mapped to pid: own pid | success or wait | 653975149 |
Process information queried | PID: 2948 Info Class: DefaultHardErrorMode | success or wait | 653987072 |
Section loaded | Path: \BaseNamedObjects\Internet Explorer Immutable Application State (000009A8-0000-0000-0000-000000000000) Access: read Type: unknown Baseaddress: F60000 Size: 4096 Protection: readonly Mapped to pid: own pid | success or wait | 653994967 |
Process information queried | PID: 2948 Info Class: DefaultHardErrorMode | success or wait | 654002103 |
Section loaded | Path: \KnownDlls\comdlg32.dll Access: write and read and execute Type: unknown Baseaddress: 763B0000 Size: 299008 Protection: read write Mapped to pid: own pid | success or wait | 654003173 |
Process information queried | PID: 2948 Info Class: DefaultHardErrorMode | success or wait | 654013320 |
Process information queried | PID: 2948 Info Class: DefaultHardErrorMode | success or wait | 654031124 |
Section loaded | Path: \KnownDlls\xpshims.dll Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 654032152 |
Section loaded | Path: C:\Program Files\Internet Explorer\xpshims.dll Access: query and write and read and execute Type: image Baseaddress: 451F0000 Size: 24576 Protection: read write Mapped to pid: own pid | success or wait | 654033236 |
Process information queried | PID: 2948 Info Class: DefaultHardErrorMode | success or wait | 654045620 |
Section loaded | Path: C:\WINDOWS\system32\rpcss.dll Access: write and read and execute Type: commit Baseaddress: F70000 Size: 401408 Protection: execute Mapped to pid: own pid | success or wait | 654058059 |
Process information queried | PID: 2948 Info Class: DefaultHardErrorMode | success or wait | 654110936 |
Section loaded | Path: C:\WINDOWS\system32\msctf.dll Access: write and read and execute Type: commit Baseaddress: F70000 Size: 299008 Protection: execute Mapped to pid: own pid | success or wait | 654112284 |
Section loaded | Path: C:\WINDOWS\system32\msctf.dll Access: query and write and read and execute Type: image Baseaddress: 74720000 Size: 311296 Protection: read write Mapped to pid: own pid | success or wait | 654115402 |
Process information queried | PID: 2948 Info Class: Wow64Information | success or wait | 654126835 |
Section loaded | Path: \BaseNamedObjects\CiceroSharedMemDefaultS-1-5-21-507921405-1960408961-839522115-500 Access: query and write and read Type: commit Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name exists | 654127864 |
Process information queried | PID: 2948 Info Class: DefaultHardErrorMode | success or wait | 654136123 |
Section loaded | Path: \BaseNamedObjects\CTF.TimListCache.FMPDefaultS-1-5-21-507921405-1960408961-839522115-500SFM.DefaultS-1-5-21-507921405-1960408961-839522115-500 Access: query and write and read and execute and extend size Type: unknown Baseaddress: F80000 Size: 262144 Protection: read write Mapped to pid: own pid | success or wait | 654136989 |
Section loaded | Path: \BaseNamedObjects\ie_lcie_main_9a8_S-1-5-21-507921405-1960408961-839522115-500 Access: query and write and read Type: commit Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name exists | 654141390 |
Section loaded | Path: \BaseNamedObjects\Isolation Process Registry (0BC6299D-4667-11E1-97AA-08002763FBB4) Access: query and write and read Type: commit Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name exists | 654142493 |
Thread created | PID: 2948 TID: 3204 EIP: 7C8106F9 Imagepath: C:\Program Files\Internet Explorer\iexplore.exe | success or wait | 654143215 |
Thread resumed | TID: 3204 PID: 2948 Path: C:\Program Files\Internet Explorer\iexplore.exe | success or wait | 654143482 |
Section loaded | Path: \BaseNamedObjects\Isolation Signal Registry (0BC6299D-4667-11E1-97AA-08002763FBB4, 0) Access: query and write and read Type: commit Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name exists | 654144667 |
Thread created | PID: 2948 TID: 3208 EIP: 7C8106F9 Imagepath: C:\Program Files\Internet Explorer\iexplore.exe | success or wait | 654150327 |
Thread resumed | TID: 3208 PID: 2948 Path: C:\Program Files\Internet Explorer\iexplore.exe | success or wait | 654151034 |
Thread resumed | TID: 3216 PID: 2948 Path: C:\Program Files\Internet Explorer\iexplore.exe | success or wait | 654159362 |
Process information queried | PID: 2948 Info Class: DefaultHardErrorMode | success or wait | 654162620 |
Process information queried | PID: 2948 Info Class: DefaultHardErrorMode | success or wait | 654162969 |
Process information queried | PID: 2948 Info Class: QuotaLimits | success or wait | 654165581 |
Process information queried | PID: 2948 Info Class: VmCounters | success or wait | 654165922 |
Process information queried | PID: 2948 Info Class: DefaultHardErrorMode | success or wait | 654166275 |
Process information queried | PID: 2948 Info Class: DefaultHardErrorMode | success or wait | 654166619 |
Thread resumed | TID: 3224 PID: 2948 Path: C:\Program Files\Internet Explorer\iexplore.exe | success or wait | 654170034 |
Thread resumed | TID: 1424 PID: 2948 Path: C:\Program Files\Internet Explorer\iexplore.exe | success or wait | 654172891 |
Process information queried | PID: 2948 Info Class: DefaultHardErrorMode | success or wait | 654175327 |
Thread resumed | TID: 3228 PID: 2948 Path: C:\Program Files\Internet Explorer\iexplore.exe | success or wait | 654176015 |
Thread resumed | TID: 3232 PID: 2948 Path: C:\Program Files\Internet Explorer\iexplore.exe | success or wait | 654179887 |
Section loaded | Path: C:\WINDOWS\system32\winlogon.exe Access: write and read and execute Type: commit Baseaddress: 1850000 Size: 507904 Protection: execute Mapped to pid: own pid | success or wait | 654185600 |
Section loaded | Path: \KnownDlls\xpsp2res.dll Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 654194219 |
Section loaded | Path: C:\WINDOWS\system32\xpsp2res.dll Access: query and write and read and execute Type: image Baseaddress: 1850000 Size: 2904064 Protection: read write Mapped to pid: own pid | conflicting addresses | 654194840 |
Section loaded | Path: C:\Program Files\Internet Explorer\sqmapi.dll Access: write and read and execute Type: commit Baseaddress: 1B20000 Size: 135168 Protection: execute Mapped to pid: own pid | success or wait | 654198041 |
Section loaded | Path: C:\Program Files\Internet Explorer\sqmapi.dll Access: query and write and read and execute Type: image Baseaddress: 6CD00000 Size: 147456 Protection: read write Mapped to pid: own pid | success or wait | 654200641 |
Process information queried | PID: 2948 Info Class: Wow64Information | success or wait | 654212259 |
Thread resumed | TID: 3236 PID: 2948 Path: C:\Program Files\Internet Explorer\iexplore.exe | success or wait | 654234827 |
Thread resumed | TID: 3240 PID: 2948 Path: C:\Program Files\Internet Explorer\iexplore.exe | success or wait | 654241579 |
Process information queried | PID: 2948 Info Class: DeviceMap | success or wait | 654285630 |
Section loaded | Path: \KnownDlls\SETUPAPI.dll Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 654286759 |
Section loaded | Path: C:\WINDOWS\system32\setupapi.dll Access: query and write and read and execute Type: image Baseaddress: 77920000 Size: 995328 Protection: read write Mapped to pid: own pid | success or wait | 654288704 |
Process information queried | PID: 2948 Info Class: Wow64Information | success or wait | 654297652 |
Section loaded | Path: \KnownDlls\CLBCATQ.DLL Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 654313520 |
Section loaded | Path: C:\WINDOWS\system32\clbcatq.dll Access: query and write and read and execute Type: image Baseaddress: 76FD0000 Size: 520192 Protection: read write Mapped to pid: own pid | success or wait | 654314243 |
Section loaded | Path: \KnownDlls\COMRes.dll Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 654316020 |
Section loaded | Path: C:\WINDOWS\system32\comres.dll Access: query and write and read and execute Type: image Baseaddress: 77050000 Size: 806912 Protection: read write Mapped to pid: own pid | success or wait | 654316779 |
Section loaded | Path: \KnownDlls\VERSION.dll Access: write and read and execute Type: unknown Baseaddress: 77C00000 Size: 32768 Protection: read write Mapped to pid: own pid | success or wait | 654320265 |
Process information queried | PID: 2948 Info Class: Wow64Information | success or wait | 654335017 |
Section loaded | Path: C:\Program Files\Internet Explorer\ieproxy.dll Access: write and read and execute Type: commit Baseaddress: 1D30000 Size: 249856 Protection: execute Mapped to pid: own pid | success or wait | 654394578 |
Section loaded | Path: C:\Program Files\Internet Explorer\ieproxy.dll Access: query and write and read and execute Type: image Baseaddress: 439B0000 Size: 262144 Protection: read write Mapped to pid: own pid | success or wait | 654398279 |
Process information queried | PID: 2948 Info Class: DeviceMap | success or wait | 654405973 |
Process information queried | PID: 2948 Info Class: DeviceMap | success or wait | 654406324 |
Process information queried | PID: 2948 Info Class: DeviceMap | success or wait | 654406673 |
Thread resumed | TID: 3312 PID: 2948 Path: C:\Program Files\Internet Explorer\iexplore.exe | success or wait | 654471880 |
Process information queried | PID: 2948 Info Class: DeviceMap | success or wait | 654551174 |
Process information queried | PID: 2948 Info Class: DeviceMap | success or wait | 654578639 |
Process information queried | PID: 2948 Info Class: DeviceMap | success or wait | 654590909 |
Section loaded | Path: \BaseNamedObjects\Local\IEFrame!GetAsyncKeyStateSharedMem!2472 Access: query and write and read Type: commit Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name exists | 654610159 |
Section loaded | Path: \BaseNamedObjects\Local\C:_Documents and Settings_Administrator_Local Settings_Temporary Internet Files_Content.IE5_index.dat_32768 Access: write Type: unknown Baseaddress: 1E50000 Size: 32768 Protection: read write Mapped to pid: own pid | success or wait | 654619721 |
Section loaded | Path: \BaseNamedObjects\Local\C:_Documents and Settings_Administrator_Cookies_index.dat_16384 Access: write Type: unknown Baseaddress: 1E60000 Size: 16384 Protection: read write Mapped to pid: own pid | success or wait | 654625578 |
Section loaded | Path: \BaseNamedObjects\Local\C:_Documents and Settings_Administrator_Local Settings_History_History.IE5_index.dat_32768 Access: write Type: unknown Baseaddress: 1E70000 Size: 32768 Protection: read write Mapped to pid: own pid | success or wait | 654632051 |
Thread delayed | Time: 0 TID: 3124 | success or wait | 654638531 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters Name: WinSock_Registry_Version | success or wait | 655471902 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9 Name: Serial_Access_Num | success or wait | 655473198 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9 Name: Serial_Access_Num | success or wait | 655474383 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9 Name: Next_Catalog_Entry_ID | success or wait | 655474999 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9 Name: Num_Catalog_Entries | success or wait | 655475568 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001 Name: PackedCatalogItem | buffer overflow | 655476868 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001 Name: PackedCatalogItem | buffer overflow | 655482519 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001 Name: PackedCatalogItem | success or wait | 655483109 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002 Name: PackedCatalogItem | buffer overflow | 655485096 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002 Name: PackedCatalogItem | buffer overflow | 655485688 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002 Name: PackedCatalogItem | success or wait | 655486268 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003 Name: PackedCatalogItem | buffer overflow | 655488219 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003 Name: PackedCatalogItem | buffer overflow | 655488811 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003 Name: PackedCatalogItem | success or wait | 655489390 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004 Name: PackedCatalogItem | buffer overflow | 655491337 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004 Name: PackedCatalogItem | buffer overflow | 655491928 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004 Name: PackedCatalogItem | success or wait | 655492507 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005 Name: PackedCatalogItem | buffer overflow | 655494489 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005 Name: PackedCatalogItem | buffer overflow | 655495074 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005 Name: PackedCatalogItem | success or wait | 655496099 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006 Name: PackedCatalogItem | buffer overflow | 655498083 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006 Name: PackedCatalogItem | buffer overflow | 655498675 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006 Name: PackedCatalogItem | success or wait | 655499255 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007 Name: PackedCatalogItem | buffer overflow | 655501202 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007 Name: PackedCatalogItem | buffer overflow | 655501790 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007 Name: PackedCatalogItem | success or wait | 655502368 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008 Name: PackedCatalogItem | buffer overflow | 655504315 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008 Name: PackedCatalogItem | buffer overflow | 655504902 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008 Name: PackedCatalogItem | success or wait | 655505449 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009 Name: PackedCatalogItem | buffer overflow | 655507536 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009 Name: PackedCatalogItem | buffer overflow | 655508128 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009 Name: PackedCatalogItem | success or wait | 655509262 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010 Name: PackedCatalogItem | buffer overflow | 655511223 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010 Name: PackedCatalogItem | buffer overflow | 655511813 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010 Name: PackedCatalogItem | success or wait | 655512394 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011 Name: PackedCatalogItem | buffer overflow | 655514338 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011 Name: PackedCatalogItem | buffer overflow | 655514928 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011 Name: PackedCatalogItem | success or wait | 655515509 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012 Name: PackedCatalogItem | buffer overflow | 655517459 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012 Name: PackedCatalogItem | buffer overflow | 655518044 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012 Name: PackedCatalogItem | success or wait | 655518625 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000013 Name: PackedCatalogItem | buffer overflow | 655519480 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000013 Name: PackedCatalogItem | buffer overflow | 655520073 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000013 Name: PackedCatalogItem | success or wait | 655520658 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5 Name: Serial_Access_Num | success or wait | 655522897 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5 Name: Serial_Access_Num | success or wait | 655523524 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5 Name: Num_Catalog_Entries | success or wait | 655524127 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001 Name: LibraryPath | success or wait | 655524909 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001 Name: DisplayString | success or wait | 655526069 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001 Name: DisplayString | success or wait | 655527215 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001 Name: ProviderId | success or wait | 655528367 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001 Name: AddressFamily | object name not found | 655528945 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001 Name: SupportedNameSpace | success or wait | 655529527 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001 Name: Enabled | success or wait | 655530105 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001 Name: Version | success or wait | 655530679 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001 Name: StoresServiceClassInfo | success or wait | 655531262 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002 Name: LibraryPath | success or wait | 655532288 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002 Name: DisplayString | success or wait | 655547893 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002 Name: DisplayString | success or wait | 655549139 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002 Name: ProviderId | success or wait | 655550291 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002 Name: AddressFamily | object name not found | 655550875 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002 Name: SupportedNameSpace | success or wait | 655551457 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002 Name: Enabled | success or wait | 655552036 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002 Name: Version | success or wait | 655552611 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002 Name: StoresServiceClassInfo | success or wait | 655553191 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003 Name: LibraryPath | success or wait | 655554711 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003 Name: DisplayString | success or wait | 655555870 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003 Name: DisplayString | success or wait | 655557016 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003 Name: ProviderId | success or wait | 655558168 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003 Name: AddressFamily | object name not found | 655558752 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003 Name: SupportedNameSpace | success or wait | 655559338 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003 Name: Enabled | success or wait | 655559919 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003 Name: Version | success or wait | 655560497 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003 Name: StoresServiceClassInfo | success or wait | 655561079 |
Process information queried | PID: 2948 Info Class: SessionInformation | success or wait | 655638041 |
Section loaded | Path: \BaseNamedObjects\windows_ie_global_counters Access: write and read Type: unknown Baseaddress: 1E80000 Size: 4096 Protection: read write Mapped to pid: own pid | success or wait | 655638400 |
Process information queried | PID: 2472 Info Class: SessionInformation | success or wait | 655640950 |
Section loaded | Path: \KnownDlls\MLANG.dll Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 655690237 |
Section loaded | Path: C:\WINDOWS\system32\mlang.dll Access: query and write and read and execute Type: image Baseaddress: 75CF0000 Size: 593920 Protection: read write Mapped to pid: own pid | success or wait | 655692785 |
Section loaded | Path: C:\WINDOWS\system32\mlang.dll Access: read Type: commit Baseaddress: 1EC0000 Size: 589824 Protection: readonly Mapped to pid: own pid | success or wait | 655715514 |
Thread delayed | Time: 0 TID: 3124 | success or wait | 655757153 |
Section loaded | Path: \KnownDlls\UxTheme.dll Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 655780254 |
Section loaded | Path: C:\WINDOWS\system32\uxtheme.dll Access: query and write and read and execute Type: image Baseaddress: 5AD70000 Size: 229376 Protection: read write Mapped to pid: own pid | success or wait | 655782458 |
Section loaded | Path: C:\WINDOWS\system32\msctfime.ime Access: write and read and execute Type: commit Baseaddress: 1EC0000 Size: 180224 Protection: execute Mapped to pid: own pid | success or wait | 655810212 |
Section loaded | Path: C:\WINDOWS\system32\msctfime.ime Access: query and read Type: commit Baseaddress: 1EC0000 Size: 180224 Protection: readonly Mapped to pid: own pid | success or wait | 655814004 |
Section loaded | Path: C:\WINDOWS\system32\msctfime.ime Access: write and read and execute Type: commit Baseaddress: 1EC0000 Size: 180224 Protection: execute Mapped to pid: own pid | success or wait | 655820826 |
Section loaded | Path: C:\WINDOWS\system32\msctfime.ime Access: query and read Type: commit Baseaddress: 1EC0000 Size: 180224 Protection: readonly Mapped to pid: own pid | success or wait | 655824774 |
Section loaded | Path: \KnownDlls\apphelp.dll Access: write and read and execute Type: unknown Baseaddress: 77B40000 Size: 139264 Protection: read write Mapped to pid: own pid | success or wait | 655829620 |
Section loaded | Path: C:\WINDOWS\AppPatch\sysmain.sdb Access: read Type: commit Baseaddress: 1EC0000 Size: 1208320 Protection: readonly Mapped to pid: own pid | success or wait | 655841805 |
Process information queried | PID: 2948 Info Class: Wow64Information | success or wait | 655844495 |
Process information queried | PID: 2948 Info Class: DeviceMap | success or wait | 655856514 |
Section loaded | Path: \BaseNamedObjects\ShimSharedMemory Access: write Type: unknown Baseaddress: 1EA0000 Size: 57344 Protection: read write Mapped to pid: own pid | success or wait | 655860060 |
Section loaded | Path: C:\WINDOWS\system32\msctfime.ime Access: write and read and execute Type: commit Baseaddress: 1EC0000 Size: 180224 Protection: execute Mapped to pid: own pid | success or wait | 655863258 |
Section loaded | Path: C:\WINDOWS\system32\msctfime.ime Access: query and write and read and execute Type: image Baseaddress: 755C0000 Size: 188416 Protection: read write Mapped to pid: own pid | success or wait | 655867329 |
Section loaded | Path: C:\WINDOWS\AppPatch\sysmain.sdb Access: read Type: commit Baseaddress: 1ED0000 Size: 1208320 Protection: readonly Mapped to pid: own pid | success or wait | 655892151 |
Process information queried | PID: 2948 Info Class: DeviceMap | success or wait | 655905630 |
Section loaded | Path: unknown Access: query and write and read Type: commit Baseaddress: 1EF0000 Size: 4096 Protection: read write Mapped to pid: own pid | success or wait | 655923843 |
Section loaded | Path: C:\WINDOWS\AppPatch\sysmain.sdb Access: read Type: commit Baseaddress: 1EF0000 Size: 1208320 Protection: readonly Mapped to pid: own pid | success or wait | 655978177 |
Process information queried | PID: 2948 Info Class: DeviceMap | success or wait | 655989694 |
Process information queried | PID: 2948 Info Class: SessionInformation | success or wait | 656035237 |
Section loaded | Path: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll Access: write and read and execute Type: commit Baseaddress: 1EF0000 Size: 77824 Protection: execute Mapped to pid: own pid | success or wait | 656042371 |
Section loaded | Path: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll Access: query and write and read and execute Type: image Baseaddress: 10000000 Size: 69632 Protection: read write Mapped to pid: own pid | success or wait | 656049043 |
Section loaded | Path: C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcr80.dll Access: query and write and read and execute Type: image Baseaddress: 1F00000 Size: 634880 Protection: read write Mapped to pid: own pid | conflicting addresses | 656109132 |
Section loaded | Path: C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcp80.dll Access: query and write and read and execute Type: image Baseaddress: 7C420000 Size: 552960 Protection: read write Mapped to pid: own pid | success or wait | 656273396 |
Section loaded | Path: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll Access: write and read and execute Type: commit Baseaddress: 1FB0000 Size: 65536 Protection: execute Mapped to pid: own pid | success or wait | 656334099 |
Section loaded | Path: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll Access: query and write and read and execute Type: image Baseaddress: 1FB0000 Size: 65536 Protection: read write Mapped to pid: own pid | conflicting addresses | 656336140 |
Process information queried | PID: 2948 Info Class: SessionInformation | success or wait | 656362356 |
Section loaded | Path: C:\WINDOWS\AppPatch\sysmain.sdb Access: read Type: commit Baseaddress: 1FD0000 Size: 1208320 Protection: readonly Mapped to pid: own pid | success or wait | 656369126 |
Process information queried | PID: 2948 Info Class: DeviceMap | success or wait | 656372733 |
Process information queried | PID: 2948 Info Class: SessionInformation | success or wait | 656635890 |
Section loaded | Path: C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Access: write and read and execute Type: commit Baseaddress: 1FD0000 Size: 1253376 Protection: execute Mapped to pid: own pid | success or wait | 656638465 |
Section loaded | Path: C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Access: query and write and read and execute Type: image Baseaddress: 1FD0000 Size: 1282048 Protection: read write Mapped to pid: own pid | conflicting addresses | 656640968 |
Section loaded | Path: \KnownDlls\WINTRUST.dll Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 656703259 |
Section loaded | Path: C:\WINDOWS\system32\wintrust.dll Access: query and write and read and execute Type: image Baseaddress: 76C30000 Size: 188416 Protection: read write Mapped to pid: own pid | success or wait | 656706571 |
Section loaded | Path: \KnownDlls\IMAGEHLP.dll Access: write and read and execute Type: unknown Baseaddress: 76C90000 Size: 163840 Protection: read write Mapped to pid: own pid | success or wait | 656719721 |
Section loaded | Path: C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll Access: query and write and read and execute Type: image Baseaddress: 4EC50000 Size: 1748992 Protection: read write Mapped to pid: own pid | success or wait | 656728401 |
Section loaded | Path: C:\WINDOWS\AppPatch\sysmain.sdb Access: read Type: commit Baseaddress: 2230000 Size: 1208320 Protection: readonly Mapped to pid: own pid | success or wait | 656775133 |
Process information queried | PID: 2948 Info Class: DeviceMap | success or wait | 656779337 |
Process information queried | PID: 2948 Info Class: SessionInformation | success or wait | 656786841 |
Section loaded | Path: C:\Program Files\Java\jre6\bin\jp2ssv.dll Access: write and read and execute Type: commit Baseaddress: 2230000 Size: 45056 Protection: execute Mapped to pid: own pid | success or wait | 656789297 |
Section loaded | Path: C:\Program Files\Java\jre6\bin\jp2ssv.dll Access: query and write and read and execute Type: image Baseaddress: 6D430000 Size: 49152 Protection: read write Mapped to pid: own pid | success or wait | 656791682 |
Section loaded | Path: \KnownDlls\MSVCR71.dll Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 656796853 |
Section loaded | Path: C:\Program Files\Java\jre6\bin\msvcr71.dll Access: query and write and read and execute Type: image Baseaddress: 7C340000 Size: 352256 Protection: read write Mapped to pid: own pid | success or wait | 656797634 |
Thread delayed | Time: 0 TID: 3124 | success or wait | 656875477 |
Thread delayed | Time: 0 TID: 3124 | success or wait | 657993968 |
Thread delayed | Time: 0 TID: 3124 | success or wait | 659450564 |
Thread delayed | Time: 0 TID: 3124 | success or wait | 660589991 |
Section loaded | Path: C:\WINDOWS\AppPatch\sysmain.sdb Access: read Type: commit Baseaddress: 2240000 Size: 1208320 Protection: readonly Mapped to pid: own pid | success or wait | 660875136 |
Process information queried | PID: 2948 Info Class: DeviceMap | success or wait | 660880951 |
Process information queried | PID: 2948 Info Class: SessionInformation | success or wait | 660898269 |
Section loaded | Path: C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll Access: write and read and execute Type: commit Baseaddress: 2240000 Size: 81920 Protection: execute Mapped to pid: own pid | success or wait | 660901562 |
Section loaded | Path: C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll Access: query and write and read and execute Type: image Baseaddress: 6DAF0000 Size: 73728 Protection: read write Mapped to pid: own pid | success or wait | 660904293 |
Section loaded | Path: C:\WINDOWS\system32\mswsock.dll Access: write and read and execute Type: commit Baseaddress: 2240000 Size: 245760 Protection: execute Mapped to pid: own pid | success or wait | 660915409 |
Section loaded | Path: C:\WINDOWS\system32\mswsock.dll Access: query and write and read and execute Type: image Baseaddress: 71A50000 Size: 258048 Protection: read write Mapped to pid: own pid | success or wait | 660916724 |
Section loaded | Path: \KnownDlls\hnetcfg.dll Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 660922122 |
Section loaded | Path: C:\WINDOWS\system32\hnetcfg.dll Access: query and write and read and execute Type: image Baseaddress: 662B0000 Size: 360448 Protection: read write Mapped to pid: own pid | success or wait | 660922836 |
Section loaded | Path: C:\WINDOWS\system32\wshtcpip.dll Access: write and read and execute Type: commit Baseaddress: 2240000 Size: 20480 Protection: execute Mapped to pid: own pid | success or wait | 660934769 |
Section loaded | Path: C:\WINDOWS\system32\wshtcpip.dll Access: query and write and read and execute Type: image Baseaddress: 71A90000 Size: 32768 Protection: read write Mapped to pid: own pid | success or wait | 660937129 |
Thread resumed | TID: 3384 PID: 2948 Path: C:\Program Files\Internet Explorer\iexplore.exe | success or wait | 660978824 |
Process information queried | PID: 2948 Info Class: SessionInformation | success or wait | 660989240 |
Process information queried | PID: 2948 Info Class: SessionInformation | success or wait | 661001397 |
Section loaded | Path: \KnownDlls\SXS.DLL Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 661054004 |
Section loaded | Path: C:\WINDOWS\system32\sxs.dll Access: query and write and read and execute Type: image Baseaddress: 7E720000 Size: 720896 Protection: read write Mapped to pid: own pid | success or wait | 661056486 |
Section loaded | Path: C:\WINDOWS\system32\ieframe.dll Access: query and read Type: commit Baseaddress: 23D0000 Size: 69632 Protection: readonly Mapped to pid: own pid | success or wait | 661210201 |
Section loaded | Path: C:\WINDOWS\system32\stdole2.tlb Access: query and read Type: commit Baseaddress: 23F0000 Size: 16384 Protection: readonly Mapped to pid: own pid | success or wait | 661250391 |
Thread delayed | Time: 0 TID: 3124 | success or wait | 661693046 |
Section loaded | Path: C:\WINDOWS\system32\actxprxy.dll Access: write and read and execute Type: commit Baseaddress: 23D0000 Size: 98304 Protection: execute Mapped to pid: own pid | success or wait | 661969533 |
Section loaded | Path: C:\WINDOWS\system32\actxprxy.dll Access: query and write and read and execute Type: image Baseaddress: 71D40000 Size: 110592 Protection: read write Mapped to pid: own pid | success or wait | 661977089 |
Section loaded | Path: C:\WINDOWS\system32\ieframe.dll Access: query and read Type: commit Baseaddress: 23D0000 Size: 69632 Protection: readonly Mapped to pid: own pid | success or wait | 662620772 |
Thread delayed | Time: 0 TID: 3124 | success or wait | 662811216 |
Thread delayed | Time: 0 TID: 3124 | success or wait | 663925454 |
Thread resumed | TID: 3652 PID: 2948 Path: C:\Program Files\Internet Explorer\iexplore.exe | success or wait | 664373513 |
Process information queried | PID: 2948 Info Class: SessionInformation | success or wait | 664442223 |
Section loaded | Path: \BaseNamedObjects\Local\C:_Documents and Settings_Administrator_Local Settings_Application Data_Microsoft_Feeds Cache_index.dat_32768 Access: write Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 664478824 |
Section loaded | Path: \BaseNamedObjects\Local\C:_Documents and Settings_Administrator_Local Settings_Application Data_Microsoft_Feeds Cache_index.dat_32768 Access: query and write and read Type: commit Baseaddress: 24F0000 Size: 32768 Protection: read write Mapped to pid: own pid | success or wait | 664479174 |
Section loaded | Path: \BaseNamedObjects\Local\IEHistJournalFm_24c20119-753b-4f33-887d-f2381810562d_150C75A_C::DOCUMENTS AND SETTINGS:ADMINISTRATOR:LOCAL SETTINGS:TEMPORARY INTERNET FILES:SUGGESTEDSITES.DAT Access: query and write and read Type: commit Baseaddress: 2500000 Size: 5246976 Protection: read write Mapped to pid: own pid | success or wait | 664517678 |
Section loaded | Path: \BaseNamedObjects\Local\UrlZonesSM_Administrator Access: query and write and read Type: commit Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name exists | 664525002 |
Section loaded | Path: \KnownDlls\RASAPI32.dll Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 664567652 |
Section loaded | Path: C:\WINDOWS\system32\rasapi32.dll Access: query and write and read and execute Type: image Baseaddress: 76EE0000 Size: 245760 Protection: read write Mapped to pid: own pid | success or wait | 664568278 |
Section loaded | Path: \KnownDlls\rasman.dll Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 664571396 |
Section loaded | Path: C:\WINDOWS\system32\rasman.dll Access: query and write and read and execute Type: image Baseaddress: 76E90000 Size: 73728 Protection: read write Mapped to pid: own pid | success or wait | 664572028 |
Section loaded | Path: \KnownDlls\NETAPI32.dll Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 664574349 |
Section loaded | Path: C:\WINDOWS\system32\netapi32.dll Access: query and write and read and execute Type: image Baseaddress: 5B860000 Size: 348160 Protection: read write Mapped to pid: own pid | success or wait | 664575005 |
Section loaded | Path: \KnownDlls\TAPI32.dll Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 664579436 |
Section loaded | Path: C:\WINDOWS\system32\tapi32.dll Access: query and write and read and execute Type: image Baseaddress: 76EB0000 Size: 192512 Protection: read write Mapped to pid: own pid | success or wait | 664580063 |
Section loaded | Path: \KnownDlls\rtutils.dll Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 664583086 |
Section loaded | Path: C:\WINDOWS\system32\rtutils.dll Access: query and write and read and execute Type: image Baseaddress: 76E80000 Size: 57344 Protection: read write Mapped to pid: own pid | success or wait | 664583741 |
Section loaded | Path: \KnownDlls\WINMM.dll Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 664587061 |
Section loaded | Path: C:\WINDOWS\system32\winmm.dll Access: query and write and read and execute Type: image Baseaddress: 76B40000 Size: 184320 Protection: read write Mapped to pid: own pid | success or wait | 664587723 |
Section loaded | Path: C:\WINDOWS\system32\tapi32.dll Access: read Type: commit Baseaddress: 2A20000 Size: 184320 Protection: readonly Mapped to pid: own pid | success or wait | 664620247 |
Section loaded | Path: \KnownDlls\msapsspc.dll Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 664730362 |
Section loaded | Path: C:\WINDOWS\system32\msapsspc.dll Access: query and write and read and execute Type: image Baseaddress: 71E50000 Size: 86016 Protection: read write Mapped to pid: own pid | success or wait | 664731309 |
Section loaded | Path: \KnownDlls\MSVCRT40.dll Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 664746371 |
Section loaded | Path: C:\WINDOWS\system32\msvcrt40.dll Access: query and write and read and execute Type: image Baseaddress: 78080000 Size: 69632 Protection: read write Mapped to pid: own pid | success or wait | 664747093 |
Section loaded | Path: \KnownDlls\schannel.dll Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 664780803 |
Section loaded | Path: C:\WINDOWS\system32\schannel.dll Access: query and write and read and execute Type: image Baseaddress: 767F0000 Size: 163840 Protection: read write Mapped to pid: own pid | success or wait | 664782443 |
Section loaded | Path: \KnownDlls\digest.dll Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 664854264 |
Section loaded | Path: C:\WINDOWS\system32\digest.dll Access: query and write and read and execute Type: image Baseaddress: 75B00000 Size: 86016 Protection: read write Mapped to pid: own pid | success or wait | 664857224 |
Section loaded | Path: \KnownDlls\msnsspc.dll Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 664884219 |
Section loaded | Path: C:\WINDOWS\system32\msnsspc.dll Access: query and write and read and execute Type: image Baseaddress: 747B0000 Size: 290816 Protection: read write Mapped to pid: own pid | success or wait | 664884928 |
Section loaded | Path: \KnownDlls\MSVCRT40.dll Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 664892213 |
Section loaded | Path: C:\WINDOWS\system32\msvcrt40.dll Access: query and write and read and execute Type: image Baseaddress: 78080000 Size: 69632 Protection: read write Mapped to pid: own pid | success or wait | 664892924 |
Section loaded | Path: \KnownDlls\sensapi.dll Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 664909045 |
Section loaded | Path: C:\WINDOWS\system32\sensapi.dll Access: query and write and read and execute Type: image Baseaddress: 722B0000 Size: 20480 Protection: read write Mapped to pid: own pid | success or wait | 664910078 |
Section loaded | Path: \BaseNamedObjects\SENS Information Cache Access: read Type: unknown Baseaddress: 2A20000 Size: 4096 Protection: readonly Mapped to pid: own pid | success or wait | 664918885 |
Section loaded | Path: C:\WINDOWS\system32\msv1_0.dll Access: write and read and execute Type: commit Baseaddress: 2A60000 Size: 139264 Protection: execute Mapped to pid: own pid | success or wait | 664931352 |
Section loaded | Path: C:\WINDOWS\system32\msv1_0.dll Access: query and write and read and execute Type: image Baseaddress: 77C70000 Size: 151552 Protection: read write Mapped to pid: own pid | success or wait | 664936651 |
Section loaded | Path: \KnownDlls\cryptdll.dll Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 664941571 |
Section loaded | Path: C:\WINDOWS\system32\cryptdll.dll Access: query and write and read and execute Type: image Baseaddress: 76790000 Size: 49152 Protection: read write Mapped to pid: own pid | success or wait | 664942275 |
Section loaded | Path: \KnownDlls\iphlpapi.dll Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 664950903 |
Section loaded | Path: C:\WINDOWS\system32\iphlpapi.dll Access: query and write and read and execute Type: image Baseaddress: 76D60000 Size: 102400 Protection: read write Mapped to pid: own pid | success or wait | 664953019 |
Section loaded | Path: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll Access: query and read Type: commit Baseaddress: 2A40000 Size: 53248 Protection: readonly Mapped to pid: own pid | success or wait | 664980610 |
Thread delayed | Time: 0 TID: 3124 | success or wait | 665049909 |
Process information queried | PID: 2948 Info Class: SessionInformation | success or wait | 665157411 |
Section loaded | Path: C:\WINDOWS\system32\en-us\urlmon.dll.mui Access: query and read Type: commit Baseaddress: 2A80000 Size: 40960 Protection: write copy Mapped to pid: own pid | success or wait | 665167652 |
Section loaded | Path: \BaseNamedObjects\Local\!PrivacIE!SharedMem!Settings Access: query and write and read Type: commit Baseaddress: 2A90000 Size: 4096 Protection: read write Mapped to pid: own pid | success or wait | 665449983 |
Process information queried | PID: 2948 Info Class: Wow64Information | success or wait | 665533188 |
Process information queried | PID: 2948 Info Class: Wow64Information | success or wait | 665549230 |
Process information queried | PID: 2948 Info Class: Wow64Information | success or wait | 665556958 |
Thread resumed | TID: 3892 PID: 2948 Path: C:\Program Files\Internet Explorer\iexplore.exe | success or wait | 665570314 |
Section loaded | Path: C:\Program Files\Internet Explorer\iecompat.dll Access: write and read and execute Type: commit Baseaddress: 2BA0000 Size: 4096 Protection: execute Mapped to pid: own pid | success or wait | 665594549 |
Section loaded | Path: C:\Program Files\Internet Explorer\iecompat.dll Access: query and read Type: commit Baseaddress: 2BA0000 Size: 4096 Protection: readonly Mapped to pid: own pid | success or wait | 665597914 |
Section loaded | Path: C:\Program Files\Internet Explorer\iecompat.dll Access: write and read and execute Type: commit Baseaddress: 2BA0000 Size: 4096 Protection: execute Mapped to pid: own pid | success or wait | 665601763 |
Section loaded | Path: C:\Program Files\Internet Explorer\iecompat.dll Access: query and read Type: commit Baseaddress: 2BA0000 Size: 4096 Protection: readonly Mapped to pid: own pid | success or wait | 665603864 |
Section loaded | Path: \BaseNamedObjects\Local\C:_Documents and Settings_Administrator_IECompatCache_index.dat_16384 Access: write Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 665618333 |
Section loaded | Path: \BaseNamedObjects\Local\C:_Documents and Settings_Administrator_IECompatCache_index.dat_16384 Access: query and write and read Type: commit Baseaddress: 2BA0000 Size: 16384 Protection: read write Mapped to pid: own pid | success or wait | 665618706 |
Section loaded | Path: \BaseNamedObjects\windows_ie_global_counters Access: write and read Type: unknown Baseaddress: 2BB0000 Size: 4096 Protection: read write Mapped to pid: own pid | success or wait | 665620550 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer Name: Version | success or wait | 665624276 |
Process information queried | PID: 2948 Info Class: Wow64Information | success or wait | 665625543 |
File opened | Path: C:\WINDOWS\system32\wininet.dll Access: synchronize and generic read Options: synchronous io non alert and non directory file and random access Overwritten: false | success or wait | 665625895 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and write and read and execute and extend size Type: image Baseaddress: 2BC0000 Size: 942080 Protection: readonly Mapped to pid: own pid | image not at base | 665626480 |
Process information queried | PID: 2948 Info Class: Wow64Information | success or wait | 665630511 |
File opened | Path: C:\WINDOWS\system32\wininet.dll Access: synchronize and generic read Options: synchronous io non alert and non directory file and random access Overwritten: false | success or wait | 665632160 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and write and read and execute and extend size Type: image Baseaddress: 2BE0000 Size: 942080 Protection: readonly Mapped to pid: own pid | image not at base | 665632706 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters Name: WinSock_Registry_Version | success or wait | 665635742 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters Name: AutodialDLL | object name not found | 665641346 |
Section loaded | Path: \KnownDlls\rasadhlp.dll Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 665641857 |
Section loaded | Path: C:\WINDOWS\system32\rasadhlp.dll Access: query and write and read and execute Type: image Baseaddress: 76FC0000 Size: 24576 Protection: read write Mapped to pid: own pid | success or wait | 665644552 |
Section loaded | Path: \BaseNamedObjects\ie_lcie_ConnHashTable<2472>_S-1-5-21-507921405-1960408961-839522115-500 Access: query and write and read Type: commit Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name exists | 665667732 |
Section loaded | Path: \KnownDlls\DNSAPI.dll Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 665674838 |
Section loaded | Path: C:\WINDOWS\system32\dnsapi.dll Access: query and write and read and execute Type: image Baseaddress: 76F20000 Size: 159744 Protection: read write Mapped to pid: own pid | success or wait | 665675886 |
Thread resumed | TID: 3900 PID: 2948 Path: C:\Program Files\Internet Explorer\iexplore.exe | success or wait | 665751896 |
Thread resumed | TID: 3920 PID: 2948 Path: C:\Program Files\Internet Explorer\iexplore.exe | success or wait | 665755814 |
Thread delayed | Time: 0 TID: 3124 | success or wait | 666165543 |
Thread delayed | Time: 0 TID: 3124 | success or wait | 667281207 |
Section loaded | Path: \BaseNamedObjects\Local\C:_Documents and Settings_Administrator_Cookies_index.dat_32768 Access: write Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 667935130 |
Section loaded | Path: \BaseNamedObjects\Local\C:_Documents and Settings_Administrator_Cookies_index.dat_32768 Access: query and write and read Type: commit Baseaddress: 1E60000 Size: 32768 Protection: read write Mapped to pid: own pid | success or wait | 667935314 |
Section loaded | Path: \BaseNamedObjects\Local\C:_Documents and Settings_Administrator_IETldCache_index.dat_262144 Access: write Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 667961553 |
Section loaded | Path: \BaseNamedObjects\Local\C:_Documents and Settings_Administrator_IETldCache_index.dat_262144 Access: query and write and read Type: commit Baseaddress: 2E50000 Size: 262144 Protection: read write Mapped to pid: own pid | success or wait | 667961813 |
Thread delayed | Time: 0 TID: 3124 | success or wait | 668406776 |
Thread delayed | Time: 0 TID: 3124 | success or wait | 669523784 |
Thread delayed | Time: 0 TID: 3124 | success or wait | 670644327 |
Thread delayed | Time: 0 TID: 3124 | success or wait | 671762147 |
Thread delayed | Time: 0 TID: 3124 | success or wait | 672884272 |
Thread resumed | TID: 4052 PID: 2948 Path: C:\Program Files\Internet Explorer\iexplore.exe | success or wait | 673661696 |
Thread delayed | Time: 0 TID: 3124 | success or wait | 673997323 |
Thread delayed | Time: 0 TID: 3124 | success or wait | 675115944 |
Thread delayed | Time: 0 TID: 3124 | success or wait | 676234648 |
Thread delayed | Time: 0 TID: 3124 | success or wait | 677353744 |
Thread delayed | Time: 0 TID: 3124 | success or wait | 678978125 |
Thread delayed | Time: 0 TID: 3124 | success or wait | 680567606 |
Section loaded | Path: \NLS\NlsSectionCP20127 Access: read Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 680894642 |
Process information queried | PID: 2948 Info Class: Wow64Information | success or wait | 681022804 |
File opened | Path: C:\WINDOWS\system32\wininet.dll Access: synchronize and generic read Options: synchronous io non alert and non directory file and random access Overwritten: false | success or wait | 681023312 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and write and read and execute and extend size Type: image Baseaddress: 2FB0000 Size: 942080 Protection: readonly Mapped to pid: own pid | image not at base | 681024364 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\5B7NHQO2\google_fr[1].txt Offset: unknown Length: 4096 Value: 3C 21 64 6F 63 74 79 70 65 20 68 74 6D 6C 3E 3C 68 74 6D 6C 20 69 74 65 6D 73 63 6F 70 65 3D 22 69 74 65 6D 73 63 6F 70 65 22 20 69 74 65 6D 74 79 70 65 3D 22 68 74 74 70 3A 2F 2F 73 63 68 65 6D 61 2E 6F 72 67 2F 57 65 62 50 61 67 65 22 3E 3C 68 65 61 64 3E 3C 6D 65 74 61 20 63 6F 6E 74 65 6E 74 3D | success or wait | 681056986 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\5B7NHQO2\google_fr[1].txt Offset: unknown Length: 4096 Value: 65 64 20 64 61 73 68 65 64 3B 62 6F 72 64 65 72 2D 63 6F 6C 6F 72 3A 74 72 61 6E 73 70 61 72 65 6E 74 3B 62 6F 72 64 65 72 2D 74 6F 70 2D 63 6F 6C 6F 72 3A 23 63 30 63 30 63 30 3B 64 69 73 70 6C 61 79 3A 2D 6D 6F 7A 2D 69 6E 6C 69 6E 65 2D 62 6F 78 3B 64 69 73 70 6C 61 79 3A 69 6E 6C 69 6E 65 2D 62 | success or wait | 681187450 |
Process information queried | PID: 2948 Info Class: SessionInformation | success or wait | 681323071 |
Section loaded | Path: C:\WINDOWS\system32\mshtml.dll Access: write and read and execute Type: commit Baseaddress: 30B0000 Size: 5963776 Protection: execute Mapped to pid: own pid | success or wait | 681339410 |
Section loaded | Path: C:\WINDOWS\system32\mshtml.dll Access: query and write and read and execute Type: image Baseaddress: 3CEA0000 Size: 5976064 Protection: read write Mapped to pid: own pid | success or wait | 681439237 |
Thread delayed | Time: 0 TID: 3124 | success or wait | 682446577 |
Section loaded | Path: \KnownDlls\msls31.dll Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 682462849 |
Section loaded | Path: C:\WINDOWS\system32\msls31.dll Access: query and write and read and execute Type: image Baseaddress: 30B0000 Size: 167936 Protection: read write Mapped to pid: own pid | conflicting addresses | 682465497 |
Section loaded | Path: \BaseNamedObjects\#MSHTML#PERF#00000B84 Access: write Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 682841124 |
Section loaded | Path: C:\Program Files\Microsoft Office\OFFICE11\OUTLLIB.DLL Access: write and read and execute Type: commit Baseaddress: 31E0000 Size: 7606272 Protection: execute Mapped to pid: own pid | success or wait | 682889683 |
Section loaded | Path: C:\Program Files\Microsoft Office\OFFICE11\OUTLLIB.DLL Access: query and read Type: commit Baseaddress: 31E0000 Size: 7606272 Protection: readonly Mapped to pid: own pid | success or wait | 682898345 |
Section loaded | Path: C:\Program Files\Microsoft Office\OFFICE11\OUTLLIB.DLL Access: write and read and execute Type: commit Baseaddress: 31E0000 Size: 7606272 Protection: execute Mapped to pid: own pid | success or wait | 682958941 |
Section loaded | Path: C:\Program Files\Microsoft Office\OFFICE11\OUTLLIB.DLL Access: query and read Type: commit Baseaddress: 31E0000 Size: 7606272 Protection: readonly Mapped to pid: own pid | success or wait | 682964524 |
Section loaded | Path: \BaseNamedObjects\Local\!PrivacIE!SharedMem!Settings Access: query and write and read Type: commit Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name exists | 682990656 |
Section loaded | Path: \BaseNamedObjects\Local\!PrivacIE!SharedMem!Counter Access: query and write and read Type: commit Baseaddress: 31F0000 Size: 4096 Protection: read write Mapped to pid: own pid | success or wait | 682994621 |
Section loaded | Path: C:\WINDOWS\WindowsShell.Manifest Access: write and read and execute Type: commit Baseaddress: 3200000 Size: 4096 Protection: execute Mapped to pid: own pid | success or wait | 683097385 |
Section loaded | Path: C:\WINDOWS\WindowsShell.Manifest Access: query and read Type: commit Baseaddress: 3200000 Size: 4096 Protection: readonly Mapped to pid: own pid | success or wait | 683113150 |
Section loaded | Path: C:\WINDOWS\WindowsShell.Manifest Access: read Type: commit Baseaddress: 3200000 Size: 4096 Protection: readonly Mapped to pid: own pid | success or wait | 683117434 |
Section loaded | Path: \KnownDlls\PSAPI.DLL Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 683270172 |
Section loaded | Path: C:\WINDOWS\system32\psapi.dll Access: query and write and read and execute Type: image Baseaddress: 76BF0000 Size: 45056 Protection: read write Mapped to pid: own pid | success or wait | 683320000 |
Process information queried | PID: 2948 Info Class: BasicInformation | success or wait | 683330203 |
Thread delayed | Time: 0 TID: 3124 | success or wait | 683643131 |
Process information queried | PID: 2948 Info Class: SessionInformation | success or wait | 683648812 |
Process information queried | PID: 2948 Info Class: SessionInformation | success or wait | 683674243 |
Process information queried | PID: 2948 Info Class: SessionInformation | success or wait | 683793446 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\5B7NHQO2\google_fr[1].txt Offset: unknown Length: 8192 Value: 64 6F 77 3A 30 20 32 70 78 20 34 70 78 20 72 67 62 61 28 30 2C 30 2C 30 2C 2E 31 32 29 3B 62 6F 78 2D 73 68 61 64 6F 77 3A 30 20 32 70 78 20 34 70 78 20 72 67 62 61 28 30 2C 30 2C 30 2C 2E 31 32 29 3B 70 6F 73 69 74 69 6F 6E 3A 72 65 6C 61 74 69 76 65 3B 7A 2D 69 6E 64 65 78 3A 31 7D 23 67 62 64 34 | success or wait | 683804846 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\5B7NHQO2\google_fr[1].txt Offset: unknown Length: 8192 Value: 2E 67 62 70 6C 2C 2E 67 62 70 72 7B 6D 61 72 67 69 6E 2D 74 6F 70 3A 34 70 78 7D 2E 67 62 69 35 74 7B 63 6F 6C 6F 72 3A 23 36 36 36 3B 64 69 73 70 6C 61 79 3A 62 6C 6F 63 6B 3B 6D 61 72 67 69 6E 3A 31 70 78 20 31 35 70 78 3B 74 65 78 74 2D 73 68 61 64 6F 77 3A 6E 6F 6E 65 7D 23 67 62 71 32 7B 64 69 | success or wait | 683809457 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\5B7NHQO2\google_fr[1].txt Offset: unknown Length: 8192 Value: 29 3B 62 61 63 6B 67 72 6F 75 6E 64 2D 69 6D 61 67 65 3A 2D 6D 73 2D 6C 69 6E 65 61 72 2D 67 72 61 64 69 65 6E 74 28 74 6F 70 2C 23 64 64 34 62 33 39 2C 23 62 30 32 38 31 61 29 3B 62 61 63 6B 67 72 6F 75 6E 64 2D 69 6D 61 67 65 3A 2D 6F 2D 6C 69 6E 65 61 72 2D 67 72 61 64 69 65 6E 74 28 74 6F 70 2C | success or wait | 683813877 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\5B7NHQO2\google_fr[1].txt Offset: unknown Length: 7677 Value: 71 31 7B 6D 61 72 67 69 6E 2D 6C 65 66 74 3A 32 38 70 78 7D 2E 67 62 65 6D 23 67 62 71 6C 2C 2E 67 62 65 6D 69 23 67 62 20 23 67 62 71 6C 2C 2E 67 62 65 73 23 67 62 71 6C 2C 2E 67 62 65 73 69 23 67 62 20 23 67 62 71 6C 2C 2E 67 62 65 74 23 67 62 71 6C 2C 2E 67 62 65 74 69 23 67 62 20 23 67 62 71 6C | success or wait | 683817835 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\5B7NHQO2\google_fr[1].txt Offset: unknown Length: 515 Value: 3C 73 74 79 6C 65 20 69 64 3D 22 67 73 74 79 6C 65 22 3E 62 6F 64 79 7B 6D 61 72 67 69 6E 3A 30 3B 6F 76 65 72 66 6C 6F 77 2D 79 3A 73 63 72 6F 6C 6C 7D 23 67 6F 67 7B 70 61 64 64 69 6E 67 3A 33 70 78 20 38 70 78 20 30 7D 2E 67 61 63 5F 6D 20 74 64 7B 6C 69 6E 65 2D 68 65 69 67 68 74 3A 31 37 70 78 | success or wait | 683819855 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\5B7NHQO2\google_fr[1].txt Offset: unknown Length: 8192 Value: 74 65 72 3A 70 72 6F 67 69 64 3A 44 58 49 6D 61 67 65 54 72 61 6E 73 66 6F 72 6D 2E 4D 69 63 72 6F 73 6F 66 74 2E 67 72 61 64 69 65 6E 74 28 73 74 61 72 74 43 6F 6C 6F 72 53 74 72 3D 27 23 66 35 66 35 66 35 27 2C 45 6E 64 43 6F 6C 6F 72 53 74 72 3D 27 23 66 31 66 31 66 31 27 29 3B 62 61 63 6B 67 72 | success or wait | 683824051 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\5B7NHQO2\google_fr[1].txt Offset: unknown Length: 7677 Value: 22 2C 74 29 3B 70 28 22 71 47 43 22 2C 43 29 3B 70 28 22 71 6D 22 2C 78 29 3B 70 28 22 71 64 22 2C 75 29 3B 70 28 22 6C 62 22 2C 42 29 3B 70 28 22 6D 63 66 22 2C 68 61 29 3B 70 28 22 62 63 66 22 2C 67 61 29 3B 70 28 22 61 71 22 2C 76 29 3B 70 28 22 6D 64 64 22 2C 22 22 29 3B 70 28 22 68 61 73 22 2C | success or wait | 683827966 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\5B7NHQO2\google_fr[1].txt Offset: unknown Length: 515 Value: 7D 3B 70 28 22 6C 47 43 22 2C 59 29 3B 6D 2E 61 28 22 31 22 29 26 26 70 28 22 6C 50 57 46 22 2C 59 29 7D 3B 77 69 6E 64 6F 77 2E 5F 5F 50 56 54 3D 22 22 3B 76 61 72 20 71 62 3D 6D 2E 62 28 22 30 2E 30 30 31 22 2C 31 2E 30 45 2D 34 29 2C 72 62 3D 6D 2E 62 28 22 30 2E 30 31 22 2C 31 29 2C 73 62 3D 68 | success or wait | 683829108 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\5B7NHQO2\google_fr[1].txt Offset: unknown Length: 5832 Value: 28 31 2F 63 29 2C 22 26 6F 67 76 3D 22 2C 64 28 22 31 33 34 30 39 31 38 32 34 38 2E 31 33 34 30 38 32 39 37 30 36 22 29 2C 67 3F 22 26 6F 67 67 76 3D 22 2B 64 28 67 29 3A 22 22 2C 22 26 6F 67 64 3D 22 2C 64 28 22 66 72 22 29 2C 0A 22 26 6F 67 6C 3D 22 2C 64 28 22 66 72 22 29 5D 3B 69 66 28 62 29 7B | success or wait | 683829840 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\5B7NHQO2\google_fr[1].txt Offset: unknown Length: 2360 Value: 3D 4D 61 74 68 2E 6D 69 6E 28 68 2C 73 61 29 3B 68 3D 4D 61 74 68 2E 6D 61 78 28 68 2C 6E 61 29 3B 62 72 65 61 6B 3B 63 61 73 65 20 22 74 79 22 3A 68 3D 4D 61 74 68 2E 6D 69 6E 28 68 2C 72 61 29 3B 68 3D 4D 61 74 68 2E 6D 61 78 28 68 2C 6D 61 29 3B 62 72 65 61 6B 3B 63 61 73 65 20 22 78 6C 22 3A 68 | success or wait | 683832097 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\5B7NHQO2\google_fr[1].txt Offset: unknown Length: 8192 Value: 63 61 73 65 20 22 74 79 22 3A 58 28 22 67 62 65 74 69 22 29 3B 62 72 65 61 6B 3B 63 61 73 65 20 22 73 6D 22 3A 58 28 22 67 62 65 73 69 22 29 3B 62 72 65 61 6B 3B 63 61 73 65 20 22 6D 64 22 3A 58 28 22 67 62 65 6D 69 22 29 3B 62 72 65 61 6B 3B 63 61 73 65 20 22 78 6C 22 3A 58 28 22 67 62 65 78 6C 69 | success or wait | 683833576 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\5B7NHQO2\google_fr[1].txt Offset: unknown Length: 5832 Value: 73 70 61 6E 3E 3C 73 70 61 6E 20 63 6C 61 73 73 3D 67 62 74 73 3E 59 6F 75 54 75 62 65 3C 2F 73 70 61 6E 3E 3C 2F 61 3E 3C 2F 6C 69 3E 3C 6C 69 20 63 6C 61 73 73 3D 67 62 74 3E 3C 61 20 6F 6E 63 6C 69 63 6B 3D 67 62 61 72 2E 6C 6F 67 67 65 72 2E 69 6C 28 31 2C 7B 74 3A 35 7D 29 3B 20 63 6C 61 73 73 | success or wait | 683841947 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\5B7NHQO2\google_fr[1].txt Offset: unknown Length: 2360 Value: 65 6E 74 28 6C 69 6E 65 61 72 2C 6C 65 66 74 20 74 6F 70 2C 6C 65 66 74 20 62 6F 74 74 6F 6D 2C 66 72 6F 6D 28 23 34 64 39 30 66 65 29 2C 74 6F 28 23 34 37 38 37 65 64 29 29 3B 62 61 63 6B 67 72 6F 75 6E 64 2D 69 6D 61 67 65 3A 20 2D 77 65 62 6B 69 74 2D 6C 69 6E 65 61 72 2D 67 72 61 64 69 65 6E 74 | success or wait | 683843813 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\5B7NHQO2\google_fr[1].txt Offset: unknown Length: 8192 Value: 74 42 79 49 64 28 61 2E 54 4F 41 53 54 5F 49 44 29 3B 69 66 28 21 67 6F 6F 67 6C 65 2E 70 72 6F 6D 6F 73 2E 74 6F 61 73 74 29 67 6F 6F 67 6C 65 2E 70 72 6F 6D 6F 73 2E 74 6F 61 73 74 3D 7B 7D 3B 66 75 6E 63 74 69 6F 6E 20 68 28 62 29 7B 69 66 28 66 29 7B 66 2E 73 74 79 6C 65 2E 64 69 73 70 6C 61 79 | success or wait | 683847937 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\5B7NHQO2\google_fr[1].txt Offset: unknown Length: 1234 Value: 73 2E 73 72 63 3D 64 6F 63 75 6D 65 6E 74 2E 67 65 74 45 6C 65 6D 65 6E 74 42 79 49 64 28 27 65 63 73 27 29 2E 67 65 74 41 74 74 72 69 62 75 74 65 28 27 64 61 74 61 2D 75 72 6C 27 29 3B 28 64 6F 63 75 6D 65 6E 74 2E 67 65 74 45 6C 65 6D 65 6E 74 42 79 49 64 28 27 78 6A 73 64 27 29 7C 7C 64 6F 63 75 | success or wait | 683848920 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\5B7NHQO2\google_fr[1].txt Offset: unknown Length: 6958 Value: 3D 5B 5D 3B 77 69 6E 64 6F 77 2E 5F 3D 77 69 6E 64 6F 77 2E 5F 7C 7C 7B 7D 3B 77 69 6E 64 6F 77 2E 5F 2E 5F 44 75 6D 70 45 78 63 65 70 74 69 6F 6E 3D 66 75 6E 63 74 69 6F 6E 28 65 29 7B 74 68 72 6F 77 20 65 7D 3B 69 66 28 67 6F 6F 67 6C 65 2E 74 69 6D 65 72 73 26 26 67 6F 6F 67 6C 65 2E 74 69 6D 65 | success or wait | 683853489 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\5B7NHQO2\google_fr[1].txt Offset: unknown Length: 614 Value: 45 76 65 6E 74 4C 69 73 74 65 6E 65 72 28 22 65 72 72 6F 72 22 2C 0A 68 2C 66 61 6C 73 65 29 7D 65 6C 73 65 7B 6B 2E 61 74 74 61 63 68 45 76 65 6E 74 28 22 6F 6E 6C 6F 61 64 22 2C 68 29 3B 6B 2E 61 74 74 61 63 68 45 76 65 6E 74 28 22 6F 6E 65 72 72 6F 72 22 2C 68 29 7D 7D 65 3D 62 2D 64 3B 66 75 6E | success or wait | 683853711 |
Thread resumed | TID: 1636 PID: 2948 Path: C:\Program Files\Internet Explorer\iexplore.exe | success or wait | 683855585 |
Section loaded | Path: C:\WINDOWS\system32\en-us\ieframe.dll.mui Access: query and read Type: commit Baseaddress: 3320000 Size: 1241088 Protection: write copy Mapped to pid: own pid | success or wait | 683877580 |
Process information queried | PID: 2948 Info Class: SessionInformation | success or wait | 683967163 |
Section loaded | Path: C:\WINDOWS\system32\msimtf.dll Access: write and read and execute Type: commit Baseaddress: 3450000 Size: 159744 Protection: execute Mapped to pid: own pid | success or wait | 683971674 |
Section loaded | Path: C:\WINDOWS\system32\msimtf.dll Access: query and write and read and execute Type: image Baseaddress: 746F0000 Size: 172032 Protection: read write Mapped to pid: own pid | success or wait | 683974524 |
Process information queried | PID: 2948 Info Class: SessionInformation | success or wait | 684055581 |
Process information queried | PID: 2948 Info Class: SessionInformation | success or wait | 684068827 |
Section loaded | Path: \BaseNamedObjects\CTF.AsmListCache.FMPDefaultS-1-5-21-507921405-1960408961-839522115-500 Access: query and write and read and execute and extend size Type: unknown Baseaddress: 3200000 Size: 4096 Protection: read write Mapped to pid: own pid | success or wait | 684076847 |
Process information queried | PID: 2948 Info Class: SessionInformation | success or wait | 684467161 |
Process information queried | PID: 2948 Info Class: SessionInformation | success or wait | 684471600 |
Section loaded | Path: C:\WINDOWS\system32\jscript.dll Access: write and read and execute Type: commit Baseaddress: 3650000 Size: 729088 Protection: execute Mapped to pid: own pid | success or wait | 684474883 |
Section loaded | Path: C:\WINDOWS\system32\jscript.dll Access: query and write and read and execute Type: image Baseaddress: 3D7A0000 Size: 737280 Protection: read write Mapped to pid: own pid | success or wait | 684477712 |
Section loaded | Path: C:\WINDOWS\system32\stdole2.tlb Access: query and read Type: commit Baseaddress: 3650000 Size: 16384 Protection: readonly Mapped to pid: own pid | success or wait | 684603579 |
Process information queried | PID: 2948 Info Class: SessionInformation | success or wait | 684708040 |
Section loaded | Path: C:\WINDOWS\system32\iepeers.dll Access: write and read and execute Type: commit Baseaddress: 3A60000 Size: 184320 Protection: execute Mapped to pid: own pid | success or wait | 684712160 |
Section loaded | Path: C:\WINDOWS\system32\iepeers.dll Access: query and write and read and execute Type: image Baseaddress: 42070000 Size: 192512 Protection: read write Mapped to pid: own pid | success or wait | 684716512 |
Thread delayed | Time: 0 TID: 3124 | success or wait | 684731365 |
Process information queried | PID: 2948 Info Class: SessionInformation | success or wait | 684823638 |
Section loaded | Path: C:\WINDOWS\system32\dxtrans.dll Access: write and read and execute Type: commit Baseaddress: 3A70000 Size: 217088 Protection: execute Mapped to pid: own pid | success or wait | 684830688 |
Section loaded | Path: C:\WINDOWS\system32\dxtrans.dll Access: query and write and read and execute Type: image Baseaddress: 35C50000 Size: 233472 Protection: read write Mapped to pid: own pid | success or wait | 684833652 |
Section loaded | Path: \KnownDlls\ATL.DLL Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 684837724 |
Section loaded | Path: C:\WINDOWS\system32\atl.dll Access: query and write and read and execute Type: image Baseaddress: 76B20000 Size: 69632 Protection: read write Mapped to pid: own pid | success or wait | 684838685 |
Process information queried | PID: 2948 Info Class: SessionInformation | success or wait | 684878226 |
Process information queried | PID: 2948 Info Class: SessionInformation | success or wait | 684895532 |
Section loaded | Path: C:\WINDOWS\system32\ddrawex.dll Access: write and read and execute Type: commit Baseaddress: 3A70000 Size: 28672 Protection: execute Mapped to pid: own pid | success or wait | 684902569 |
Section loaded | Path: C:\WINDOWS\system32\ddrawex.dll Access: query and write and read and execute Type: image Baseaddress: 3A70000 Size: 40960 Protection: read write Mapped to pid: own pid | conflicting addresses | 684905559 |
Section loaded | Path: \KnownDlls\DDRAW.dll Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 684913919 |
Section loaded | Path: C:\WINDOWS\system32\ddraw.dll Access: query and write and read and execute Type: image Baseaddress: 73760000 Size: 307200 Protection: read write Mapped to pid: own pid | success or wait | 684914984 |
Section loaded | Path: \KnownDlls\DCIMAN32.dll Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 684921193 |
Section loaded | Path: C:\WINDOWS\system32\dciman32.dll Access: query and write and read and execute Type: image Baseaddress: 73BC0000 Size: 24576 Protection: read write Mapped to pid: own pid | success or wait | 684927629 |
Thread delayed | Time: 0 TID: 3124 | success or wait | 686295140 |
Process information queried | PID: 2948 Info Class: SessionInformation | success or wait | 686545104 |
Process information queried | PID: 2948 Info Class: SessionInformation | success or wait | 686628349 |
Section loaded | Path: C:\WINDOWS\system32\dxtmsft.dll Access: write and read and execute Type: commit Baseaddress: 3A80000 Size: 348160 Protection: execute Mapped to pid: own pid | success or wait | 686673855 |
Section loaded | Path: C:\WINDOWS\system32\dxtmsft.dll Access: query and write and read and execute Type: image Baseaddress: 35CB0000 Size: 356352 Protection: read write Mapped to pid: own pid | success or wait | 686682648 |
Process information queried | PID: 2948 Info Class: SessionInformation | success or wait | 686786418 |
Process information queried | PID: 2948 Info Class: SessionInformation | success or wait | 686832543 |
Thread resumed | TID: 2188 PID: 2948 Path: C:\Program Files\Internet Explorer\iexplore.exe | success or wait | 686848719 |
Thread resumed | TID: 2192 PID: 2948 Path: C:\Program Files\Internet Explorer\iexplore.exe | success or wait | 686856623 |
Process information queried | PID: 2948 Info Class: SessionInformation | success or wait | 686964979 |
Section loaded | Path: C:\WINDOWS\system32\dxtmsft.dll Access: query and read Type: commit Baseaddress: 3C80000 Size: 69632 Protection: readonly Mapped to pid: own pid | success or wait | 687084927 |
Section loaded | Path: C:\WINDOWS\system32\dxtrans.dll Access: query and read Type: commit Baseaddress: 3CA0000 Size: 81920 Protection: readonly Mapped to pid: own pid | success or wait | 687181472 |
Thread delayed | Time: 0 TID: 3124 | success or wait | 687426362 |
Process information queried | PID: 2948 Info Class: SessionInformation | success or wait | 687638111 |
Process information queried | PID: 2948 Info Class: SessionInformation | success or wait | 687736284 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer Name: Version | success or wait | 687784071 |
Process information queried | PID: 2948 Info Class: Wow64Information | success or wait | 687786887 |
File opened | Path: C:\WINDOWS\system32\wininet.dll Access: synchronize and generic read Options: synchronous io non alert and non directory file and random access Overwritten: false | success or wait | 687787429 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and write and read and execute and extend size Type: image Baseaddress: 3CC0000 Size: 942080 Protection: readonly Mapped to pid: own pid | image not at base | 687788530 |
Process information queried | PID: 2948 Info Class: Wow64Information | success or wait | 687800279 |
File opened | Path: C:\WINDOWS\system32\wininet.dll Access: synchronize and generic read Options: synchronous io non alert and non directory file and random access Overwritten: false | success or wait | 687800816 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and write and read and execute and extend size Type: image Baseaddress: 3CC0000 Size: 942080 Protection: readonly Mapped to pid: own pid | image not at base | 687808355 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer Name: Version | success or wait | 687856124 |
Process information queried | PID: 2948 Info Class: Wow64Information | success or wait | 687858219 |
File opened | Path: C:\WINDOWS\system32\wininet.dll Access: synchronize and generic read Options: synchronous io non alert and non directory file and random access Overwritten: false | success or wait | 687858757 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and write and read and execute and extend size Type: image Baseaddress: 3CC0000 Size: 942080 Protection: readonly Mapped to pid: own pid | image not at base | 687859841 |
Process information queried | PID: 2948 Info Class: Wow64Information | success or wait | 687894995 |
File opened | Path: C:\WINDOWS\system32\wininet.dll Access: synchronize and generic read Options: synchronous io non alert and non directory file and random access Overwritten: false | success or wait | 687895538 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and write and read and execute and extend size Type: image Baseaddress: 3CC0000 Size: 942080 Protection: readonly Mapped to pid: own pid | image not at base | 687898346 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer Name: Version | success or wait | 687899283 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer Name: Version | success or wait | 687907351 |
Process information queried | PID: 2948 Info Class: Wow64Information | success or wait | 687915279 |
File opened | Path: C:\WINDOWS\system32\wininet.dll Access: synchronize and generic read Options: synchronous io non alert and non directory file and random access Overwritten: false | success or wait | 687916495 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and write and read and execute and extend size Type: image Baseaddress: 3CC0000 Size: 942080 Protection: readonly Mapped to pid: own pid | image not at base | 687922356 |
Process information queried | PID: 2948 Info Class: Wow64Information | success or wait | 687938523 |
File opened | Path: C:\WINDOWS\system32\wininet.dll Access: synchronize and generic read Options: synchronous io non alert and non directory file and random access Overwritten: false | success or wait | 687939528 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and write and read and execute and extend size Type: image Baseaddress: 3CC0000 Size: 942080 Protection: readonly Mapped to pid: own pid | image not at base | 687941064 |
Thread delayed | Time: 0 TID: 3124 | success or wait | 688533807 |
Section loaded | Path: C:\Program Files\Skype\Toolbars\Shared\SkypePnr.dll Access: query and read Type: commit Baseaddress: 3CE0000 Size: 4399104 Protection: readonly Mapped to pid: own pid | success or wait | 688666892 |
Section loaded | Path: C:\WINDOWS\system32\rsaenh.dll Access: query and read Type: commit Baseaddress: 3CE0000 Size: 208896 Protection: readonly Mapped to pid: own pid | success or wait | 688713133 |
Section loaded | Path: C:\WINDOWS\system32\rsaenh.dll Access: query and read Type: commit Baseaddress: 3CE0000 Size: 208896 Protection: readonly Mapped to pid: own pid | success or wait | 688716941 |
Process information queried | PID: 2948 Info Class: Wow64Information | success or wait | 688995318 |
File opened | Path: C:\WINDOWS\system32\wininet.dll Access: synchronize and generic read Options: synchronous io non alert and non directory file and random access Overwritten: false | success or wait | 689001906 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and write and read and execute and extend size Type: image Baseaddress: 3D20000 Size: 942080 Protection: readonly Mapped to pid: own pid | image not at base | 689006364 |
Thread delayed | Time: 0 TID: 3124 | success or wait | 689910871 |
Section loaded | Path: \BaseNamedObjects\Local\C:_Documents and Settings_Administrator_PrivacIE_index.dat_98304 Access: write Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 689987760 |
Section loaded | Path: \BaseNamedObjects\Local\C:_Documents and Settings_Administrator_PrivacIE_index.dat_98304 Access: query and write and read Type: commit Baseaddress: 3CE0000 Size: 98304 Protection: read write Mapped to pid: own pid | success or wait | 689988395 |
Section loaded | Path: \KnownDlls\rsaenh.dll Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 690101977 |
Section loaded | Path: C:\WINDOWS\system32\rsaenh.dll Access: query and write and read and execute Type: image Baseaddress: 68000000 Size: 221184 Protection: read write Mapped to pid: own pid | success or wait | 690104509 |
Section loaded | Path: C:\WINDOWS\system32\rsaenh.dll Access: query and read Type: commit Baseaddress: 3D00000 Size: 208896 Protection: readonly Mapped to pid: own pid | success or wait | 690159687 |
Process information queried | PID: 2948 Info Class: Wow64Information | success or wait | 690586416 |
File opened | Path: C:\WINDOWS\system32\wininet.dll Access: synchronize and generic read Options: synchronous io non alert and non directory file and random access Overwritten: false | success or wait | 690586602 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and write and read and execute and extend size Type: image Baseaddress: 3D00000 Size: 942080 Protection: readonly Mapped to pid: own pid | image not at base | 690586989 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\3FZRZ9KZ\chrome-48[1].png Offset: unknown Length: 1834 Value: 89 50 4E 47 0D 0A 1A 0A 00 00 00 0D 49 48 44 52 00 00 00 30 00 00 00 30 08 03 00 00 00 60 DC 09 B5 00 00 02 FA 50 4C 54 45 FF FF FF F8 CD 0C EB B9 1D 33 85 40 E6 41 3A E4 38 34 D5 9C 28 E4 AF 22 DE 22 27 D1 20 23 EC 59 4B D1 96 2A 4B B5 49 42 A1 45 EE 63 52 3D 92 43 DC A4 27 3D 92 43 39 8C 42 E4 3B | success or wait | 690591025 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\3FZRZ9KZ\mgyhp_sm[1].png Offset: unknown Length: 188 Value: 89 50 4E 47 0D 0A 1A 0A 00 00 00 0D 49 48 44 52 00 00 00 0E 00 00 00 0E 08 03 00 00 00 28 96 DD E3 00 00 00 84 50 4C 54 45 FF FF FF BA BD C0 BC CC DE CE D9 E7 DE E2 F2 C3 D3 E7 D3 DF ED C2 C8 CC E7 AB 54 DE 96 3D 49 49 52 E3 E7 F7 F1 F2 FC EC EC F7 E9 B9 5C 84 8C 93 D0 BB AB DA 93 52 5A 5B 7A DB 8E | success or wait | 690600684 |
Section loaded | Path: C:\Program Files\Skype\Toolbars\Shared\SkypePnr.dll Access: query and read Type: commit Baseaddress: 3D00000 Size: 4399104 Protection: readonly Mapped to pid: own pid | success or wait | 690601108 |
Thread resumed | TID: 2268 PID: 2948 Path: C:\Program Files\Internet Explorer\iexplore.exe | success or wait | 690604899 |
Section loaded | Path: \KnownDlls\ImgUtil.dll Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 690628290 |
Section loaded | Path: C:\WINDOWS\system32\imgutil.dll Access: query and write and read and execute Type: image Baseaddress: 1B000000 Size: 49152 Protection: read write Mapped to pid: own pid | success or wait | 690629765 |
Thread resumed | TID: 2256 PID: 2948 Path: C:\Program Files\Internet Explorer\iexplore.exe | success or wait | 690645754 |
Section loaded | Path: C:\Program Files\Skype\Toolbars\Shared\SkypePnr.dll Access: query and read Type: commit Baseaddress: 4000000 Size: 4399104 Protection: readonly Mapped to pid: own pid | success or wait | 690651974 |
Section loaded | Path: C:\Program Files\Skype\Toolbars\Shared\SkypePnr.dll Access: query and read Type: commit Baseaddress: 4000000 Size: 4399104 Protection: readonly Mapped to pid: own pid | success or wait | 690681885 |
Process information queried | PID: 2948 Info Class: SessionInformation | success or wait | 690736397 |
Section loaded | Path: C:\Program Files\Skype\Toolbars\Shared\SkypePnr.dll Access: query and read Type: commit Baseaddress: 4000000 Size: 4399104 Protection: readonly Mapped to pid: own pid | success or wait | 690753911 |
Process information queried | PID: 2948 Info Class: SessionInformation | success or wait | 690757890 |
Section loaded | Path: C:\WINDOWS\system32\pngfilt.dll Access: write and read and execute Type: commit Baseaddress: 3CC0000 Size: 49152 Protection: execute Mapped to pid: own pid | success or wait | 690772735 |
Section loaded | Path: C:\WINDOWS\system32\pngfilt.dll Access: query and write and read and execute Type: image Baseaddress: 1B060000 Size: 57344 Protection: read write Mapped to pid: own pid | success or wait | 690801444 |
Thread delayed | Time: 0 TID: 3124 | success or wait | 691221744 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\3FZRZ9KZ\mgyhp_sm[1].png Offset: unknown Length: 143 Value: D8 66 00 00 00 75 49 44 41 54 78 5E 4D CE 55 12 83 40 0C 00 D0 D8 2A 4E DD DD EF 7F BF 66 A7 40 C9 57 DE 44 61 88 EB AE CF 26 61 0D EF CF 72 90 2F CB A6 E7 3E C9 87 66 33 D6 E9 52 2C C6 CA 8B EC 06 50 FF 25 F6 01 2E 3F FB B0 FA 89 A7 E0 32 91 5A C5 DB C8 E6 00 28 D6 B2 D6 5E 6D 34 4A 40 CB 46 3B 13 | success or wait | 691224165 |
Process information queried | PID: 2948 Info Class: Wow64Information | success or wait | 691676371 |
File opened | Path: C:\WINDOWS\system32\wininet.dll Access: synchronize and generic read Options: synchronous io non alert and non directory file and random access Overwritten: false | success or wait | 691676580 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and write and read and execute and extend size Type: image Baseaddress: 4010000 Size: 942080 Protection: readonly Mapped to pid: own pid | image not at base | 691677013 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\L1ZDGPDD\logo3w[1].png Offset: unknown Length: 187 Value: 89 50 4E 47 0D 0A 1A 0A 00 00 00 0D 49 48 44 52 00 00 01 13 00 00 00 5F 08 03 00 00 00 FC 9A D3 29 00 00 02 FD 50 4C 54 45 01 22 B2 19 1F AA 9F 05 21 B0 03 25 92 0E 24 C4 03 29 BD 0E 27 D2 0B 2C AC 18 28 90 21 2B C9 11 2D DE 0C 32 CC 16 29 D8 18 30 DD 17 2C E4 1A 36 E6 1B 31 A1 31 37 8F 36 3C 2C 49 | success or wait | 691684161 |
Thread resumed | TID: 2340 PID: 2948 Path: C:\Program Files\Internet Explorer\iexplore.exe | success or wait | 691919566 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\L1ZDGPDD\logo3w[1].png Offset: unknown Length: 3486 Value: 51 D7 5D 5C 95 70 6E B4 68 63 B5 71 22 CE 70 02 9F 78 49 DC 6E 00 F8 61 56 AE 80 40 F9 67 5F B5 7A 77 CD 7F 11 AA 7F 7C 79 89 B3 E3 7C 00 A0 87 5E BC 85 32 97 8B 79 C9 7C 7B A2 87 85 9D 8D 73 F9 74 69 C9 8A 1E E6 85 00 EF 7A 73 8A 95 AD 9C 93 90 5C AA 6E F0 8F 00 E7 91 08 71 9D EF BE 96 56 DF 89 86 | success or wait | 691928640 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\L1ZDGPDD\logo3w[1].png Offset: unknown Length: 498 Value: 84 E9 E4 11 87 EC 4D 89 6D 6B 03 49 12 C4 BE 3D 77 1D 50 56 05 CE 08 44 26 9E CF B1 72 6D 18 03 50 78 98 41 3F AC B5 66 B2 88 BD 95 75 DE 86 09 35 7B E0 23 F2 9A 23 0E E3 AC 6B 03 D7 29 4A 9D 36 B0 CC 32 33 09 04 7F F1 7E 5E AD 55 E1 D1 45 06 89 58 FA 27 C7 F2 53 62 63 63 31 35 26 2E DD 95 F3 E0 11 | success or wait | 691993533 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\L1ZDGPDD\logo3w[1].png Offset: unknown Length: 2836 Value: 35 35 FB F6 95 66 66 16 34 35 81 56 EA 73 4C 06 65 45 7B 31 75 A4 ED 8A 9F 1F 32 E1 79 7B 3F C7 8A 75 29 32 71 1F ED 32 6A 09 0E E9 EA E6 C8 A8 0D 51 91 54 90 65 BB E8 96 28 60 12 02 4C 2C 95 EC 8F 35 72 34 18 E9 13 36 57 89 37 E7 83 4C A6 D9 B4 EB 1C 99 94 AD A2 07 C9 F5 18 C4 79 80 89 B4 9E 82 82 | success or wait | 692029626 |
Thread delayed | Time: 0 TID: 3124 | success or wait | 692343103 |
Thread delayed | Time: 0 TID: 3124 | success or wait | 694117941 |
Thread delayed | Time: 0 TID: 3124 | success or wait | 695414588 |
Thread delayed | Time: 0 TID: 3124 | success or wait | 696536439 |
Thread delayed | Time: 0 TID: 3124 | success or wait | 697686452 |
Section loaded | Path: \KnownDlls\cryptnet.dll Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 698391625 |
Section loaded | Path: C:\WINDOWS\system32\cryptnet.dll Access: query and write and read and execute Type: image Baseaddress: 75E60000 Size: 77824 Protection: read write Mapped to pid: own pid | success or wait | 698717112 |
Thread delayed | Time: 0 TID: 3124 | success or wait | 698769511 |
Section loaded | Path: \KnownDlls\WINHTTP.dll Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 698848437 |
Section loaded | Path: C:\WINDOWS\system32\winhttp.dll Access: query and write and read and execute Type: image Baseaddress: 4D4F0000 Size: 364544 Protection: read write Mapped to pid: own pid | success or wait | 698860436 |
Section loaded | Path: \KnownDlls\WLDAP32.dll Access: write and read and execute Type: unknown Baseaddress: 76F60000 Size: 180224 Protection: read write Mapped to pid: own pid | success or wait | 699071968 |
Process information queried | PID: 2948 Info Class: QuotaLimits | success or wait | 699644818 |
Process information queried | PID: 2948 Info Class: VmCounters | success or wait | 699646111 |
Thread delayed | Time: 0 TID: 3124 | success or wait | 700913290 |
Thread delayed | Time: 0 TID: 3124 | success or wait | 702013287 |
Thread delayed | Time: 0 TID: 3124 | success or wait | 703593070 |
Thread resumed | TID: 3508 PID: 2948 Path: C:\Program Files\Internet Explorer\iexplore.exe | success or wait | 703800726 |
Thread delayed | Time: 0 TID: 3124 | success or wait | 705029293 |
Thread delayed | Time: 0 TID: 3124 | success or wait | 706207937 |
Thread delayed | Time: 0 TID: 3124 | success or wait | 707741212 |
Thread delayed | Time: 0 TID: 3124 | success or wait | 708860107 |
Thread delayed | Time: 0 TID: 3124 | success or wait | 710173969 |
Thread delayed | Time: 0 TID: 3124 | success or wait | 711245314 |
Thread delayed | Time: 0 TID: 3124 | success or wait | 712364055 |
Thread resumed | TID: 3736 PID: 2948 Path: C:\Program Files\Internet Explorer\iexplore.exe | success or wait | 713188859 |
Thread delayed | Time: 0 TID: 3124 | success or wait | 713509138 |
Thread resumed | TID: 3784 PID: 2948 Path: C:\Program Files\Internet Explorer\iexplore.exe | success or wait | 713536829 |
Thread delayed | Time: 0 TID: 3124 | success or wait | 714615761 |
Section loaded | Path: C:\Program Files\Skype\Toolbars\Shared\SkypeBrowserOptions.dll Access: query and read Type: commit Baseaddress: 4280000 Size: 495616 Protection: readonly Mapped to pid: own pid | success or wait | 731003777 |
Section loaded | Path: C:\Program Files\Skype\Toolbars\Shared\SkypeBrowserOptions.dll Access: query and read Type: commit Baseaddress: 4280000 Size: 495616 Protection: readonly Mapped to pid: own pid | success or wait | 731014031 |
Section loaded | Path: C:\Program Files\Skype\Toolbars\Shared\SkypeBrowserOptions.dll Access: query and read Type: commit Baseaddress: 4280000 Size: 495616 Protection: readonly Mapped to pid: own pid | success or wait | 731015414 |
Section loaded | Path: C:\Program Files\Skype\Toolbars\Shared\SkypeBrowserOptions.dll Access: query and read Type: commit Baseaddress: 4280000 Size: 495616 Protection: readonly Mapped to pid: own pid | success or wait | 731016969 |
Section loaded | Path: C:\Program Files\Skype\Toolbars\Shared\SkypeBrowserOptions.dll Access: query and read Type: commit Baseaddress: 4280000 Size: 495616 Protection: readonly Mapped to pid: own pid | success or wait | 731019533 |
Section loaded | Path: C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Access: query and read Type: commit Baseaddress: 4660000 Size: 1253376 Protection: readonly Mapped to pid: own pid | success or wait | 733228469 |
Section loaded | Path: C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Access: query and read Type: commit Baseaddress: 4660000 Size: 1253376 Protection: readonly Mapped to pid: own pid | success or wait | 733240217 |
Section loaded | Path: C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Access: query and read Type: commit Baseaddress: 4660000 Size: 1253376 Protection: readonly Mapped to pid: own pid | success or wait | 733241690 |
Section loaded | Path: C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Access: query and read Type: commit Baseaddress: 4660000 Size: 1253376 Protection: readonly Mapped to pid: own pid | success or wait | 733243495 |
Section loaded | Path: C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Access: query and read Type: commit Baseaddress: 4660000 Size: 1253376 Protection: readonly Mapped to pid: own pid | success or wait | 733246090 |
Section loaded | Path: C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe Access: query and read Type: commit Baseaddress: 4280000 Size: 106496 Protection: readonly Mapped to pid: own pid | success or wait | 733576308 |
Section loaded | Path: C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe Access: query and read Type: commit Baseaddress: 4280000 Size: 106496 Protection: readonly Mapped to pid: own pid | success or wait | 733586679 |
Section loaded | Path: C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe Access: query and read Type: commit Baseaddress: 4280000 Size: 106496 Protection: readonly Mapped to pid: own pid | success or wait | 733588134 |
Section loaded | Path: C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe Access: query and read Type: commit Baseaddress: 4280000 Size: 106496 Protection: readonly Mapped to pid: own pid | success or wait | 733589672 |
Section loaded | Path: C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe Access: query and read Type: commit Baseaddress: 4280000 Size: 106496 Protection: readonly Mapped to pid: own pid | success or wait | 733592189 |
Thread resumed | TID: 1628 PID: 2948 Path: C:\Program Files\Internet Explorer\iexplore.exe | success or wait | 734461810 |
Thread resumed | TID: 1300 PID: 2948 Path: C:\Program Files\Internet Explorer\iexplore.exe | success or wait | 734472673 |
Thread resumed | TID: 2008 PID: 2948 Path: C:\Program Files\Internet Explorer\iexplore.exe | success or wait | 734581820 |
Process information queried | PID: 2948 Info Class: SessionInformation | success or wait | 734619434 |
Section loaded | Path: C:\Program Files\Skype\Toolbars\Shared\SkypePnr.dll Access: write and read and execute Type: commit Baseaddress: 4B60000 Size: 4399104 Protection: execute Mapped to pid: own pid | success or wait | 734625811 |
Section loaded | Path: C:\Program Files\Skype\Toolbars\Shared\SkypePnr.dll Access: query and write and read and execute Type: image Baseaddress: 4B60000 Size: 4407296 Protection: read write Mapped to pid: own pid | conflicting addresses | 734631237 |
Section loaded | Path: \NLS\NlsSectionCP1251 Access: read Type: unknown Baseaddress: 4330000 Size: 69632 Protection: readonly Mapped to pid: own pid | success or wait | 735011817 |
Section loaded | Path: \NLS\NlsSectionCP1250 Access: read Type: unknown Baseaddress: 4350000 Size: 69632 Protection: readonly Mapped to pid: own pid | success or wait | 735016306 |
Section loaded | Path: \NLS\NlsSectionCP1253 Access: read Type: unknown Baseaddress: 4540000 Size: 69632 Protection: readonly Mapped to pid: own pid | success or wait | 735021604 |
Section loaded | Path: C:\WINDOWS\system32\en-us\mshtml.dll.mui Access: query and read Type: commit Baseaddress: 4370000 Size: 12288 Protection: write copy Mapped to pid: own pid | success or wait | 735234317 |
Process information queried | PID: 2948 Info Class: DeviceMap | success or wait | 735261655 |
Process information queried | PID: 2948 Info Class: DeviceMap | success or wait | 735262213 |
Process information queried | PID: 2948 Info Class: DeviceMap | success or wait | 735268289 |
Process information queried | PID: 2948 Info Class: DeviceMap | success or wait | 735277946 |
Process information queried | PID: 2948 Info Class: DeviceMap | success or wait | 735287234 |
Process information queried | PID: 2948 Info Class: DeviceMap | success or wait | 735300685 |
Process information queried | PID: 2948 Info Class: SessionInformation | success or wait | 735391795 |
Section loaded | Path: \BaseNamedObjects\Local\C:_Documents and Settings_Administrator_Local Settings_History_History.IE5_MSHist012012012420120125_index.dat_32768 Access: write Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 735432299 |
Section loaded | Path: \BaseNamedObjects\Local\C:_Documents and Settings_Administrator_Local Settings_History_History.IE5_MSHist012012012420120125_index.dat_32768 Access: query and write and read Type: commit Baseaddress: 50A0000 Size: 32768 Protection: read write Mapped to pid: own pid | success or wait | 735432963 |
Section loaded | Path: unknown Access: query and write and read Type: commit Baseaddress: 50B0000 Size: 4096 Protection: read write Mapped to pid: own pid | success or wait | 735482135 |
Section loaded | Path: unknown Access: query and write and read Type: commit Baseaddress: 50B0000 Size: 4096 Protection: read write Mapped to pid: own pid | success or wait | 735489451 |
Section loaded | Path: unknown Access: query and write and read Type: commit Baseaddress: 50B0000 Size: 4096 Protection: read write Mapped to pid: own pid | success or wait | 735499114 |
Section loaded | Path: unknown Access: query and write and read Type: commit Baseaddress: 50B0000 Size: 4096 Protection: read write Mapped to pid: own pid | success or wait | 735504232 |
Section loaded | Path: unknown Access: query and write and read Type: commit Baseaddress: 50B0000 Size: 4096 Protection: read write Mapped to pid: own pid | success or wait | 735523431 |
Process information queried | PID: 2948 Info Class: DeviceMap | success or wait | 735535824 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer Name: Version | success or wait | 735567876 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer Name: Version | success or wait | 735594053 |
Process information queried | PID: 2948 Info Class: Wow64Information | success or wait | 735602994 |
File opened | Path: C:\WINDOWS\system32\wininet.dll Access: synchronize and generic read Options: synchronous io non alert and non directory file and random access Overwritten: false | success or wait | 735604016 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and write and read and execute and extend size Type: image Baseaddress: 50B0000 Size: 942080 Protection: readonly Mapped to pid: own pid | image not at base | 735605592 |
Process information queried | PID: 2948 Info Class: Wow64Information | success or wait | 735621062 |
File opened | Path: C:\WINDOWS\system32\wininet.dll Access: synchronize and generic read Options: synchronous io non alert and non directory file and random access Overwritten: false | success or wait | 735622089 |
Process information queried | PID: 2948 Info Class: SessionInformation | success or wait | 735628653 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and write and read and execute and extend size Type: image Baseaddress: 50B0000 Size: 942080 Protection: readonly Mapped to pid: own pid | image not at base | 735636515 |
Section loaded | Path: \BaseNamedObjects\MSIMGSIZECacheMap Access: query and write and read and execute and extend size Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 735659468 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer Name: Version | success or wait | 735664116 |
Process information queried | PID: 2948 Info Class: Wow64Information | success or wait | 735676264 |
File opened | Path: C:\WINDOWS\system32\wininet.dll Access: synchronize and generic read Options: synchronous io non alert and non directory file and random access Overwritten: false | success or wait | 735676762 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and write and read and execute and extend size Type: image Baseaddress: 50B0000 Size: 942080 Protection: readonly Mapped to pid: own pid | image not at base | 735677787 |
Process information queried | PID: 2948 Info Class: Wow64Information | success or wait | 735693549 |
File opened | Path: C:\WINDOWS\system32\wininet.dll Access: synchronize and generic read Options: synchronous io non alert and non directory file and random access Overwritten: false | success or wait | 735695755 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and write and read and execute and extend size Type: image Baseaddress: 50B0000 Size: 942080 Protection: readonly Mapped to pid: own pid | image not at base | 735698832 |
Section loaded | Path: \BaseNamedObjects\MSIMGSIZECacheMap Access: query and write and read Type: commit Baseaddress: 51A0000 Size: 16384 Protection: read write Mapped to pid: own pid | success or wait | 735699528 |
Section loaded | Path: \KnownDlls\msi.dll Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 735750447 |
Section loaded | Path: C:\WINDOWS\system32\msi.dll Access: query and write and read and execute Type: image Baseaddress: 7D1E0000 Size: 2867200 Protection: read write Mapped to pid: own pid | success or wait | 735758965 |
Process information queried | PID: 2948 Info Class: Wow64Information | success or wait | 735788550 |
Process information queried | PID: 2948 Info Class: Wow64Information | success or wait | 735810766 |
Process information queried | PID: 2948 Info Class: SessionInformation | success or wait | 736231587 |
Section loaded | Path: C:\Program Files\Common Files\Microsoft Shared\INK\SKCHUI.DLL Access: write and read and execute Type: commit Baseaddress: 50B0000 Size: 368640 Protection: execute Mapped to pid: own pid | success or wait | 736240235 |
Section loaded | Path: C:\Program Files\Common Files\Microsoft Shared\INK\SKCHUI.DLL Access: query and write and read and execute Type: image Baseaddress: 50B0000 Size: 372736 Protection: read write Mapped to pid: own pid | conflicting addresses | 736250019 |
Process information queried | PID: 2948 Info Class: SessionInformation | success or wait | 736329116 |
Section loaded | Path: \BaseNamedObjects\MSCTF.MarshalInterface.FileMap.AKM..KALFFB Access: query and write and read Type: commit Baseaddress: 5150000 Size: 4096 Protection: read write Mapped to pid: own pid | success or wait | 736614847 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer Name: Version | success or wait | 736627004 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer Name: Version | success or wait | 736630192 |
Process information queried | PID: 2948 Info Class: Wow64Information | success or wait | 736631865 |
File opened | Path: C:\WINDOWS\system32\wininet.dll Access: synchronize and generic read Options: synchronous io non alert and non directory file and random access Overwritten: false | success or wait | 736640799 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and write and read and execute and extend size Type: image Baseaddress: 53F0000 Size: 942080 Protection: readonly Mapped to pid: own pid | image not at base | 736644153 |
Process information queried | PID: 2948 Info Class: Wow64Information | success or wait | 736657828 |
File opened | Path: C:\WINDOWS\system32\wininet.dll Access: synchronize and generic read Options: synchronous io non alert and non directory file and random access Overwritten: false | success or wait | 736668112 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and write and read and execute and extend size Type: image Baseaddress: 53F0000 Size: 942080 Protection: readonly Mapped to pid: own pid | image not at base | 736669671 |
Section loaded | Path: \BaseNamedObjects\MSCTF.Shared.SFM.EMG Access: query and write and read and execute and extend size Type: unknown Baseaddress: 53F0000 Size: 524288 Protection: read write Mapped to pid: own pid | success or wait | 736728051 |
Section loaded | Path: \BaseNamedObjects\MSCTF.MarshalInterface.FileMap.AKM.B.JCLFFB Access: query and write and read Type: commit Baseaddress: 5150000 Size: 4096 Protection: read write Mapped to pid: own pid | success or wait | 736729634 |
Section loaded | Path: \BaseNamedObjects\MSCTF.MarshalInterface.FileMap.AKM.C.JCLFFB Access: query and write and read Type: commit Baseaddress: 5160000 Size: 4096 Protection: read write Mapped to pid: own pid | success or wait | 736730704 |
Section loaded | Path: \BaseNamedObjects\MSCTF.MarshalInterface.FileMap.AKM.D.JCLFFB Access: query and write and read Type: commit Baseaddress: 5170000 Size: 4096 Protection: read write Mapped to pid: own pid | success or wait | 736737903 |
Section loaded | Path: \BaseNamedObjects\MSCTF.MarshalInterface.FileMap.AKM.E.JCLFFB Access: query and write and read Type: commit Baseaddress: 5180000 Size: 4096 Protection: read write Mapped to pid: own pid | success or wait | 736738938 |
Section loaded | Path: \BaseNamedObjects\MSCTF.MarshalInterface.FileMap.AKM.F.JCLFFB Access: query and write and read Type: commit Baseaddress: 5190000 Size: 4096 Protection: read write Mapped to pid: own pid | success or wait | 736739952 |
Section loaded | Path: \BaseNamedObjects\MSCTF.MarshalInterface.FileMap.AKM.G.JCLFFB Access: query and write and read Type: commit Baseaddress: 5470000 Size: 4096 Protection: read write Mapped to pid: own pid | success or wait | 736740975 |
Section loaded | Path: \BaseNamedObjects\MSCTF.MarshalInterface.FileMap.AKM.H.JCLFFB Access: query and write and read Type: commit Baseaddress: 5480000 Size: 4096 Protection: read write Mapped to pid: own pid | success or wait | 736745748 |
Section loaded | Path: \BaseNamedObjects\MSCTF.MarshalInterface.FileMap.AKM.I.JDLFFB Access: query and write and read Type: commit Baseaddress: 5490000 Size: 4096 Protection: read write Mapped to pid: own pid | success or wait | 736746828 |
Section loaded | Path: \BaseNamedObjects\MSCTF.MarshalInterface.FileMap.AKM.J.JDLFFB Access: query and write and read Type: commit Baseaddress: 54A0000 Size: 4096 Protection: read write Mapped to pid: own pid | success or wait | 736747862 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer Name: Version | success or wait | 736764775 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer Name: Version | success or wait | 736765738 |
Process information queried | PID: 2948 Info Class: Wow64Information | success or wait | 736766893 |
File opened | Path: C:\WINDOWS\system32\wininet.dll Access: synchronize and generic read Options: synchronous io non alert and non directory file and random access Overwritten: false | success or wait | 736767271 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and write and read and execute and extend size Type: image Baseaddress: 54B0000 Size: 942080 Protection: readonly Mapped to pid: own pid | image not at base | 736767940 |
Process information queried | PID: 2948 Info Class: Wow64Information | success or wait | 736775489 |
File opened | Path: C:\WINDOWS\system32\wininet.dll Access: synchronize and generic read Options: synchronous io non alert and non directory file and random access Overwritten: false | success or wait | 736776793 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and write and read and execute and extend size Type: image Baseaddress: 54B0000 Size: 942080 Protection: readonly Mapped to pid: own pid | image not at base | 736779633 |
Section loaded | Path: \BaseNamedObjects\MSCTF.MarshalInterface.FileMap.AKM.K.IGLFFB Access: query and write and read Type: commit Baseaddress: 5150000 Size: 4096 Protection: read write Mapped to pid: own pid | success or wait | 736943654 |
Section loaded | Path: \BaseNamedObjects\MSCTF.MarshalInterface.FileMap.AKM.L.HJLFFB Access: query and write and read Type: commit Baseaddress: 5150000 Size: 4096 Protection: read write Mapped to pid: own pid | success or wait | 737082270 |
Section loaded | Path: \BaseNamedObjects\MSCTF.MarshalInterface.FileMap.AKM.M.HJLFFB Access: query and write and read Type: commit Baseaddress: 5150000 Size: 4096 Protection: read write Mapped to pid: own pid | success or wait | 737104502 |
Section loaded | Path: \BaseNamedObjects\MSCTF.MarshalInterface.FileMap.AKM.N.GKLFFB Access: query and write and read Type: commit Baseaddress: 5150000 Size: 4096 Protection: read write Mapped to pid: own pid | success or wait | 737153910 |
Section loaded | Path: \BaseNamedObjects\MSCTF.MarshalInterface.FileMap.AKM.O.GKLFFB Access: query and write and read Type: commit Baseaddress: 5150000 Size: 4096 Protection: read write Mapped to pid: own pid | success or wait | 737178267 |
Section loaded | Path: \BaseNamedObjects\MSCTF.MarshalInterface.FileMap.AKM.P.GLLFFB Access: query and write and read Type: commit Baseaddress: 5150000 Size: 4096 Protection: read write Mapped to pid: own pid | success or wait | 737212355 |
Section loaded | Path: \BaseNamedObjects\MSCTF.MarshalInterface.FileMap.AKM.AB.GLLFFB Access: query and write and read Type: commit Baseaddress: 5150000 Size: 4096 Protection: read write Mapped to pid: own pid | success or wait | 737235882 |
Section loaded | Path: C:\WINDOWS\system32\iepeers.dll Access: query and read Type: commit Baseaddress: 5150000 Size: 49152 Protection: readonly Mapped to pid: own pid | success or wait | 737679585 |
Section loaded | Path: \BaseNamedObjects\MSCTF.MarshalInterface.FileMap.AKM.BB.DDMFFB Access: query and write and read Type: commit Baseaddress: 5160000 Size: 4096 Protection: read write Mapped to pid: own pid | success or wait | 737683296 |
Section loaded | Path: \BaseNamedObjects\MSCTF.MarshalInterface.FileMap.AKM.CB.DEMFFB Access: query and write and read Type: commit Baseaddress: 5160000 Size: 4096 Protection: read write Mapped to pid: own pid | success or wait | 737717678 |
Section loaded | Path: \BaseNamedObjects\MSCTF.MarshalInterface.FileMap.EMG.AD.CFMFFB Access: query and write and read and execute and extend size Type: unknown Baseaddress: 5160000 Size: 4096 Protection: read write Mapped to pid: own pid | success or wait | 737785136 |
Section loaded | Path: \BaseNamedObjects\MSCTF.MarshalInterface.FileMap.EMG.BD.CFMFFB Access: query and write and read and execute and extend size Type: unknown Baseaddress: 5160000 Size: 4096 Protection: read write Mapped to pid: own pid | success or wait | 737785626 |
Section loaded | Path: \BaseNamedObjects\MSCTF.MarshalInterface.FileMap.EMG.CD.CFMFFB Access: query and write and read and execute and extend size Type: unknown Baseaddress: 5160000 Size: 4096 Protection: read write Mapped to pid: own pid | success or wait | 737786048 |
Section loaded | Path: \BaseNamedObjects\MSCTF.MarshalInterface.FileMap.EMG.DD.CFMFFB Access: query and write and read and execute and extend size Type: unknown Baseaddress: 5160000 Size: 4096 Protection: read write Mapped to pid: own pid | success or wait | 737786465 |
Section loaded | Path: \BaseNamedObjects\MSCTF.MarshalInterface.FileMap.EMG.ED.CFMFFB Access: query and write and read and execute and extend size Type: unknown Baseaddress: 5160000 Size: 4096 Protection: read write Mapped to pid: own pid | success or wait | 737786884 |
Section loaded | Path: \BaseNamedObjects\MSCTF.MarshalInterface.FileMap.EMG.FD.CFMFFB Access: query and write and read and execute and extend size Type: unknown Baseaddress: 5160000 Size: 4096 Protection: read write Mapped to pid: own pid | success or wait | 737787301 |
Section loaded | Path: \BaseNamedObjects\MSCTF.MarshalInterface.FileMap.EMG.GD.CFMFFB Access: query and write and read and execute and extend size Type: unknown Baseaddress: 5160000 Size: 4096 Protection: read write Mapped to pid: own pid | success or wait | 737787719 |
Section loaded | Path: \BaseNamedObjects\MSCTF.MarshalInterface.FileMap.EMG.HD.CFMFFB Access: query and write and read and execute and extend size Type: unknown Baseaddress: 5160000 Size: 4096 Protection: read write Mapped to pid: own pid | success or wait | 737788539 |
Section loaded | Path: \BaseNamedObjects\MSCTF.MarshalInterface.FileMap.EMG.ID.CFMFFB Access: query and write and read and execute and extend size Type: unknown Baseaddress: 5160000 Size: 4096 Protection: read write Mapped to pid: own pid | success or wait | 737788961 |
Process information queried | PID: 2948 Info Class: Wow64Information | success or wait | 738686713 |
File opened | Path: C:\WINDOWS\system32\wininet.dll Access: synchronize and generic read Options: synchronous io non alert and non directory file and random access Overwritten: false | success or wait | 738686889 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and write and read and execute and extend size Type: image Baseaddress: 52B0000 Size: 942080 Protection: readonly Mapped to pid: own pid | image not at base | 738687265 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LLFPAG1G\nav_logo107[1].png Offset: unknown Length: 186 Value: 89 50 4E 47 0D 0A 1A 0A 00 00 00 0D 49 48 44 52 00 00 00 A7 00 00 01 85 08 06 00 00 00 98 05 E3 65 00 00 6F DC 49 44 41 54 78 DA ED 9D 07 7C D6 C4 1B C7 8F 55 66 07 14 3A 28 94 B2 A1 65 94 BD A1 EC BD 41 64 17 41 96 A0 65 CA 10 05 15 04 65 29 4B 04 2D 88 20 2E D6 5F 05 65 6F 99 05 64 D3 D2 52 5A 0A | success or wait | 738689005 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LLFPAG1G\nav_logo107[1].png Offset: unknown Length: 2338 Value: 56 1A F4 71 A8 F3 B0 4F 43 CA 10 42 0A 8D 5E 95 44 46 7F 91 48 86 AF 48 24 03 3F 8E 27 03 96 C4 92 4E B3 A3 89 C7 B8 67 A4 C6 9B 41 A4 C6 B0 C0 17 E4 34 24 84 F8 CE DF 49 60 B5 0F 49 5E 36 83 24 7D FA 1E 49 A4 8A FF 70 1A 89 5F F0 0E 89 FD 64 26 89 79 FF 1D 12 39 6B 22 79 3E 79 14 09 1B DE 9F 3C 1E | success or wait | 738876518 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LLFPAG1G\nav_logo107[1].png Offset: unknown Length: 1554 Value: A7 86 6B 07 76 FC AA 5D CB D9 35 DA 5B BB F6 47 41 D5 1B C7 47 35 EB 0C 51 5E 7D 20 B0 6D 97 63 EB 9A 7A E0 FE A2 8F 06 77 C8 0D E7 83 0F 48 FA BF 53 BB 65 5D EE 1E 92 7A A8 7A CA 3F AB 2A FA 38 97 2D 52 8B E5 87 96 B2 EA D6 A9 36 43 9F 6D B5 B9 9F F9 A7 23 C0 F1 6A 90 FE 57 95 C7 97 37 57 EA C6 7D | success or wait | 739288019 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LLFPAG1G\nav_logo107[1].png Offset: unknown Length: 2338 Value: 7F A6 13 5A B6 CA FD 82 7F AB D0 2B 0E 1C A8 2A 74 09 4D B4 AB 39 BA 1D 1F 19 2B B4 BB 3A 29 BC A5 DA B0 42 3B CA 03 F9 5E 02 CE 4F DE 21 F1 EF 8C 5C 9E 3A 62 30 C4 B5 6A 03 3B 1A D6 5D C6 FD FF B8 99 63 49 CC 0C 6F 12 39 69 64 EB C8 EE 3D 76 05 56 6B 12 77 B0 5C AD 3B 9F 95 AD B8 A2 53 A9 D2 7D D9 | success or wait | 739368695 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LLFPAG1G\nav_logo107[1].png Offset: unknown Length: 1776 Value: 93 8C BD 25 2F 44 AF 24 70 63 0C C9 7C AF 0D F1 C6 AE 1B F1 35 EA 31 F1 84 EE 18 56 36 D5 ED 1D DB FE F1 71 F9 76 57 6F D9 77 0C 4A 70 19 18 87 CF 4B 45 F4 FB 2C E9 59 B7 C5 B4 BA 1F 96 00 CE 9D 0E 7D C4 FA 26 2B F3 E7 82 C8 0F D4 6A 6E A3 41 DB 28 9C 9B 28 9C DB A4 E1 0C 68 D7 84 FC DA B4 6E 15 BF | success or wait | 739739386 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LLFPAG1G\nav_logo107[1].png Offset: unknown Length: 140 Value: 36 AE DF AC B6 71 9C D2 D8 AA 78 43 06 65 25 66 E1 8A F2 EA 8B C3 19 FC 95 4D 8E 05 C5 C6 D0 A8 C6 85 5A 6C EC 5B 68 F2 BE 71 85 3F 3B 3B B3 F0 D7 17 E7 91 D5 47 DE 25 33 97 0F 20 DD D8 28 4B 55 56 A5 A2 7F 58 E4 9B 4F 17 E9 60 CC 65 35 57 25 91 71 6B 93 C8 84 AF 92 C9 F8 AF 92 C8 1B 9F C5 35 EA BE | success or wait | 739740001 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LLFPAG1G\nav_logo107[1].png Offset: unknown Length: 2338 Value: 7E C1 7D CF 22 EB 69 F1 3F 71 29 45 FA 97 A9 4A EA 5A 35 20 6E C5 DA 90 2A C5 DA 13 D7 62 ED 48 8D 62 6D 89 43 D1 BA AC AF B7 24 AF 9A 59 27 BB DD 5B A5 ED 7A 2C 2A 5D 61 F5 8A 92 CE 47 D6 58 55 BE F0 95 55 A5 7F D6 96 A8 78 F0 E3 52 15 96 0E 2C 55 BA 27 1B EB 77 61 AE 46 D1 02 57 AD 73 55 1D 70 23 | success or wait | 739817997 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LLFPAG1G\nav_logo107[1].png Offset: unknown Length: 1916 Value: 76 76 97 37 F7 47 AC 30 4F 4B FA 70 55 7E 80 B3 7E FD 2B F0 BF FF 45 9B 6F E2 87 A5 7F C0 8A 75 EF D8 99 FB 23 56 CC A7 B3 98 0F 57 E5 07 38 A3 A3 93 C1 94 E5 05 38 2D FD 03 56 AC D5 5A CA DC 1F B1 C2 73 B0 A4 0F 57 E5 07 38 CD 3E 9F D3 D2 3F 60 C5 FB 39 CD FD 11 2B 84 C6 92 3E 5C 55 20 E1 B4 F4 0F | success or wait | 740230801 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LLFPAG1G\nav_logo107[1].png Offset: unknown Length: 2338 Value: 8C 6F 63 7A 8C C7 DD 05 2C 33 CF 13 F3 C3 DF 78 1D F0 37 4F CF 41 41 70 31 2F EE 32 71 AB 2F 27 4C A7 04 27 DE 1F A9 F3 E7 E7 8B B5 99 44 57 52 73 F4 2D 79 8B 1D D7 AC 2B A9 39 8F 93 40 AB A8 E1 1B 83 A0 10 AD BE C9 06 5A 8D 7F 9F 04 64 47 0A 90 2D F1 50 E8 F3 A7 30 F6 C7 A7 DC B0 BC 5A 38 39 80 42 | success or wait | 740373725 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LLFPAG1G\nav_logo107[1].png Offset: unknown Length: 996 Value: CE A0 4C 58 77 3B 01 BE B9 12 04 FB 8F 9F 82 FF ED FB 1D F6 EC 3D 04 C7 8F 1F B5 08 38 DB 4D DA 01 90 B8 57 27 FC 6D 08 9C C2 17 1B B0 DF 46 C1 B9 73 67 C4 4B 84 F3 F0 9F 8A 5D 47 4A 96 13 85 D5 BE 5C D7 12 E6 6D 4A 57 92 B1 70 E2 54 B0 DD 3F EE 82 27 4F 9E C0 89 BB A1 F0 DB BD 68 D8 49 AD E5 E6 5B | success or wait | 740774299 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LLFPAG1G\nav_logo107[1].png Offset: unknown Length: 464 Value: D2 E9 E0 B9 DB 2F 9C 20 86 F1 FD 18 57 08 27 4E 3B E4 96 52 6A 34 88 C3 8B C2 B8 E6 9A 87 29 CC C7 94 79 A1 A0 3D 7D A9 E9 75 31 36 AF A5 35 D4 CA F7 92 E0 9C 38 71 A2 33 D5 7C AA 7B 54 19 4C C1 54 CB A9 5C D5 16 3E A0 77 2B 2E 67 AA F9 54 F7 A8 32 98 82 A9 96 53 B9 0A E2 49 CA 52 2E 2E 3E 5A 8B 12 | success or wait | 740846469 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LLFPAG1G\nav_logo107[1].png Offset: unknown Length: 3942 Value: 73 B6 AE C1 C2 39 A0 3E DC 3F 15 95 4F 0A 4C 74 2F 6A 50 2D A5 7A CE D6 35 58 F8 69 81 EF A9 F3 4F 2D 11 4E 4B B5 9C FC 66 AE 51 80 73 2C 8B 73 9B AA 9E 1E 38 F9 CD 5C A3 50 C8 B1 2C CE 6D AA 7A 06 C2 D9 85 81 18 2B 0A 8F 65 E1 5D 0C 84 B3 0B 03 31 56 14 1E CB C2 BB A8 84 D3 C7 08 29 DD 7C 1F 23 54 | success or wait | 740848860 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LLFPAG1G\nav_logo107[1].png Offset: unknown Length: 3106 Value: 66 98 D5 2D 7E 97 93 B1 33 E1 7D 99 CF 59 5B ED 9F 5B C5 F3 E0 0F 14 E0 94 FD 98 97 39 67 C2 BF D4 C7 34 B4 67 55 34 15 38 38 2F 5F BE 0C A8 97 6D 29 D5 94 49 BB B1 96 F9 31 2C B3 C0 C9 21 48 4C 4C CC 05 27 5F 9E C7 A4 C3 F9 5B F1 70 F0 42 B4 4E F8 1B C3 94 1E 27 16 A6 3F FD 4F 32 BC 39 E1 29 D4 69 | success or wait | 741380947 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LLFPAG1G\nav_logo107[1].png Offset: unknown Length: 1144 Value: 29 38 3F 98 54 5E F2 B7 12 9C 72 BF E5 E0 5C 63 6B 2B 0B 25 DF 27 86 53 17 2E B3 F0 7D 62 38 95 20 15 C5 91 85 53 32 3C 37 9C 44 24 31 9C C7 D9 21 03 64 AC 63 00 DB 7F 5C 2D 9C 6A CA 6A 32 9C 4F A2 33 21 29 35 4B 2F 9C C5 16 45 18 AD 2E DF C5 42 C5 85 B7 C0 6A C1 93 17 F6 BD 2A 38 85 10 4A 81 29 67 | success or wait | 741435089 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LLFPAG1G\nav_logo107[1].png Offset: unknown Length: 274 Value: 0C B1 42 75 5E 91 CA FB FC F9 F3 89 78 A1 70 8D DB 18 2E 53 AD 7B 51 45 8B 2C A7 37 CB 47 6F 7C A6 68 16 2E 59 AD 1B F2 0A C6 82 96 C6 12 7D CE 3C B1 9C 82 FC 87 9F 3C 79 32 62 E7 CE 9D 67 71 8D DB 7A 7C CE 40 11 9C C3 F5 F8 9C 81 22 38 03 F5 F9 9C 6A 5F C1 58 D0 D2 58 62 6B DD EC 3E A7 20 6F FB 5E | success or wait | 741437081 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LLFPAG1G\nav_logo107[1].png Offset: unknown Length: 2836 Value: 19 3D 2B E9 C2 85 0B 6B 43 42 42 20 23 23 03 B2 B2 B2 CC 22 CC 0B F3 C4 BC 35 A8 5E 12 9C F9 A9 9A 57 58 F6 1A 32 9F F3 FC F9 F3 A9 99 99 99 90 17 C2 BC B5 69 76 79 34 65 4E A1 E5 1E A8 76 9F CA 96 7B A0 DA 7D E6 D6 D9 B3 67 75 96 2E 2F 84 79 E7 15 68 69 5B C9 09 D8 6C D8 8D 4E DD 92 FD 05 61 7D E9 | success or wait | 741592618 |
Process information queried | PID: 2948 Info Class: Wow64Information | success or wait | 741976942 |
File opened | Path: C:\WINDOWS\system32\wininet.dll Access: synchronize and generic read Options: synchronous io non alert and non directory file and random access Overwritten: false | success or wait | 741977571 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and write and read and execute and extend size Type: image Baseaddress: 52B0000 Size: 942080 Protection: readonly Mapped to pid: own pid | image not at base | 741978731 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LLFPAG1G\favicon[1].ico Offset: unknown Length: 184 Value: 00 00 01 00 01 00 10 10 00 00 01 00 20 00 68 04 00 00 16 00 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 EC F4 FB FF 7C C5 EB FF 4F B6 EF FF 45 B1 F1 FF 4D B6 EF FF 93 CE F6 FF F6 FB F9 FF DE E1 D1 FF 49 78 | success or wait | 741985103 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LLFPAG1G\nav_logo107[1].png Offset: unknown Length: 1007 Value: CC 1B 8F B1 B4 86 13 84 BD DF 5F 56 19 D1 E1 B9 B6 9F 2D 19 09 49 37 CE E6 1C 43 29 2D E6 8D C7 58 52 D9 0E 2E F6 6C 04 77 07 B5 90 54 DA F3 B0 5C DB 0F C6 74 85 D8 73 47 73 8E 21 97 0E F3 C4 BC 35 20 45 70 3A 38 38 0C C2 B9 73 72 4F C0 05 4C 1D 98 6B DB 7F 7C 2F 78 FA D3 96 1C 38 E5 D2 61 9E 98 37 | success or wait | 742344426 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LLFPAG1G\favicon[1].ico Offset: unknown Length: 966 Value: 00 FF 43 79 00 FF DE EC F2 FF 1B A2 D8 FF 10 B9 F7 FF 0C B9 F1 FF 0F B5 F2 FF 0F B2 F0 FF 1B B3 F4 FF 2F AB E7 FF F3 F9 FF FF FE FB F6 FF 4A 85 1D FF 39 86 00 FF 41 85 02 FF 3C 86 00 FF 40 80 02 FF 3D 7B 00 FF F4 FB F8 FF 37 A6 CC FF 00 B4 EF FF 02 C5 FE FF 0A C3 FB FF 09 BE F6 FF 00 AA EA FF 4A B0 | success or wait | 742735240 |
Section loaded | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LLFPAG1G\favicon[1].ico Access: query and read Type: commit Baseaddress: 52B0000 Size: 4096 Protection: readonly Mapped to pid: own pid | success or wait | 742771615 |
Process information queried | PID: 2948 Info Class: Wow64Information | success or wait | 749319438 |
File opened | Path: C:\WINDOWS\system32\wininet.dll Access: synchronize and generic read Options: synchronous io non alert and non directory file and random access Overwritten: false | success or wait | 749319932 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and write and read and execute and extend size Type: image Baseaddress: 52B0000 Size: 942080 Protection: readonly Mapped to pid: own pid | image not at base | 749320957 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\5B7NHQO2\rs=AItRSTPlPDh3JqT4hZcG--RlbldBDxGPAA[1] Offset: unknown Length: 30 Value: 76 61 72 20 5F 3D 5F 7C 7C 7B 7D 3B 28 66 75 6E 63 74 69 6F 6E 28 5F 29 7B 0A 74 72 79 7B | success or wait | 749329164 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\5B7NHQO2\rs=AItRSTPlPDh3JqT4hZcG--RlbldBDxGPAA[1] Offset: unknown Length: 1024 Value: 0A 5F 2E 62 61 3D 66 75 6E 63 74 69 6F 6E 28 65 29 7B 74 68 72 6F 77 20 65 3B 7D 3B 5F 2E 6B 3D 76 6F 69 64 20 30 3B 5F 2E 6C 3D 21 30 3B 5F 2E 70 3D 6E 75 6C 6C 3B 5F 2E 77 3D 21 31 3B 5F 2E 63 61 3D 66 75 6E 63 74 69 6F 6E 28 29 7B 72 65 74 75 72 6E 20 66 75 6E 63 74 69 6F 6E 28 65 29 7B 72 65 74 | success or wait | 749481514 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\5B7NHQO2\rs=AItRSTPlPDh3JqT4hZcG--RlbldBDxGPAA[1] Offset: unknown Length: 1024 Value: 70 65 6F 66 20 65 2E 70 72 6F 70 65 72 74 79 49 73 45 6E 75 6D 65 72 61 62 6C 65 26 26 21 65 2E 70 72 6F 70 65 72 74 79 49 73 45 6E 75 6D 65 72 61 62 6C 65 28 22 63 61 6C 6C 22 29 29 72 65 74 75 72 6E 22 66 75 6E 63 74 69 6F 6E 22 7D 65 6C 73 65 20 72 65 74 75 72 6E 22 6E 75 6C 6C 22 3B 0A 65 6C 73 | success or wait | 749484835 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\5B7NHQO2\rs=AItRSTPlPDh3JqT4hZcG--RlbldBDxGPAA[1] Offset: unknown Length: 985 Value: 79 70 65 2E 62 69 6E 64 26 26 2D 31 21 3D 77 69 6E 64 6F 77 2E 46 75 6E 63 74 69 6F 6E 2E 70 72 6F 74 6F 74 79 70 65 2E 62 69 6E 64 2E 74 6F 53 74 72 69 6E 67 28 29 2E 69 6E 64 65 78 4F 66 28 22 6E 61 74 69 76 65 20 63 6F 64 65 22 29 3F 5F 2E 62 61 61 3A 5F 2E 63 61 61 3B 72 65 74 75 72 6E 20 5F 2E | success or wait | 749486906 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\5B7NHQO2\rs=AItRSTPlPDh3JqT4hZcG--RlbldBDxGPAA[1] Offset: unknown Length: 1024 Value: 5F 2E 72 62 2E 73 70 6C 69 63 65 2E 63 61 6C 6C 28 65 2C 62 2C 31 29 3B 72 65 74 75 72 6E 20 64 7D 3B 5F 2E 73 62 3D 66 75 6E 63 74 69 6F 6E 28 65 29 7B 76 61 72 20 61 3D 65 2E 6C 65 6E 67 74 68 3B 69 66 28 30 3C 61 29 7B 66 6F 72 28 76 61 72 20 62 3D 28 30 2C 77 69 6E 64 6F 77 2E 41 72 72 61 79 29 | success or wait | 749489920 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\5B7NHQO2\rs=AItRSTPlPDh3JqT4hZcG--RlbldBDxGPAA[1] Offset: unknown Length: 1024 Value: 6F 77 2E 4F 62 6A 65 63 74 2E 70 72 6F 74 6F 74 79 70 65 2E 68 61 73 4F 77 6E 50 72 6F 70 65 72 74 79 2E 63 61 6C 6C 28 64 2C 62 29 26 26 28 65 5B 62 5D 3D 64 5B 62 5D 29 7D 7D 3B 5F 2E 64 61 61 3D 66 75 6E 63 74 69 6F 6E 28 65 29 7B 69 66 28 22 66 75 6E 63 74 69 6F 6E 22 3D 3D 74 79 70 65 6F 66 20 | success or wait | 749492075 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\5B7NHQO2\rs=AItRSTPlPDh3JqT4hZcG--RlbldBDxGPAA[1] Offset: unknown Length: 598 Value: 75 6E 63 74 69 6F 6E 28 65 29 7B 69 66 28 65 2E 77 6C 21 3D 65 2E 42 2E 6C 65 6E 67 74 68 29 7B 66 6F 72 28 76 61 72 20 61 3D 30 2C 62 3D 30 3B 61 3C 65 2E 42 2E 6C 65 6E 67 74 68 3B 29 7B 76 61 72 20 64 3D 65 2E 42 5B 61 5D 3B 28 30 2C 5F 2E 4A 62 29 28 65 2E 4D 2C 64 29 26 26 28 65 2E 42 5B 62 2B | success or wait | 749494476 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\5B7NHQO2\rs=AItRSTPlPDh3JqT4hZcG--RlbldBDxGPAA[1] Offset: unknown Length: 1024 Value: 62 5B 66 5D 7C 7C 22 22 2C 68 3D 64 5B 66 5D 7C 7C 22 22 2C 69 3D 28 30 2C 77 69 6E 64 6F 77 2E 52 65 67 45 78 70 29 28 22 28 5C 5C 64 2A 29 28 5C 5C 44 2A 29 22 2C 22 67 22 29 2C 6A 3D 28 30 2C 77 69 6E 64 6F 77 2E 52 65 67 45 78 70 29 28 22 28 5C 5C 64 2A 29 28 5C 5C 44 2A 29 22 2C 22 67 22 29 3B | success or wait | 749574583 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\5B7NHQO2\rs=AItRSTPlPDh3JqT4hZcG--RlbldBDxGPAA[1] Offset: unknown Length: 1024 Value: 65 2E 61 4B 3D 5F 2E 77 29 7D 3B 5F 2E 62 63 3D 66 75 6E 63 74 69 6F 6E 28 65 2C 61 2C 62 2C 64 29 7B 65 2E 57 2E 70 75 73 68 28 5B 61 2C 62 2C 64 5D 29 3B 65 2E 66 79 26 26 28 30 2C 5F 2E 59 62 29 28 65 29 3B 72 65 74 75 72 6E 20 65 7D 3B 5F 2E 63 63 3D 66 75 6E 63 74 69 6F 6E 28 65 29 7B 72 65 74 | success or wait | 749576736 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\5B7NHQO2\rs=AItRSTPlPDh3JqT4hZcG--RlbldBDxGPAA[1] Offset: unknown Length: 717 Value: 74 68 69 73 2E 42 3D 5B 5D 3B 74 68 69 73 2E 57 3D 5B 5D 7D 3B 5F 2E 6A 63 3D 66 75 6E 63 74 69 6F 6E 28 65 2C 61 2C 62 2C 64 29 7B 65 3D 6E 65 77 20 5F 2E 68 63 28 62 2C 64 29 3B 61 2E 70 75 73 68 28 65 29 3B 72 65 74 75 72 6E 20 65 7D 3B 0A 5F 2E 6B 63 3D 66 75 6E 63 74 69 6F 6E 28 65 2C 61 29 7B | success or wait | 749579628 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\5B7NHQO2\rs=AItRSTPlPDh3JqT4hZcG--RlbldBDxGPAA[1] Offset: unknown Length: 1024 Value: 5B 67 5D 2C 69 3D 6E 65 77 20 5F 2E 57 62 3B 63 5B 67 5D 3D 69 3B 68 2E 76 42 3F 69 2E 51 74 28 65 2E 7A 4E 29 3A 28 28 30 2C 5F 2E 68 61 61 29 28 65 2C 67 2C 68 2C 21 21 62 2C 69 29 2C 28 30 2C 5F 2E 71 63 29 28 65 2C 67 29 7C 7C 61 2E 70 75 73 68 28 67 29 29 7D 30 3C 61 2E 6C 65 6E 67 74 68 26 26 | success or wait | 749583583 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\5B7NHQO2\rs=AItRSTPlPDh3JqT4hZcG--RlbldBDxGPAA[1] Offset: unknown Length: 1024 Value: 73 68 69 66 74 2E 61 70 70 6C 79 28 64 2C 65 2E 71 76 5B 63 5D 2E 4E 4C 29 29 7D 28 30 2C 5F 2E 76 62 29 28 62 29 3B 72 65 74 75 72 6E 20 62 7D 3B 0A 5F 2E 78 63 3D 66 75 6E 63 74 69 6F 6E 28 65 2C 61 29 7B 65 2E 41 61 7C 7C 28 28 30 2C 5F 2E 6B 63 29 28 65 2E 71 76 5B 61 5D 2C 28 30 2C 5F 2E 64 62 | success or wait | 749585702 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\5B7NHQO2\rs=AItRSTPlPDh3JqT4hZcG--RlbldBDxGPAA[1] Offset: unknown Length: 967 Value: 63 5D 5D 2E 69 56 28 61 29 3B 65 2E 57 2E 6C 65 6E 67 74 68 3D 30 3B 28 30 2C 5F 2E 6E 63 29 28 65 29 7D 3B 0A 5F 2E 7A 63 3D 66 75 6E 63 74 69 6F 6E 28 65 29 7B 66 6F 72 28 3B 65 2E 42 2E 6C 65 6E 67 74 68 3B 29 7B 76 61 72 20 61 3D 28 30 2C 5F 2E 44 63 29 28 65 2E 42 2E 73 68 69 66 74 28 29 2C 66 | success or wait | 749587739 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\5B7NHQO2\rs=AItRSTPlPDh3JqT4hZcG--RlbldBDxGPAA[1] Offset: unknown Length: 1024 Value: 29 3A 30 3C 3D 65 2E 69 6E 64 65 78 4F 66 28 22 69 50 68 6F 6E 65 22 29 26 26 28 5F 2E 47 63 2E 6C 79 3D 5F 2E 6C 2C 5F 2E 47 63 2E 73 79 7C 7C 28 5F 2E 47 63 2E 73 79 3D 5F 2E 6C 2C 61 3D 62 29 29 2C 62 3D 2F 57 65 62 4B 69 74 5C 2F 28 5C 53 2B 29 2F 29 3A 30 3C 3D 65 2E 69 6E 64 65 78 4F 66 28 22 | success or wait | 749590755 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\5B7NHQO2\rs=AItRSTPlPDh3JqT4hZcG--RlbldBDxGPAA[1] Offset: unknown Length: 1024 Value: 5F 2E 47 63 2E 50 74 2C 5F 2E 6B 29 3B 28 30 2C 5F 2E 71 61 29 28 22 67 6F 6F 67 6C 65 2E 62 72 6F 77 73 65 72 2E 70 72 6F 64 75 63 74 2E 41 4E 44 52 4F 49 44 5F 4D 4F 42 49 4C 45 22 2C 5F 2E 47 63 2E 50 78 2C 5F 2E 6B 29 3B 28 30 2C 5F 2E 71 61 29 28 22 67 6F 6F 67 6C 65 2E 62 72 6F 77 73 65 72 2E | success or wait | 749592928 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\5B7NHQO2\rs=AItRSTPlPDh3JqT4hZcG--RlbldBDxGPAA[1] Offset: unknown Length: 87 Value: 63 29 28 5F 2E 49 63 2C 65 29 7D 3B 0A 5F 2E 4D 63 3D 66 75 6E 63 74 69 6F 6E 28 65 29 7B 76 61 72 20 61 3D 30 3D 3D 65 7C 7C 32 3D 3D 65 2C 65 3D 30 3D 3D 65 7C 7C 31 3D 3D 65 3F 22 48 65 69 67 68 74 22 3A 22 57 69 64 74 68 22 3B 69 66 28 5F 2E 46 63 2E 48 73 | success or wait | 749593767 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\5B7NHQO2\rs=AItRSTPlPDh3JqT4hZcG--RlbldBDxGPAA[1] Offset: unknown Length: 1024 Value: 26 26 28 5F 2E 47 63 2E 50 74 7C 7C 5F 2E 47 63 2E 50 78 7C 7C 5F 2E 47 63 2E 48 44 29 29 7B 69 66 28 5F 2E 47 63 2E 48 44 29 72 65 74 75 72 6E 20 61 3D 77 69 6E 64 6F 77 2E 73 63 72 65 65 6E 2E 77 69 64 74 68 2C 36 30 30 3D 3D 61 3F 22 57 69 64 74 68 22 3D 3D 65 3F 36 30 30 3A 31 30 32 34 3A 31 30 | success or wait | 749844990 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\5B7NHQO2\rs=AItRSTPlPDh3JqT4hZcG--RlbldBDxGPAA[1] Offset: unknown Length: 1024 Value: 5B 5D 7D 62 3D 65 2E 6D 61 74 63 68 28 5F 2E 50 63 29 3B 64 3D 62 5B 32 5D 26 26 28 30 2C 77 69 6E 64 6F 77 2E 52 65 67 45 78 70 29 28 22 5C 5C 62 22 2B 62 5B 32 5D 2B 22 5C 5C 62 22 29 3B 62 3D 28 61 7C 7C 77 69 6E 64 6F 77 2E 64 6F 63 75 6D 65 6E 74 29 2E 67 65 74 45 6C 65 6D 65 6E 74 73 42 79 54 | success or wait | 749847139 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\5B7NHQO2\rs=AItRSTPlPDh3JqT4hZcG--RlbldBDxGPAA[1] Offset: unknown Length: 761 Value: 73 74 65 6E 65 72 28 61 2C 62 2C 5F 2E 77 29 3A 65 2E 61 74 74 61 63 68 45 76 65 6E 74 28 22 6F 6E 22 2B 61 2C 62 29 7D 3B 5F 2E 5A 63 3D 66 75 6E 63 74 69 6F 6E 28 65 2C 61 2C 62 29 7B 65 2E 72 65 6D 6F 76 65 45 76 65 6E 74 4C 69 73 74 65 6E 65 72 3F 65 2E 72 65 6D 6F 76 65 45 76 65 6E 74 4C 69 73 | success or wait | 749848918 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\5B7NHQO2\rs=AItRSTPlPDh3JqT4hZcG--RlbldBDxGPAA[1] Offset: unknown Length: 1024 Value: 6A 2C 68 28 63 29 29 72 65 74 75 72 6E 20 63 7D 72 65 74 75 72 6E 22 66 75 6E 63 74 69 6F 6E 22 3D 3D 74 79 70 65 6F 66 20 64 3F 62 3A 63 7D 3B 0A 5F 2E 65 64 3D 66 75 6E 63 74 69 6F 6E 28 65 2C 61 2C 62 29 7B 69 66 28 21 28 30 2C 5F 2E 64 64 29 28 33 32 2C 5B 65 2C 61 2C 62 5D 2C 30 2C 5F 2E 6C 29 | success or wait | 750543203 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\5B7NHQO2\rs=AItRSTPlPDh3JqT4hZcG--RlbldBDxGPAA[1] Offset: unknown Length: 1024 Value: 22 2B 61 3A 22 22 29 7D 3B 5F 2E 69 64 3D 66 75 6E 63 74 69 6F 6E 28 29 7B 76 61 72 20 65 3D 77 69 6E 64 6F 77 2E 6C 6F 63 61 74 69 6F 6E 3B 72 65 74 75 72 6E 20 65 2E 68 61 73 68 3F 65 2E 68 72 65 66 2E 73 75 62 73 74 72 28 65 2E 68 72 65 66 2E 69 6E 64 65 78 4F 66 28 22 23 22 29 29 3A 22 22 7D 3B | success or wait | 750553488 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\5B7NHQO2\rs=AItRSTPlPDh3JqT4hZcG--RlbldBDxGPAA[1] Offset: unknown Length: 376 Value: 6E 28 65 29 7B 66 6F 72 28 76 61 72 20 61 3D 30 3B 61 3C 5F 2E 73 64 2E 6C 65 6E 67 74 68 3B 61 2B 2B 29 69 66 28 5F 2E 73 64 5B 61 5D 3D 3D 65 29 72 65 74 75 72 6E 3B 5F 2E 73 64 2E 70 75 73 68 28 65 29 3B 5F 2E 74 64 7C 7C 28 5F 2E 75 64 3D 77 69 6E 64 6F 77 2E 6F 72 69 65 6E 74 61 74 69 6F 6E 2C | success or wait | 750555159 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\5B7NHQO2\rs=AItRSTPlPDh3JqT4hZcG--RlbldBDxGPAA[1] Offset: unknown Length: 1024 Value: 64 3D 66 75 6E 63 74 69 6F 6E 28 29 7B 69 66 28 21 28 22 6F 72 69 65 6E 74 61 74 69 6F 6E 22 69 6E 20 77 69 6E 64 6F 77 26 26 21 28 30 2C 5F 2E 71 64 29 28 29 26 26 77 69 6E 64 6F 77 2E 6F 72 69 65 6E 74 61 74 69 6F 6E 3D 3D 5F 2E 75 64 7C 7C 77 69 6E 64 6F 77 2E 69 6E 6E 65 72 57 69 64 74 68 3D 3D | success or wait | 750566146 |
Process information queried | PID: 2948 Info Class: Wow64Information | success or wait | 750568264 |
File opened | Path: C:\WINDOWS\system32\wininet.dll Access: synchronize and generic read Options: synchronous io non alert and non directory file and random access Overwritten: false | success or wait | 750568758 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and write and read and execute and extend size Type: image Baseaddress: 52B0000 Size: 942080 Protection: readonly Mapped to pid: own pid | image not at base | 750569797 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\5B7NHQO2\rs=AItRSTPlPDh3JqT4hZcG--RlbldBDxGPAA[1] Offset: unknown Length: 1024 Value: 29 7C 7C 30 3D 3D 61 29 26 26 65 2E 6F 66 66 73 65 74 48 65 69 67 68 74 29 61 3D 65 2E 6F 66 66 73 65 74 48 65 69 67 68 74 2D 28 30 2C 5F 2E 7A 64 29 28 65 2C 22 70 61 64 64 69 6E 67 2D 74 6F 70 22 29 2D 28 30 2C 5F 2E 7A 64 29 28 65 2C 22 70 61 64 64 69 6E 67 2D 62 6F 74 74 6F 6D 22 29 2D 28 30 2C | success or wait | 750575802 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\5B7NHQO2\rs=AItRSTPlPDh3JqT4hZcG--RlbldBDxGPAA[1] Offset: unknown Length: 1024 Value: 7C 22 72 65 6C 61 74 69 76 65 22 3D 3D 61 29 29 72 65 74 75 72 6E 20 65 7D 72 65 74 75 72 6E 20 5F 2E 70 7D 3B 0A 5F 2E 44 64 3D 66 75 6E 63 74 69 6F 6E 28 65 29 7B 76 61 72 20 61 3B 74 72 79 7B 61 3D 65 2E 6F 66 66 73 65 74 50 61 72 65 6E 74 7D 63 61 74 63 68 28 62 29 7B 61 3D 28 30 2C 5F 2E 43 64 | success or wait | 750578788 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\5B7NHQO2\rs=AItRSTPlPDh3JqT4hZcG--RlbldBDxGPAA[1] Offset: unknown Length: 628 Value: 76 65 6E 74 3B 5F 2E 46 63 2E 6E 64 3F 65 2E 63 61 6E 63 65 6C 42 75 62 62 6C 65 3D 5F 2E 6C 3A 65 2E 73 74 6F 70 50 72 6F 70 61 67 61 74 69 6F 6E 26 26 65 2E 73 74 6F 70 50 72 6F 70 61 67 61 74 69 6F 6E 28 29 7D 3B 5F 2E 50 64 3D 66 75 6E 63 74 69 6F 6E 28 65 29 7B 65 2E 73 74 79 6C 65 2E 64 69 73 | success or wait | 750580389 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\5B7NHQO2\rs=AItRSTPlPDh3JqT4hZcG--RlbldBDxGPAA[1] Offset: unknown Length: 1024 Value: 41 72 72 61 79 2E 70 72 6F 74 6F 74 79 70 65 2E 69 6E 64 65 78 4F 66 2E 63 61 6C 6C 28 65 2C 61 2C 62 29 3B 66 6F 72 28 62 3D 62 3D 3D 5F 2E 70 3F 30 3A 30 3E 62 3F 77 69 6E 64 6F 77 2E 4D 61 74 68 2E 6D 61 78 28 30 2C 65 2E 6C 65 6E 67 74 68 2B 62 29 3A 62 3B 62 3C 65 2E 6C 65 6E 67 74 68 3B 62 2B | success or wait | 750583638 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\5B7NHQO2\rs=AItRSTPlPDh3JqT4hZcG--RlbldBDxGPAA[1] Offset: unknown Length: 1024 Value: 65 6D 65 6E 74 73 42 79 54 61 67 4E 61 6D 65 28 22 41 22 29 3B 77 69 6E 64 6F 77 2E 67 6F 6F 67 6C 65 2E 62 61 73 65 5F 68 72 65 66 3D 28 30 2C 5F 2E 59 64 29 28 77 69 6E 64 6F 77 2E 67 6F 6F 67 6C 65 2E 62 61 73 65 5F 68 72 65 66 2C 65 2C 61 29 3B 66 6F 72 28 76 61 72 20 66 3D 30 2C 67 3B 67 3D 63 | success or wait | 750585761 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\5B7NHQO2\rs=AItRSTPlPDh3JqT4hZcG--RlbldBDxGPAA[1] Offset: unknown Length: 797 Value: 68 69 73 2E 42 2C 22 6D 6F 75 73 65 6F 76 65 72 22 2C 74 68 69 73 2E 6C 61 29 3B 28 30 2C 5F 2E 59 63 29 28 74 68 69 73 2E 42 2C 22 6D 6F 75 73 65 6F 75 74 22 2C 74 68 69 73 2E 57 29 3B 28 30 2C 5F 2E 59 63 29 28 74 68 69 73 2E 42 2C 22 66 6F 63 75 73 22 2C 74 68 69 73 2E 6C 61 29 3B 28 30 2C 5F 2E | success or wait | 750588944 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\5B7NHQO2\sem_feed2a2e2d54cd5f40fb4b5f5244fff2[1].js Offset: unknown Length: 55 Value: 28 66 75 6E 63 74 69 6F 6E 28 29 7B 74 72 79 7B 76 61 72 20 69 3D 76 6F 69 64 20 30 2C 6B 3D 21 30 2C 6C 3D 6E 75 6C 6C 2C 6D 3D 21 31 2C 6E 2C 70 3D 74 68 69 73 2C | success or wait | 750593977 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\5B7NHQO2\rs=AItRSTPlPDh3JqT4hZcG--RlbldBDxGPAA[1] Offset: unknown Length: 1024 Value: 70 65 6E 28 22 22 29 29 3B 64 2E 47 4F 4F 47 4C 45 5F 46 45 45 44 42 41 43 4B 5F 53 54 41 52 54 5F 41 52 47 55 4D 45 4E 54 53 3D 61 72 67 75 6D 65 6E 74 73 3B 66 3F 66 2E 61 70 70 6C 79 28 64 2C 61 72 67 75 6D 65 6E 74 73 29 3A 28 64 3D 64 2E 64 6F 63 75 6D 65 6E 74 2C 66 3D 64 2E 63 72 65 61 74 65 | success or wait | 750603182 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\5B7NHQO2\rs=AItRSTPlPDh3JqT4hZcG--RlbldBDxGPAA[1] Offset: unknown Length: 1024 Value: 61 61 2C 66 75 6E 63 74 69 6F 6E 28 61 29 7B 69 66 28 61 20 69 6E 20 5F 2E 69 65 29 72 65 74 75 72 6E 20 5F 2E 69 65 5B 61 5D 3B 76 61 72 20 65 3D 61 2E 63 68 61 72 43 6F 64 65 41 74 28 30 29 2C 62 3D 22 5C 5C 75 22 3B 31 36 3E 65 3F 62 2B 3D 22 30 30 30 22 3A 32 35 36 3E 65 3F 62 2B 3D 22 30 30 22 | success or wait | 750605320 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\5B7NHQO2\rs=AItRSTPlPDh3JqT4hZcG--RlbldBDxGPAA[1] Offset: unknown Length: 1008 Value: 2E 70 6D 63 3D 5F 2E 70 2C 77 69 6E 64 6F 77 2E 67 6F 6F 67 6C 65 2E 73 6D 63 3D 5F 2E 70 29 3B 22 69 6E 69 74 22 3D 3D 65 3F 5F 2E 6E 65 3D 5F 2E 6C 3A 22 64 69 73 70 6F 73 65 22 3D 3D 65 26 26 28 5F 2E 6E 65 3D 5F 2E 77 29 7D 7D 3B 5F 2E 6F 65 3D 66 75 6E 63 74 69 6F 6E 28 65 2C 61 2C 62 29 7B 74 | success or wait | 750607431 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\5B7NHQO2\rs=AItRSTPlPDh3JqT4hZcG--RlbldBDxGPAA[1] Offset: unknown Length: 1024 Value: 45 65 3D 66 75 6E 63 74 69 6F 6E 28 29 7B 76 61 72 20 65 3D 5F 2E 6D 63 2E 66 61 28 29 3B 69 66 28 21 5F 2E 46 65 29 7B 65 2E 45 48 3D 5F 2E 6C 3B 76 61 72 20 61 3D 6E 65 77 20 5F 2E 44 65 28 77 69 6E 64 6F 77 2E 67 6F 6F 67 6C 65 2E 78 6A 73 75 29 3B 65 2E 6E 4A 3D 61 3B 5F 2E 46 65 3D 5F 2E 6C 7D | success or wait | 750610431 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\5B7NHQO2\rs=AItRSTPlPDh3JqT4hZcG--RlbldBDxGPAA[1] Offset: unknown Length: 1024 Value: 64 6F 77 2E 4D 61 74 68 2E 6D 61 78 28 30 2C 65 2E 6C 65 6E 67 74 68 2B 62 29 3A 62 3B 69 66 28 28 30 2C 5F 2E 58 61 29 28 65 29 29 72 65 74 75 72 6E 21 28 30 2C 5F 2E 58 61 29 28 61 29 7C 7C 31 21 3D 61 2E 6C 65 6E 67 74 68 3F 2D 31 3A 65 2E 69 6E 64 65 78 4F 66 28 61 2C 62 29 3B 66 6F 72 28 3B 62 | success or wait | 750612611 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\5B7NHQO2\rs=AItRSTPlPDh3JqT4hZcG--RlbldBDxGPAA[1] Offset: unknown Length: 1024 Value: 29 28 65 29 3F 65 2E 73 70 6C 69 74 28 22 22 29 3A 65 2C 66 3D 30 3B 66 3C 64 3B 66 2B 2B 29 69 66 28 66 20 69 6E 20 63 26 26 21 61 2E 63 61 6C 6C 28 62 2C 63 5B 66 5D 2C 66 2C 65 29 29 72 65 74 75 72 6E 20 5F 2E 77 3B 72 65 74 75 72 6E 20 5F 2E 6C 7D 3B 0A 5F 2E 4A 65 3D 22 53 74 6F 70 49 74 65 72 | success or wait | 750614463 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\5B7NHQO2\rs=AItRSTPlPDh3JqT4hZcG--RlbldBDxGPAA[1] Offset: unknown Length: 428 Value: 5F 2E 4B 62 29 28 74 68 69 73 29 2C 5F 2E 6C 29 3A 5F 2E 77 7D 3B 5F 2E 49 2E 67 65 74 3D 66 75 6E 63 74 69 6F 6E 20 24 6A 28 61 2C 62 29 7B 72 65 74 75 72 6E 28 30 2C 5F 2E 4A 62 29 28 74 68 69 73 2E 4D 2C 61 29 3F 74 68 69 73 2E 4D 5B 61 5D 3A 62 7D 3B 5F 2E 49 2E 73 65 74 3D 66 75 6E 63 74 69 6F | success or wait | 750616253 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\5B7NHQO2\rs=AItRSTPlPDh3JqT4hZcG--RlbldBDxGPAA[1] Offset: unknown Length: 1024 Value: 72 65 61 74 65 64 22 29 29 3B 62 3E 3D 64 2E 6C 65 6E 67 74 68 26 26 28 30 2C 5F 2E 62 61 29 28 5F 2E 4A 65 29 3B 76 61 72 20 68 3D 64 5B 62 2B 2B 5D 3B 72 65 74 75 72 6E 20 61 3F 68 3A 63 5B 68 5D 7D 7D 3B 72 65 74 75 72 6E 20 68 7D 3B 0A 5F 2E 4F 65 3D 5F 2E 4E 65 3D 5F 2E 4D 65 3D 5F 2E 4C 65 3D | success or wait | 750619413 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\5B7NHQO2\rs=AItRSTPlPDh3JqT4hZcG--RlbldBDxGPAA[1] Offset: unknown Length: 1024 Value: 70 72 6F 74 6F 74 79 70 65 2E 64 69 73 70 6F 73 65 3D 66 75 6E 63 74 69 6F 6E 20 24 6F 28 29 7B 74 68 69 73 2E 41 61 7C 7C 28 74 68 69 73 2E 41 61 3D 5F 2E 6C 2C 74 68 69 73 2E 57 64 28 29 29 7D 3B 5F 2E 54 62 2E 70 72 6F 74 6F 74 79 70 65 2E 57 64 3D 66 75 6E 63 74 69 6F 6E 20 24 70 28 29 7B 74 68 | success or wait | 750624002 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\5B7NHQO2\rs=AItRSTPlPDh3JqT4hZcG--RlbldBDxGPAA[1] Offset: unknown Length: 638 Value: 2E 70 72 6F 74 6F 74 79 70 65 2E 6D 65 73 73 61 67 65 3D 22 41 6C 72 65 61 64 79 20 63 61 6C 6C 65 64 22 3B 28 30 2C 5F 2E 67 62 29 28 5F 2E 66 63 2C 5F 2E 68 62 29 3B 5F 2E 66 63 2E 70 72 6F 74 6F 74 79 70 65 2E 6D 65 73 73 61 67 65 3D 22 44 65 66 65 72 72 65 64 20 77 61 73 20 63 61 6E 63 65 6C 6C | success or wait | 750625613 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\5B7NHQO2\rs=AItRSTPlPDh3JqT4hZcG--RlbldBDxGPAA[1] Offset: unknown Length: 1024 Value: 28 29 7B 5F 2E 69 63 2E 44 62 2E 57 64 2E 63 61 6C 6C 28 74 68 69 73 29 3B 28 30 2C 5F 2E 55 62 29 28 74 68 69 73 2E 76 42 29 7D 3B 0A 28 30 2C 5F 2E 67 62 29 28 5F 2E 6D 63 2C 5F 2E 54 62 29 3B 28 30 2C 5F 2E 50 61 29 28 5F 2E 6D 63 29 3B 5F 2E 49 3D 5F 2E 6D 63 2E 70 72 6F 74 6F 74 79 70 65 3B 5F | success or wait | 750628625 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\5B7NHQO2\rs=AItRSTPlPDh3JqT4hZcG--RlbldBDxGPAA[1] Offset: unknown Length: 1024 Value: 63 5D 2E 70 75 73 68 28 66 29 7D 7D 3B 20 5F 2E 49 2E 57 64 3D 66 75 6E 63 74 69 6F 6E 20 24 4A 28 29 7B 5F 2E 6D 63 2E 44 62 2E 57 64 2E 63 61 6C 6C 28 74 68 69 73 29 3B 28 30 2C 5F 2E 47 62 29 28 28 30 2C 5F 2E 42 62 29 28 74 68 69 73 2E 71 76 29 2C 5F 2E 55 62 29 3B 74 68 69 73 2E 6C 61 3D 74 68 | success or wait | 750632011 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\5B7NHQO2\rs=AItRSTPlPDh3JqT4hZcG--RlbldBDxGPAA[1] Offset: unknown Length: 1024 Value: 64 6F 6D 2E 63 72 65 61 74 65 22 2C 5F 2E 4F 63 2C 5F 2E 6B 29 3B 28 30 2C 5F 2E 71 61 29 28 22 67 6F 6F 67 6C 65 2E 64 6F 6D 2E 67 65 74 22 2C 5F 2E 52 63 2C 5F 2E 6B 29 3B 28 30 2C 5F 2E 71 61 29 28 22 67 6F 6F 67 6C 65 2E 64 6F 6D 2E 67 65 74 41 6C 6C 22 2C 5F 2E 51 63 2C 5F 2E 6B 29 3B 28 30 2C | success or wait | 750635203 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\5B7NHQO2\rs=AItRSTPlPDh3JqT4hZcG--RlbldBDxGPAA[1] Offset: unknown Length: 441 Value: 63 61 70 65 22 2C 5F 2E 6F 64 2C 5F 2E 6B 29 3B 28 30 2C 5F 2E 71 61 29 28 22 67 6F 6F 67 6C 65 2E 6F 72 69 2E 6C 61 6E 64 73 63 61 70 65 46 72 6F 6D 44 69 6D 22 2C 5F 2E 70 64 2C 5F 2E 6B 29 3B 28 30 2C 5F 2E 71 61 29 28 22 67 6F 6F 67 6C 65 2E 6F 72 69 2E 61 64 64 4C 69 73 74 65 6E 65 72 22 2C 5F | success or wait | 750636610 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\5B7NHQO2\rs=AItRSTPlPDh3JqT4hZcG--RlbldBDxGPAA[1] Offset: unknown Length: 1024 Value: 53 74 61 72 74 22 2C 5F 2E 46 64 2C 5F 2E 6B 29 3B 28 30 2C 5F 2E 71 61 29 28 22 67 6F 6F 67 6C 65 2E 73 74 79 6C 65 2E 67 65 74 43 6F 6C 6F 72 22 2C 66 75 6E 63 74 69 6F 6E 28 65 29 7B 72 65 74 75 72 6E 22 22 2B 28 30 2C 5F 2E 7A 64 29 28 65 2C 22 63 6F 6C 6F 72 22 2C 5F 2E 6C 29 7D 2C 5F 2E 6B 29 | success or wait | 750639597 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\5B7NHQO2\rs=AItRSTPlPDh3JqT4hZcG--RlbldBDxGPAA[1] Offset: unknown Length: 1024 Value: 74 79 6C 65 2E 64 69 73 70 6C 61 79 29 7B 61 2E 73 74 79 6C 65 2E 64 69 73 70 6C 61 79 3D 22 22 3B 76 61 72 20 62 3D 5F 2E 77 3B 5F 2E 51 64 5B 65 5D 3D 66 75 6E 63 74 69 6F 6E 20 24 4B 28 29 7B 62 3F 28 30 2C 5F 2E 50 64 29 28 61 29 3A 62 3D 5F 2E 6C 7D 3B 28 30 2C 5F 2E 59 63 29 28 77 69 6E 64 6F | success or wait | 750641693 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\5B7NHQO2\rs=AItRSTPlPDh3JqT4hZcG--RlbldBDxGPAA[1] Offset: unknown Length: 1024 Value: 73 2E 57 29 3B 28 30 2C 5F 2E 5A 63 29 28 74 68 69 73 2E 42 2C 22 63 6C 69 63 6B 22 2C 74 68 69 73 2E 57 29 3B 28 30 2C 5F 2E 5A 63 29 28 74 68 69 73 2E 42 2C 22 6B 65 79 64 6F 77 6E 22 2C 74 68 69 73 2E 57 29 7D 3B 0A 5F 2E 49 2E 78 52 3D 66 75 6E 63 74 69 6F 6E 20 24 4D 28 29 7B 74 68 69 73 2E 42 | success or wait | 750643797 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\5B7NHQO2\rs=AItRSTPlPDh3JqT4hZcG--RlbldBDxGPAA[1] Offset: unknown Length: 555 Value: 2E 4F 50 45 52 41 26 26 28 74 68 69 73 2E 4D 2E 73 74 79 6C 65 2E 63 73 73 54 65 78 74 2B 3D 22 2D 6F 2D 74 72 61 6E 73 69 74 69 6F 6E 3A 6F 70 61 63 69 74 79 20 30 2E 31 33 73 3B 22 29 3B 74 68 69 73 2E 5A 2E 73 74 79 6C 65 2E 63 73 73 54 65 78 74 3D 22 62 6F 72 64 65 72 3A 36 70 78 20 73 6F 6C 69 | success or wait | 750645348 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\5B7NHQO2\rs=AItRSTPlPDh3JqT4hZcG--RlbldBDxGPAA[1] Offset: unknown Length: 1024 Value: 77 69 6E 64 6F 77 2E 64 6F 63 75 6D 65 6E 74 2E 62 6F 64 79 2E 61 70 70 65 6E 64 43 68 69 6C 64 28 74 68 69 73 2E 4D 29 3B 76 61 72 20 61 3D 74 68 69 73 2E 42 2E 6F 66 66 73 65 74 57 69 64 74 68 2C 62 3D 74 68 69 73 2E 42 2E 6F 66 66 73 65 74 4C 65 66 74 2C 64 3D 74 68 69 73 2E 4D 2E 6F 66 66 73 65 | success or wait | 750648332 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\5B7NHQO2\rs=AItRSTPlPDh3JqT4hZcG--RlbldBDxGPAA[1] Offset: unknown Length: 1024 Value: 66 22 2C 22 22 29 3B 76 61 72 20 62 3D 7B 70 72 6F 64 75 63 74 49 64 3A 31 39 36 2C 6C 6F 63 61 6C 65 3A 77 69 6E 64 6F 77 2E 67 6F 6F 67 6C 65 2E 6B 48 4C 2C 61 75 74 68 75 73 65 72 3A 77 69 6E 64 6F 77 2E 67 6F 6F 67 6C 65 2E 61 75 74 68 75 73 65 72 2C 68 74 74 70 73 3A 77 69 6E 64 6F 77 2E 67 6F | success or wait | 750650833 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\5B7NHQO2\rs=AItRSTPlPDh3JqT4hZcG--RlbldBDxGPAA[1] Offset: unknown Length: 988 Value: 62 61 63 6B 22 2C 66 75 6E 63 74 69 6F 6E 28 65 29 7B 5F 2E 68 66 2E 70 75 73 68 28 65 29 7D 2C 5F 2E 6B 29 3B 28 30 2C 5F 2E 71 61 29 28 22 67 6F 6F 67 6C 65 2E 48 69 73 74 6F 72 79 2E 63 6C 69 65 6E 74 22 2C 5F 2E 77 65 2C 5F 2E 6B 29 3B 28 30 2C 5F 2E 71 61 29 28 22 67 6F 6F 67 6C 65 2E 48 69 73 | success or wait | 750653049 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\5B7NHQO2\sem_feed2a2e2d54cd5f40fb4b5f5244fff2[1].js Offset: unknown Length: 1024 Value: 71 3D 66 75 6E 63 74 69 6F 6E 28 61 2C 62 2C 63 29 7B 61 3D 61 2E 73 70 6C 69 74 28 22 2E 22 29 3B 63 3D 63 7C 7C 70 3B 21 28 61 5B 30 5D 69 6E 20 63 29 26 26 63 2E 65 78 65 63 53 63 72 69 70 74 26 26 63 2E 65 78 65 63 53 63 72 69 70 74 28 22 76 61 72 20 22 2B 61 5B 30 5D 29 3B 66 6F 72 28 76 61 72 | success or wait | 750706456 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\5B7NHQO2\sem_feed2a2e2d54cd5f40fb4b5f5244fff2[1].js Offset: unknown Length: 1024 Value: 2C 63 29 7B 72 65 74 75 72 6E 20 61 2E 63 61 6C 6C 2E 61 70 70 6C 79 28 61 2E 62 69 6E 64 2C 61 72 67 75 6D 65 6E 74 73 29 7D 2C 65 61 3D 66 75 6E 63 74 69 6F 6E 28 61 2C 62 2C 63 29 7B 69 66 28 21 61 29 74 68 72 6F 77 20 45 72 72 6F 72 28 29 3B 69 66 28 32 3C 61 72 67 75 6D 65 6E 74 73 2E 6C 65 6E | success or wait | 750709813 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\5B7NHQO2\sem_feed2a2e2d54cd5f40fb4b5f5244fff2[1].js Offset: unknown Length: 771 Value: 65 78 4F 66 3F 66 75 6E 63 74 69 6F 6E 28 61 2C 62 2C 63 29 7B 72 65 74 75 72 6E 20 77 2E 69 6E 64 65 78 4F 66 2E 63 61 6C 6C 28 61 2C 62 2C 63 29 7D 3A 66 75 6E 63 74 69 6F 6E 28 61 2C 62 2C 63 29 7B 63 3D 63 3D 3D 6C 3F 30 3A 30 3E 63 3F 4D 61 74 68 2E 6D 61 78 28 30 2C 61 2E 6C 65 6E 67 74 68 2B | success or wait | 750711602 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\5B7NHQO2\sem_feed2a2e2d54cd5f40fb4b5f5244fff2[1].js Offset: unknown Length: 1024 Value: 61 29 3F 61 3A 30 3B 74 68 69 73 2E 79 3D 61 61 28 62 29 3F 62 3A 30 7D 3B 76 61 72 20 73 61 3D 66 75 6E 63 74 69 6F 6E 28 61 2C 62 29 7B 74 68 69 73 2E 77 69 64 74 68 3D 61 3B 74 68 69 73 2E 68 65 69 67 68 74 3D 62 7D 3B 73 61 2E 70 72 6F 74 6F 74 79 70 65 2E 66 6C 6F 6F 72 3D 66 75 6E 63 74 69 6F | success or wait | 750714618 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\5B7NHQO2\sem_feed2a2e2d54cd5f40fb4b5f5244fff2[1].js Offset: unknown Length: 1024 Value: 62 4B 69 74 5C 2F 28 5C 53 2B 29 2F 29 2C 4A 61 29 76 61 72 20 4C 61 3D 4A 61 2E 65 78 65 63 28 42 61 28 29 29 2C 49 61 3D 4C 61 3F 4C 61 5B 31 5D 3A 22 22 3B 69 66 28 7A 29 7B 76 61 72 20 4D 61 2C 50 61 3D 70 2E 64 6F 63 75 6D 65 6E 74 3B 4D 61 3D 50 61 3F 50 61 2E 64 6F 63 75 6D 65 6E 74 4D 6F 64 | success or wait | 750716787 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\5B7NHQO2\sem_feed2a2e2d54cd5f40fb4b5f5244fff2[1].js Offset: unknown Length: 439 Value: 53 61 28 22 39 22 29 3B 76 61 72 20 59 61 3D 66 75 6E 63 74 69 6F 6E 28 61 29 7B 61 3D 61 2E 63 6C 61 73 73 4E 61 6D 65 3B 72 65 74 75 72 6E 20 75 28 61 29 26 26 61 2E 6D 61 74 63 68 28 2F 5C 53 2B 2F 67 29 7C 7C 5B 5D 7D 2C 24 61 3D 66 75 6E 63 74 69 6F 6E 28 61 2C 62 29 7B 76 61 72 20 63 3D 59 61 | success or wait | 750722761 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\5B7NHQO2\sem_feed2a2e2d54cd5f40fb4b5f5244fff2[1].js Offset: unknown Length: 1024 Value: 62 2C 61 29 29 7D 29 7D 3B 76 61 72 20 65 62 3D 66 75 6E 63 74 69 6F 6E 28 61 29 7B 72 65 74 75 72 6E 20 61 3F 6E 65 77 20 63 62 28 64 62 28 61 29 29 3A 56 61 7C 7C 28 56 61 3D 6E 65 77 20 63 62 29 7D 2C 67 62 3D 66 75 6E 63 74 69 6F 6E 28 61 2C 62 29 7B 76 61 72 20 63 3D 62 7C 7C 64 6F 63 75 6D 65 | success or wait | 750725801 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\5B7NHQO2\sem_feed2a2e2d54cd5f40fb4b5f5244fff2[1].js Offset: unknown Length: 914 Value: 70 61 6E 22 2C 0A 76 61 6C 69 67 6E 3A 22 76 41 6C 69 67 6E 22 2C 68 65 69 67 68 74 3A 22 68 65 69 67 68 74 22 2C 77 69 64 74 68 3A 22 77 69 64 74 68 22 2C 75 73 65 6D 61 70 3A 22 75 73 65 4D 61 70 22 2C 66 72 61 6D 65 62 6F 72 64 65 72 3A 22 66 72 61 6D 65 42 6F 72 64 65 72 22 2C 6D 61 78 6C 65 6E | success or wait | 750726324 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\5B7NHQO2\sem_feed2a2e2d54cd5f40fb4b5f5244fff2[1].js Offset: unknown Length: 1024 Value: 39 3D 3D 61 2E 6E 6F 64 65 54 79 70 65 3F 61 3A 61 2E 6F 77 6E 65 72 44 6F 63 75 6D 65 6E 74 7C 7C 61 2E 64 6F 63 75 6D 65 6E 74 7D 2C 6E 62 3D 7B 53 43 52 49 50 54 3A 31 2C 53 54 59 4C 45 3A 31 2C 48 45 41 44 3A 31 2C 49 46 52 41 4D 45 3A 31 2C 4F 42 4A 45 43 54 3A 31 7D 2C 6F 62 3D 7B 49 4D 47 3A | success or wait | 751352522 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\5B7NHQO2\sem_feed2a2e2d54cd5f40fb4b5f5244fff2[1].js Offset: unknown Length: 1024 Value: 75 62 3A 31 2C 53 62 3A 32 2C 52 62 3A 33 2C 77 62 3A 34 2C 76 62 3A 35 2C 79 62 3A 36 2C 78 62 3A 37 2C 4C 62 3A 38 7D 3B 76 61 72 20 76 62 3D 5B 5D 2C 77 62 3D 6C 2C 49 3D 66 75 6E 63 74 69 6F 6E 28 61 2C 62 29 7B 76 62 2E 70 75 73 68 28 5B 61 2C 62 5D 29 7D 2C 78 62 3D 66 75 6E 63 74 69 6F 6E 28 | success or wait | 751355607 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\5B7NHQO2\sem_feed2a2e2d54cd5f40fb4b5f5244fff2[1].js Offset: unknown Length: 472 Value: 69 65 6E 74 57 69 64 74 68 3A 64 6F 63 75 6D 65 6E 74 2E 64 6F 63 75 6D 65 6E 74 45 6C 65 6D 65 6E 74 26 26 64 6F 63 75 6D 65 6E 74 2E 64 6F 63 75 6D 65 6E 74 45 6C 65 6D 65 6E 74 2E 63 6C 69 65 6E 74 57 69 64 74 68 3F 64 6F 63 75 6D 65 6E 74 2E 64 6F 63 75 6D 65 6E 74 45 6C 65 6D 65 6E 74 2E 63 6C | success or wait | 751356984 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\5B7NHQO2\sem_feed2a2e2d54cd5f40fb4b5f5244fff2[1].js Offset: unknown Length: 301 Value: 62 3D 66 75 6E 63 74 69 6F 6E 28 61 29 7B 69 66 28 4B 62 3D 3D 3D 69 29 7B 76 61 72 20 62 3D 64 6F 63 75 6D 65 6E 74 2E 62 6F 64 79 2E 73 74 79 6C 65 3B 4B 62 3D 21 28 62 2E 57 65 62 6B 69 74 42 6F 78 53 68 61 64 6F 77 21 3D 3D 69 7C 7C 62 2E 4D 6F 7A 42 6F 78 53 68 61 64 6F 77 21 3D 3D 69 7C 7C 62 | success or wait | 751359016 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\5B7NHQO2\sem_feed2a2e2d54cd5f40fb4b5f5244fff2[1].js Offset: unknown Length: 1024 Value: 2E 73 74 79 6C 65 2E 68 65 69 67 68 74 3D 61 2E 6F 66 66 73 65 74 48 65 69 67 68 74 2D 35 2B 22 70 78 22 2C 63 2E 73 74 79 6C 65 2E 77 69 64 74 68 3D 61 2E 6F 66 66 73 65 74 57 69 64 74 68 2D 33 2B 22 70 78 22 29 7D 7D 2C 53 62 3D 66 75 6E 63 74 69 6F 6E 28 61 2C 62 29 7B 69 66 28 61 29 7B 76 61 72 | success or wait | 752164403 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\5B7NHQO2\sem_feed2a2e2d54cd5f40fb4b5f5244fff2[1].js Offset: unknown Length: 254 Value: 22 29 29 7B 76 61 72 20 63 3D 61 2E 63 6C 61 73 73 4E 61 6D 65 3B 4E 28 61 2C 62 29 7C 7C 28 61 2E 63 6C 61 73 73 4E 61 6D 65 2B 3D 28 22 22 21 3D 63 3F 22 20 22 3A 22 22 29 2B 62 29 7D 7D 2C 54 62 3D 66 75 6E 63 74 69 6F 6E 28 61 2C 62 29 7B 76 61 72 20 63 3D 61 2E 63 6C 61 73 73 4E 61 6D 65 2C 64 | success or wait | 752165498 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\5B7NHQO2\sem_feed2a2e2d54cd5f40fb4b5f5244fff2[1].js Offset: unknown Length: 1024 Value: 62 3D 66 75 6E 63 74 69 6F 6E 28 61 2C 62 2C 63 2C 64 29 7B 74 72 79 7B 61 3D 61 7C 7C 77 69 6E 64 6F 77 2E 65 76 65 6E 74 3B 63 3D 63 7C 7C 6D 3B 69 66 28 21 49 62 29 7B 76 61 72 20 65 3D 64 6F 63 75 6D 65 6E 74 2E 63 72 65 61 74 65 45 6C 65 6D 65 6E 74 28 22 69 66 72 61 6D 65 22 29 3B 65 2E 66 72 | success or wait | 752192799 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\5B7NHQO2\sem_feed2a2e2d54cd5f40fb4b5f5244fff2[1].js Offset: unknown Length: 1024 Value: 3D 68 2B 22 70 78 22 3B 76 61 72 20 47 3D 68 2C 4A 3D 46 2E 6F 66 66 73 65 74 57 69 64 74 68 3B 4A 21 3D 68 26 26 28 53 2E 77 69 64 74 68 3D 68 2D 28 4A 2D 68 29 2B 22 70 78 22 29 7D 4A 3D 35 3B 69 66 28 30 3E 78 29 76 61 72 20 54 3D 50 62 28 29 2C 4F 3D 77 69 6E 64 6F 77 2E 64 6F 63 75 6D 65 6E 74 | success or wait | 752195028 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\5B7NHQO2\sem_feed2a2e2d54cd5f40fb4b5f5244fff2[1].js Offset: unknown Length: 480 Value: 7B 76 61 72 20 63 3D 64 6F 63 75 6D 65 6E 74 2E 67 65 74 45 6C 65 6D 65 6E 74 42 79 49 64 28 4B 29 3B 69 66 28 63 26 26 22 67 62 7A 22 21 3D 63 2E 69 64 29 7B 76 61 72 20 64 3D 63 2E 67 65 74 45 6C 65 6D 65 6E 74 73 42 79 54 61 67 4E 61 6D 65 28 22 61 22 29 3B 64 26 26 64 2E 6C 65 6E 67 74 68 26 26 | success or wait | 752196415 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\5B7NHQO2\sem_feed2a2e2d54cd5f40fb4b5f5244fff2[1].js Offset: unknown Length: 1024 Value: 3B 66 6F 72 28 64 3D 30 3B 62 3D 63 5B 64 5D 3B 64 2B 2B 29 61 2E 70 75 73 68 28 62 29 7D 66 6F 72 28 64 3D 30 3B 63 3D 61 5B 64 5D 3B 64 2B 2B 29 28 62 3D 59 62 28 63 29 29 26 26 5A 62 28 63 2C 66 61 28 24 62 2C 62 29 29 7D 7D 2C 41 62 3D 66 75 6E 63 74 69 6F 6E 28 61 29 7B 76 61 72 20 62 3D 59 62 | success or wait | 752199430 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\5B7NHQO2\sem_feed2a2e2d54cd5f40fb4b5f5244fff2[1].js Offset: unknown Length: 1024 Value: 75 6E 63 74 69 6F 6E 28 61 2C 62 29 7B 76 61 72 20 63 3B 61 3A 7B 63 3D 64 62 28 61 29 3B 69 66 28 63 2E 64 65 66 61 75 6C 74 56 69 65 77 26 26 63 2E 64 65 66 61 75 6C 74 56 69 65 77 2E 67 65 74 43 6F 6D 70 75 74 65 64 53 74 79 6C 65 26 26 28 63 3D 63 2E 64 65 66 61 75 6C 74 56 69 65 77 2E 67 65 74 | success or wait | 752201551 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\5B7NHQO2\sem_feed2a2e2d54cd5f40fb4b5f5244fff2[1].js Offset: unknown Length: 788 Value: 0A 28 30 3E 62 2E 73 63 72 65 65 6E 58 7C 7C 30 3E 62 2E 73 63 72 65 65 6E 59 29 2C 66 3D 6E 65 77 20 79 28 30 2C 30 29 2C 67 3B 62 3D 63 3F 64 62 28 63 29 3A 64 6F 63 75 6D 65 6E 74 3B 69 66 28 67 3D 7A 29 69 66 28 67 3D 21 55 61 28 39 29 29 67 3D 22 43 53 53 31 43 6F 6D 70 61 74 22 21 3D 65 62 28 | success or wait | 752203386 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\5B7NHQO2\sem_feed2a2e2d54cd5f40fb4b5f5244fff2[1].js Offset: unknown Length: 1024 Value: 3D 62 2E 76 69 73 69 62 69 6C 69 74 79 2C 65 3D 62 2E 70 6F 73 69 74 69 6F 6E 3B 62 2E 76 69 73 69 62 69 6C 69 74 79 3D 22 68 69 64 64 65 6E 22 3B 62 2E 70 6F 73 69 74 69 6F 6E 3D 22 61 62 73 6F 6C 75 74 65 22 3B 62 2E 64 69 73 70 6C 61 79 3D 22 69 6E 6C 69 6E 65 22 3B 61 3D 67 63 28 61 29 3B 62 2E | success or wait | 752207617 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\5B7NHQO2\sem_feed2a2e2d54cd5f40fb4b5f5244fff2[1].js Offset: unknown Length: 1024 Value: 68 28 63 29 7B 42 28 63 2C 22 73 62 72 22 2C 22 73 68 22 29 7D 7D 3B 76 61 72 20 52 3D 66 75 6E 63 74 69 6F 6E 28 61 29 7B 76 61 72 20 62 3D 76 28 74 68 69 73 2E 4F 61 2C 74 68 69 73 29 3B 71 28 22 67 62 61 72 2E 70 63 6D 22 2C 62 2C 69 29 3B 62 3D 76 28 74 68 69 73 2E 4D 61 2C 74 68 69 73 29 3B 71 | success or wait | 752209730 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\5B7NHQO2\sem_feed2a2e2d54cd5f40fb4b5f5244fff2[1].js Offset: unknown Length: 817 Value: 74 68 69 73 2C 62 62 29 2C 0A 6D 29 2C 4C 28 66 2C 22 6D 6F 75 73 65 6F 75 74 22 2C 76 28 74 68 69 73 2E 55 2C 74 68 69 73 2C 24 61 29 2C 6D 29 2C 74 68 69 73 2E 55 28 24 61 29 29 7D 63 61 74 63 68 28 67 29 7B 42 28 67 2C 22 73 70 22 2C 22 73 6D 68 22 29 7D 69 66 28 21 74 68 69 73 2E 51 61 26 26 28 | success or wait | 752211630 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\5B7NHQO2\sem_feed2a2e2d54cd5f40fb4b5f5244fff2[1].js Offset: unknown Length: 1024 Value: 64 6F 63 75 6D 65 6E 74 2E 67 65 74 45 6C 65 6D 65 6E 74 42 79 49 64 28 22 67 62 6D 70 69 63 62 22 29 2C 63 3D 64 6F 63 75 6D 65 6E 74 2E 67 65 74 45 6C 65 6D 65 6E 74 42 79 49 64 28 22 67 62 6D 70 69 63 70 22 29 3B 62 26 26 61 28 62 2C 22 67 62 78 6F 22 29 3B 63 26 26 61 28 63 2C 22 67 62 78 6F 22 | success or wait | 752214664 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\5B7NHQO2\sem_feed2a2e2d54cd5f40fb4b5f5244fff2[1].js Offset: unknown Length: 112 Value: 20 68 29 45 2E 73 65 74 41 74 74 72 69 62 75 74 65 28 46 2C 68 5B 46 5D 29 3B 45 2E 68 72 65 66 3D 67 3B 5A 62 28 45 2C 66 61 28 24 62 2C 22 67 62 6D 74 22 29 29 3B 74 68 69 73 2E 49 61 26 26 28 45 2E 74 61 72 67 65 74 3D 22 5F 62 6C 61 6E 6B 22 2C 45 2E 72 65 6C 3D 22 6E 6F 72 65 66 65 72 72 65 72 | success or wait | 752215623 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\5B7NHQO2\sem_feed2a2e2d54cd5f40fb4b5f5244fff2[1].js Offset: unknown Length: 751 Value: 29 7B 76 61 72 20 53 3D 50 28 22 73 70 61 6E 22 2C 22 67 62 6D 70 69 61 77 22 29 2C 47 3D 50 28 22 69 6D 67 22 2C 22 67 62 6D 70 69 61 22 29 3B 47 2E 68 65 69 67 68 74 3D 22 34 38 22 3B 47 2E 77 69 64 74 68 3D 22 34 38 22 3B 64 3F 47 2E 61 6C 74 3D 64 3A 47 2E 61 6C 74 3D 65 3B 61 3D 22 2F 2F 73 73 | success or wait | 752251090 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\5B7NHQO2\sem_feed2a2e2d54cd5f40fb4b5f5244fff2[1].js Offset: unknown Length: 1024 Value: 61 3D 61 2E 73 70 6C 69 74 28 22 25 31 24 73 22 29 2C 62 3D 64 6F 63 75 6D 65 6E 74 2E 63 72 65 61 74 65 54 65 78 74 4E 6F 64 65 28 61 5B 31 5D 29 2C 63 2E 61 70 70 65 6E 64 43 68 69 6C 64 28 64 6F 63 75 6D 65 6E 74 2E 63 72 65 61 74 65 54 65 78 74 4E 6F 64 65 28 61 5B 30 5D 29 29 2C 63 2E 61 70 70 | success or wait | 752360185 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\5B7NHQO2\sem_feed2a2e2d54cd5f40fb4b5f5244fff2[1].js Offset: unknown Length: 1024 Value: 28 21 74 68 69 73 2E 6B 61 29 7B 74 68 69 73 2E 6B 61 3D 6B 3B 76 61 72 20 61 3D 4D 28 22 67 62 6D 70 69 22 29 3B 61 26 26 74 68 69 73 2E 54 26 26 28 61 2E 73 72 63 3D 74 68 69 73 2E 54 29 7D 7D 63 61 74 63 68 28 62 29 7B 42 28 62 2C 22 73 70 22 2C 22 73 77 70 22 29 7D 7D 3B 0A 52 2E 70 72 6F 74 6F | success or wait | 752362863 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\5B7NHQO2\sem_feed2a2e2d54cd5f40fb4b5f5244fff2[1].js Offset: unknown Length: 1024 Value: 29 3B 61 2E 6F 6E 6C 6F 61 64 3D 6C 3B 61 2E 73 74 79 6C 65 2E 64 69 73 70 6C 61 79 3D 22 22 3B 4D 28 22 67 62 69 34 69 70 22 29 2E 73 74 79 6C 65 2E 64 69 73 70 6C 61 79 3D 22 6E 6F 6E 65 22 7D 3B 0A 6E 2E 58 61 3D 66 75 6E 63 74 69 6F 6E 28 29 7B 74 72 79 7B 76 61 72 20 61 3D 4D 28 22 67 62 67 34 | success or wait | 752365018 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\5B7NHQO2\sem_feed2a2e2d54cd5f40fb4b5f5244fff2[1].js Offset: unknown Length: 147 Value: 62 3D 66 75 6E 63 74 69 6F 6E 28 29 7B 61 2E 49 62 7C 7C 28 61 2E 49 62 3D 6E 65 77 20 61 29 7D 7D 29 28 73 63 29 3B 76 61 72 20 74 63 3D 6C 3B 49 28 22 69 6C 22 2C 7B 69 6E 69 74 3A 66 75 6E 63 74 69 6F 6E 28 29 7B 73 63 2E 48 62 28 29 3B 76 61 72 20 61 3B 69 66 28 21 74 63 29 7B 61 3A 7B 61 3D 5B | success or wait | 752366040 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\5B7NHQO2\sem_feed2a2e2d54cd5f40fb4b5f5244fff2[1].js Offset: unknown Length: 1024 Value: 62 5B 63 5D 21 3D 6C 29 62 3D 62 5B 63 5D 3B 65 6C 73 65 7B 61 3D 6C 3B 62 72 65 61 6B 20 61 7D 61 3D 62 7D 74 63 3D 61 7C 7C 7B 7D 7D 61 3D 74 63 3B 22 66 75 6E 63 74 69 6F 6E 22 3D 3D 73 28 61 2E 69 6C 29 26 26 61 2E 69 6C 28 38 2C 69 29 7D 7D 29 3B 76 61 72 20 45 63 3D 66 75 6E 63 74 69 6F 6E 28 | success or wait | 752369478 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\5B7NHQO2\sem_feed2a2e2d54cd5f40fb4b5f5244fff2[1].js Offset: unknown Length: 1024 Value: 3A 68 74 74 70 7C 68 74 74 70 73 7C 66 69 6C 65 29 3A 2F 2F 5B 5E 5C 5C 73 29 5D 2B 7C 6A 61 76 61 73 63 72 69 70 74 3A 2E 2A 29 5C 5C 29 7C 28 28 3F 3A 68 74 74 70 7C 68 74 74 70 73 7C 66 69 6C 65 29 3A 2F 2F 5B 5E 5C 5C 73 29 5D 2B 7C 6A 61 76 61 73 63 72 69 70 74 3A 2E 2A 29 29 24 22 29 2C 48 63 | success or wait | 752371851 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\5B7NHQO2\sem_feed2a2e2d54cd5f40fb4b5f5244fff2[1].js Offset: unknown Length: 361 Value: 63 74 69 6F 6E 28 61 29 7B 74 68 69 73 2E 72 3D 61 7D 2C 4B 63 3D 2F 5C 73 2A 3B 5C 73 2A 2F 3B 4A 63 2E 70 72 6F 74 6F 74 79 70 65 2E 69 73 45 6E 61 62 6C 65 64 3D 66 75 6E 63 74 69 6F 6E 28 29 7B 72 65 74 75 72 6E 20 6E 61 76 69 67 61 74 6F 72 2E 63 6F 6F 6B 69 65 45 6E 61 62 6C 65 64 7D 3B 4A 63 | success or wait | 752373097 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\5B7NHQO2\sem_feed2a2e2d54cd5f40fb4b5f5244fff2[1].js Offset: unknown Length: 1024 Value: 6E 65 77 20 44 61 74 65 28 31 39 37 30 2C 31 2C 31 29 29 2E 74 6F 55 54 43 53 74 72 69 6E 67 28 29 3A 22 3B 65 78 70 69 72 65 73 3D 22 2B 28 6E 65 77 20 44 61 74 65 28 67 61 28 29 2B 31 45 33 2A 63 29 29 2E 74 6F 55 54 43 53 74 72 69 6E 67 28 29 3B 74 68 69 73 2E 72 2E 63 6F 6F 6B 69 65 3D 61 2B 22 | success or wait | 752376108 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\5B7NHQO2\sem_feed2a2e2d54cd5f40fb4b5f5244fff2[1].js Offset: unknown Length: 1024 Value: 61 29 7B 76 61 72 20 62 3D 4D 63 5B 61 2E 62 61 5D 3B 62 26 26 28 62 3D 64 6F 63 75 6D 65 6E 74 2E 67 65 74 45 6C 65 6D 65 6E 74 42 79 49 64 28 62 29 29 26 26 48 2E 63 72 28 62 2C 22 67 62 74 6F 22 29 3B 62 3D 61 2E 6B 65 79 3B 28 61 3D 4C 63 2E 67 65 74 28 22 4F 47 50 22 2C 22 22 29 29 26 26 28 61 | success or wait | 752378268 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\5B7NHQO2\sem_feed2a2e2d54cd5f40fb4b5f5244fff2[1].js Offset: unknown Length: 749 Value: 3D 66 75 6E 63 74 69 6F 6E 28 61 29 7B 76 61 72 20 62 3D 57 28 74 68 69 73 2C 61 29 3B 69 66 28 62 26 26 28 32 3D 3D 62 2E 61 7C 7C 33 3D 3D 62 2E 61 29 26 26 62 2E 69 73 45 6E 61 62 6C 65 64 28 29 26 26 21 62 2E 46 29 7B 74 72 79 7B 61 2E 73 68 28 29 7D 63 61 74 63 68 28 63 29 7B 53 63 28 63 2C 22 | success or wait | 752380092 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\5B7NHQO2\sem_feed2a2e2d54cd5f40fb4b5f5244fff2[1].js Offset: unknown Length: 1024 Value: 63 28 61 29 2C 61 2E 61 3D 33 29 7D 3B 6E 2E 63 62 3D 66 75 6E 63 74 69 6F 6E 28 61 29 7B 69 66 28 28 61 3D 57 28 74 68 69 73 2C 61 29 29 26 26 21 56 28 61 29 29 61 2E 46 3D 6D 7D 3B 6E 2E 61 62 3D 66 75 6E 63 74 69 6F 6E 28 61 29 7B 76 61 72 20 62 3D 57 28 74 68 69 73 2C 61 29 3B 69 66 28 62 26 26 | success or wait | 752383090 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\5B7NHQO2\sem_feed2a2e2d54cd5f40fb4b5f5244fff2[1].js Offset: unknown Length: 1024 Value: 76 61 72 20 62 64 3D 5B 22 78 65 63 22 2C 22 63 6C 6B 63 22 2C 22 78 63 22 5D 2C 63 64 3D 66 75 6E 63 74 69 6F 6E 28 29 7B 74 68 69 73 2E 66 3D 74 68 69 73 2E 4F 3D 6C 7D 2C 64 64 3D 66 75 6E 63 74 69 6F 6E 28 61 2C 62 2C 63 29 7B 76 61 72 20 64 3D 61 2E 66 5B 62 5D 2C 61 3D 61 2E 4F 5B 62 5D 3B 64 | success or wait | 752385223 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\5B7NHQO2\sem_feed2a2e2d54cd5f40fb4b5f5244fff2[1].js Offset: unknown Length: 575 Value: 3D 6B 2C 66 3D 48 2E 77 67 2E 72 67 2C 67 3B 66 6F 72 28 67 20 69 6E 20 66 29 7B 76 61 72 20 68 3D 66 5B 67 5D 3B 69 66 28 66 64 28 68 29 26 26 21 68 2E 77 2E 66 29 7B 63 3D 6D 3B 62 72 65 61 6B 7D 7D 63 26 26 28 6D 64 28 29 2C 70 64 28 29 29 7D 63 61 74 63 68 28 6A 29 7B 42 28 6A 2C 22 77 6D 22 2C | success or wait | 752386752 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\5B7NHQO2\sem_feed2a2e2d54cd5f40fb4b5f5244fff2[1].js Offset: unknown Length: 1024 Value: 7D 29 3B 76 61 72 20 75 64 3D 66 75 6E 63 74 69 6F 6E 28 29 7B 74 68 69 73 2E 43 61 3D 6D 3B 74 68 69 73 2E 43 61 7C 7C 28 4C 28 77 69 6E 64 6F 77 2C 22 72 65 73 69 7A 65 22 2C 76 28 74 68 69 73 2E 46 62 2C 74 68 69 73 29 2C 6B 29 2C 74 68 69 73 2E 43 61 3D 6B 29 7D 3B 75 64 2E 70 72 6F 74 6F 74 79 | success or wait | 752389778 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\5B7NHQO2\sem_feed2a2e2d54cd5f40fb4b5f5244fff2[1].js Offset: unknown Length: 1024 Value: 62 71 66 71 77 22 29 3B 64 6F 63 75 6D 65 6E 74 2E 61 63 74 69 76 65 45 6C 65 6D 65 6E 74 3D 3D 64 6F 63 75 6D 65 6E 74 2E 67 65 74 45 6C 65 6D 65 6E 74 42 79 49 64 28 22 67 62 71 66 71 22 29 26 26 74 68 69 73 2E 50 28 61 29 7D 61 3D 76 28 74 68 69 73 2E 70 62 2C 74 68 69 73 29 3B 71 28 22 67 62 61 | success or wait | 752393576 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\5B7NHQO2\sem_feed2a2e2d54cd5f40fb4b5f5244fff2[1].js Offset: unknown Length: 266 Value: 6D 6F 76 65 43 68 69 6C 64 28 62 29 3B 6D 62 28 61 2C 63 29 7D 2C 43 64 3D 66 75 6E 63 74 69 6F 6E 28 61 29 7B 76 61 72 20 62 3D 61 2E 74 61 72 67 65 74 7C 7C 61 2E 73 72 63 45 6C 65 6D 65 6E 74 3B 0A 33 3D 3D 62 2E 6E 6F 64 65 54 79 70 65 26 26 28 62 3D 62 2E 70 61 72 65 6E 74 4E 6F 64 65 29 3B 69 | success or wait | 752394682 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\5B7NHQO2\sem_feed2a2e2d54cd5f40fb4b5f5244fff2[1].js Offset: unknown Length: 1024 Value: 3D 69 29 7D 2C 7A 64 3D 66 75 6E 63 74 69 6F 6E 28 61 29 7B 76 61 72 20 62 3D 64 6F 63 75 6D 65 6E 74 2E 67 65 74 45 6C 65 6D 65 6E 74 42 79 49 64 28 22 67 62 62 62 62 22 29 2E 73 74 79 6C 65 3B 61 3F 28 62 2E 57 65 62 6B 69 74 54 72 61 6E 73 69 74 69 6F 6E 3D 22 6F 70 61 63 69 74 79 20 31 73 2C 20 | success or wait | 752592445 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\5B7NHQO2\sem_feed2a2e2d54cd5f40fb4b5f5244fff2[1].js Offset: unknown Length: 1024 Value: 41 64 2C 69 29 3B 0A 49 28 22 62 75 62 22 2C 7B 69 6E 69 74 3A 66 75 6E 63 74 69 6F 6E 28 29 7B 76 61 72 20 61 3D 64 6F 63 75 6D 65 6E 74 2E 67 65 74 45 6C 65 6D 65 6E 74 42 79 49 64 28 22 67 62 62 62 62 22 29 2E 73 74 79 6C 65 3B 61 2E 57 65 62 6B 69 74 42 6F 72 64 65 72 52 61 64 69 75 73 3D 61 2E | success or wait | 752594582 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\5B7NHQO2\sem_feed2a2e2d54cd5f40fb4b5f5244fff2[1].js Offset: unknown Length: 1024 Value: 29 3B 66 2E 61 70 70 65 6E 64 43 68 69 6C 64 28 67 29 7D 7D 7D 63 61 74 63 68 28 68 29 7B 42 28 68 2C 22 74 22 2C 22 74 73 6C 22 29 7D 7D 3B 0A 46 64 2E 70 72 6F 74 6F 74 79 70 65 2E 4B 62 3D 66 75 6E 63 74 69 6F 6E 28 61 29 7B 74 72 79 7B 76 61 72 20 62 3D 22 22 2C 63 3D 22 22 3B 73 77 69 74 63 68 | success or wait | 752596821 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\5B7NHQO2\sem_feed2a2e2d54cd5f40fb4b5f5244fff2[1].js Offset: unknown Length: 68 Value: 74 69 6F 6E 28 61 2C 62 2C 63 29 7B 74 68 69 73 2E 51 3D 22 22 2B 61 3B 22 70 22 21 3D 74 68 69 73 2E 51 2E 63 68 61 72 41 74 28 30 29 26 26 28 74 68 69 73 2E 51 3D 22 70 22 2B 74 68 69 73 2E 51 29 3B 0A | success or wait | 752597636 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\5B7NHQO2\sem_feed2a2e2d54cd5f40fb4b5f5244fff2[1].js Offset: unknown Length: 1024 Value: 74 68 69 73 2E 73 62 3D 62 3B 74 68 69 73 2E 71 62 3D 63 3B 74 68 69 73 2E 66 61 3D 4D 61 74 68 2E 66 6C 6F 6F 72 28 39 45 35 2A 4D 61 74 68 2E 72 61 6E 64 6F 6D 28 29 29 3B 74 68 69 73 2E 66 61 2B 3D 31 45 35 3B 74 68 69 73 2E 72 61 3D 66 75 6E 63 74 69 6F 6E 28 29 7B 72 65 74 75 72 6E 5B 74 68 69 | success or wait | 752600652 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\5B7NHQO2\sem_feed2a2e2d54cd5f40fb4b5f5244fff2[1].js Offset: unknown Length: 1024 Value: 64 5D 29 72 65 74 75 72 6E 20 63 2E 73 6C 69 63 65 28 65 29 2E 6A 6F 69 6E 28 22 2E 22 29 3B 72 65 74 75 72 6E 20 62 7D 3B 76 61 72 20 53 64 3D 66 75 6E 63 74 69 6F 6E 28 61 29 7B 74 68 69 73 2E 41 61 3D 61 3B 74 68 69 73 2E 47 3D 22 2F 22 7D 2C 54 64 3D 7B 6E 61 6D 65 3A 22 4F 47 50 45 52 4D 22 2C | success or wait | 752602785 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\5B7NHQO2\sem_feed2a2e2d54cd5f40fb4b5f5244fff2[1].js Offset: unknown Length: 398 Value: 2C 64 3D 30 3B 64 3C 61 2E 6C 65 6E 67 74 68 3B 64 2B 2B 29 7B 76 61 72 20 65 3D 61 5B 64 5D 3B 65 21 3D 63 26 26 62 2E 70 75 73 68 28 65 29 3B 63 3D 65 7D 72 65 74 75 72 6E 20 62 7D 2C 68 65 3D 66 75 6E 63 74 69 6F 6E 28 29 7B 76 61 72 20 61 3B 69 66 28 28 61 3D 4F 62 6A 65 63 74 2E 63 72 65 61 74 | success or wait | 752604065 |
Section loaded | Path: \BaseNamedObjects\DfRoot00015B2BF Access: query and write and read Type: commit Baseaddress: 5170000 Size: 4096 Protection: read write Mapped to pid: own pid | success or wait | 759561352 |
Section loaded | Path: \KnownDlls\XmlLite.dll Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 759562797 |
Section loaded | Path: C:\WINDOWS\system32\xmllite.dll Access: query and write and read and execute Type: image Baseaddress: 47060000 Size: 135168 Protection: read write Mapped to pid: own pid | success or wait | 759564011 |
Process information queried | PID: 2948 Info Class: SessionInformation | success or wait | 759593517 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer Name: Version | success or wait | 759611512 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer Name: Version | success or wait | 759612436 |
Process information queried | PID: 2948 Info Class: Wow64Information | success or wait | 759613535 |
File opened | Path: C:\WINDOWS\system32\wininet.dll Access: synchronize and generic read Options: synchronous io non alert and non directory file and random access Overwritten: false | success or wait | 759613892 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and write and read and execute and extend size Type: image Baseaddress: 6690000 Size: 942080 Protection: readonly Mapped to pid: own pid | image not at base | 759614454 |
Process information queried | PID: 2948 Info Class: Wow64Information | success or wait | 759620550 |
File opened | Path: C:\WINDOWS\system32\wininet.dll Access: synchronize and generic read Options: synchronous io non alert and non directory file and random access Overwritten: false | success or wait | 759620905 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and write and read and execute and extend size Type: image Baseaddress: 6690000 Size: 942080 Protection: readonly Mapped to pid: own pid | image not at base | 759621470 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer Name: Version | success or wait | 759727700 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer Name: Version | success or wait | 759728619 |
Process information queried | PID: 2948 Info Class: Wow64Information | success or wait | 759729702 |
File opened | Path: C:\WINDOWS\system32\wininet.dll Access: synchronize and generic read Options: synchronous io non alert and non directory file and random access Overwritten: false | success or wait | 759730060 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and write and read and execute and extend size Type: image Baseaddress: 6690000 Size: 942080 Protection: readonly Mapped to pid: own pid | image not at base | 759730619 |
Process information queried | PID: 2948 Info Class: Wow64Information | success or wait | 759786625 |
File opened | Path: C:\WINDOWS\system32\wininet.dll Access: synchronize and generic read Options: synchronous io non alert and non directory file and random access Overwritten: false | success or wait | 759787001 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and write and read and execute and extend size Type: image Baseaddress: 6690000 Size: 942080 Protection: readonly Mapped to pid: own pid | image not at base | 759787470 |
Thread resumed | TID: 2316 PID: 2948 Path: C:\Program Files\Internet Explorer\iexplore.exe | success or wait | 759873519 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer Name: Version | success or wait | 759893826 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer Name: Version | success or wait | 759894757 |
Process information queried | PID: 2948 Info Class: Wow64Information | success or wait | 759895880 |
File opened | Path: C:\WINDOWS\system32\wininet.dll Access: synchronize and generic read Options: synchronous io non alert and non directory file and random access Overwritten: false | success or wait | 759896244 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and write and read and execute and extend size Type: image Baseaddress: 6890000 Size: 942080 Protection: readonly Mapped to pid: own pid | image not at base | 759896808 |
Process information queried | PID: 2948 Info Class: Wow64Information | success or wait | 759903561 |
File opened | Path: C:\WINDOWS\system32\wininet.dll Access: synchronize and generic read Options: synchronous io non alert and non directory file and random access Overwritten: false | success or wait | 759903918 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and write and read and execute and extend size Type: image Baseaddress: 6890000 Size: 942080 Protection: readonly Mapped to pid: own pid | image not at base | 759904470 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer Name: Version | success or wait | 760041888 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer Name: Version | success or wait | 760042814 |
Process information queried | PID: 2948 Info Class: Wow64Information | success or wait | 760043918 |
File opened | Path: C:\WINDOWS\system32\wininet.dll Access: synchronize and generic read Options: synchronous io non alert and non directory file and random access Overwritten: false | success or wait | 760044277 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and write and read and execute and extend size Type: image Baseaddress: 6890000 Size: 942080 Protection: readonly Mapped to pid: own pid | image not at base | 760044845 |
Process information queried | PID: 2948 Info Class: Wow64Information | success or wait | 760050638 |
File opened | Path: C:\WINDOWS\system32\wininet.dll Access: synchronize and generic read Options: synchronous io non alert and non directory file and random access Overwritten: false | success or wait | 760050990 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and write and read and execute and extend size Type: image Baseaddress: 6890000 Size: 942080 Protection: readonly Mapped to pid: own pid | image not at base | 760051540 |
Section loaded | Path: \BaseNamedObjects\Local\C:_Documents and Settings_Administrator_Local Settings_Application Data_Microsoft_Internet Explorer_DOMStore_index.dat_16384 Access: write Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 760378915 |
Section loaded | Path: \BaseNamedObjects\Local\C:_Documents and Settings_Administrator_Local Settings_Application Data_Microsoft_Internet Explorer_DOMStore_index.dat_16384 Access: query and write and read Type: commit Baseaddress: 5180000 Size: 16384 Protection: read write Mapped to pid: own pid | success or wait | 760379333 |
Process information queried | PID: 2948 Info Class: DeviceMap | success or wait | 760441899 |
Section loaded | Path: unknown Access: query and write and read Type: commit Baseaddress: 5190000 Size: 4096 Protection: read write Mapped to pid: own pid | success or wait | 760444388 |
Section loaded | Path: \BaseNamedObjects\Local\C:_Documents and Settings_Administrator_Local Settings_Application Data_Microsoft_Internet Explorer_DOMStore_index.dat_32768 Access: write Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown | object name not found | 760454367 |
Section loaded | Path: \BaseNamedObjects\Local\C:_Documents and Settings_Administrator_Local Settings_Application Data_Microsoft_Internet Explorer_DOMStore_index.dat_32768 Access: query and write and read Type: commit Baseaddress: 5180000 Size: 32768 Protection: read write Mapped to pid: own pid | success or wait | 760454781 |
Thread resumed | TID: 2380 PID: 2948 Path: C:\Program Files\Internet Explorer\iexplore.exe | success or wait | 760519966 |
Section loaded | Path: C:\WINDOWS\system32\en-us\jscript.dll.mui Access: query and read Type: commit Baseaddress: 5190000 Size: 16384 Protection: write copy Mapped to pid: own pid | success or wait | 760526843 |
Process information queried | PID: 2948 Info Class: SessionInformation | success or wait | 760541550 |
Process information queried | PID: 1728 Info Class: BasicInformation | success or wait | 760676760 |
Section loaded | Path: \BaseNamedObjects\MSCTF.Shared.SFM.AKM Access: query and write and read Type: reserve Baseaddress: 52C0000 Size: 524288 Protection: read write Mapped to pid: own pid | success or wait | 760677199 |
Process information queried | PID: 2948 Info Class: Wow64Information | success or wait | 760698320 |
File opened | Path: C:\WINDOWS\system32\wininet.dll Access: synchronize and generic read Options: synchronous io non alert and non directory file and random access Overwritten: false | success or wait | 760698495 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and write and read and execute and extend size Type: image Baseaddress: 6990000 Size: 942080 Protection: readonly Mapped to pid: own pid | image not at base | 760698915 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\L1ZDGPDD\j_e6a6aca6[1].png Offset: unknown Length: 174 Value: 89 50 4E 47 0D 0A 1A 0A 00 00 00 0D 49 48 44 52 00 00 01 7D 00 00 00 2D 08 06 00 00 00 42 80 BB 12 00 00 00 06 62 4B 47 44 00 FF 00 FF 00 FF A0 BD A7 93 00 00 00 09 70 48 59 73 00 00 00 48 00 00 00 48 00 46 C9 6B 3E 00 00 00 09 76 70 41 67 00 00 01 7D 00 00 00 2D 00 24 33 F2 4D 00 00 3A A5 49 44 41 | success or wait | 760730396 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer Name: Version | success or wait | 760730865 |
Key value queried | Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer Name: Version | success or wait | 760731795 |
Process information queried | PID: 2948 Info Class: Wow64Information | success or wait | 760734073 |
File opened | Path: C:\WINDOWS\system32\wininet.dll Access: synchronize and generic read Options: synchronous io non alert and non directory file and random access Overwritten: false | success or wait | 760735104 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and write and read and execute and extend size Type: image Baseaddress: 6990000 Size: 942080 Protection: readonly Mapped to pid: own pid | image not at base | 760736727 |
Process information queried | PID: 2948 Info Class: Wow64Information | success or wait | 760753910 |
File opened | Path: C:\WINDOWS\system32\wininet.dll Access: synchronize and generic read Options: synchronous io non alert and non directory file and random access Overwritten: false | success or wait | 760754929 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and write and read and execute and extend size Type: image Baseaddress: 6990000 Size: 942080 Protection: readonly Mapped to pid: own pid | image not at base | 760756480 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\L1ZDGPDD\j_e6a6aca6[1].png Offset: unknown Length: 2338 Value: 7B EE B9 E7 9E 47 94 94 94 00 D6 D3 A7 4F 63 1D 47 7C 27 01 80 09 4D 29 D1 2A AD D2 2A AD F2 0B 0A 66 2C 66 AD 90 BB 2D 60 64 31 BC 93 E2 AF C2 47 E1 C1 5F BD 7A F5 43 80 BF B5 5A B4 4A 53 62 6F 6F AF 8E 34 0A 69 7F A4 43 90 0E 47 3A 0E E9 14 F2 FF 48 A4 3A 3F C1 75 E8 20 6D 8F 74 35 A9 58 24 5A 9F | success or wait | 760865073 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\L1ZDGPDD\j_e6a6aca6[1].png Offset: unknown Length: 3500 Value: C6 3E F8 D5 E8 5C 33 1A 97 DD B6 6D 5B 4F BC 0E 35 0A 2B DB B7 6F CF 68 0A FA E8 1C DB E0 65 A3 46 8D C2 8D 8F 1C 52 5C A6 7B 60 60 E0 A0 8D 1B 37 8E AA AE AE 1E 89 CE D7 B7 A9 6B 0D 9B 5C BF D3 6E 50 03 A8 FB 3D AB 61 18 B5 8F 22 0D 1F F9 4F 7D 0F C9 E7 FB D1 01 DC AA F9 BF BB 54 8C EB 35 A1 34 B5 | success or wait | 761017516 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\L1ZDGPDD\j_e6a6aca6[1].png Offset: unknown Length: 920 Value: 5A 71 32 B5 C2 C2 42 C8 CA CA 82 7D FB F6 8D FB E1 A0 8F 4E 6A D9 C7 54 1C F4 3F 67 3B 31 D6 BE 60 F0 74 CF 9E 3D B3 4E 9C 38 21 70 F5 A0 17 FD FF 55 DC 46 C6 9D AB F6 1A 74 AE 03 CD 78 3E B0 42 11 F4 79 93 3A 7D 8F 01 C6 AA C5 A3 55 F8 23 FA DD E5 B7 89 84 73 36 D6 B8 0B 6D 4D 02 4E B9 91 AB 45 D0 | success or wait | 761060077 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\L1ZDGPDD\j_e6a6aca6[1].png Offset: unknown Length: 1260 Value: 79 D0 A0 41 23 10 90 FB 21 78 F7 BC 7A F5 6A 2A 82 34 9E B8 12 8F AD 7B 31 FB C0 E9 98 71 EE FA 8E 48 DB 93 33 6D 71 28 A4 54 73 BD 0D 72 06 2F 8E A4 89 46 EA 27 6E DF 64 6C FF 00 37 37 B7 59 A3 47 8F EE 77 F8 F0 E1 6E 4F 9F 3E FD 0D 35 34 53 D1 3B 20 DA 53 F1 14 36 28 E4 AC 60 AC E6 48 B5 44 73 EA | success or wait | 761147360 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\L1ZDGPDD\j_e6a6aca6[1].png Offset: unknown Length: 498 Value: 36 E1 6F A1 55 63 D7 64 F1 0A 45 F8 6B 20 2D A5 39 17 54 D5 41 DD 2E F0 B7 34 DC EB 45 C0 40 6F 89 F6 A4 F5 2D 27 A3 C8 52 E4 06 5C 58 A5 E2 FE A0 41 D5 FF 05 E8 25 96 3D 0E FB 3D 77 68 BB 69 85 DD FD 7F AF 38 CD 0A 2D 28 51 B3 9B 10 4A D6 7D 75 D1 C6 49 00 FD BF 11 F4 FB 20 E8 07 BF 83 FE 85 08 37 | success or wait | 761149558 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\L1ZDGPDD\j_e6a6aca6[1].png Offset: unknown Length: 1916 Value: 8A 66 30 46 81 89 63 DE CD 84 E3 45 CF 57 A9 2C AA FA 53 09 F8 7F 29 41 CE 22 A5 6B 24 74 C5 1A 6B B5 07 D8 EB 4B D3 25 20 AB 3D B1 9F 78 7F 86 31 3E A6 32 DB 6E 94 17 C7 6D D3 64 ED 90 0B CB EC 7B 95 5C 77 1F 86 0C C1 36 15 C0 F5 58 F7 1B D9 EB 54 6B 1C E4 A0 B0 D1 24 53 7E 8B 21 10 FD 95 80 08 7D | success or wait | 761295801 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\L1ZDGPDD\j_e6a6aca6[1].png Offset: unknown Length: 2338 Value: 7F 0F 18 6B 02 9B B4 F2 85 C0 EF B6 23 ED ED 40 AE 38 E8 63 5D BA 74 E9 58 04 72 CD 96 1C 14 97 C3 E5 C5 ED A7 19 E8 4F 68 46 3F DA 8D D5 89 B8 31 50 C5 F7 A5 C0 6F C9 8A AA 00 B5 B0 72 D0 8E B8 38 BF 39 3F A3 08 F4 85 39 76 94 49 88 E1 CA A9 A7 EA 75 76 A1 5A D0 2B 50 0F 7E 01 CA 8E F7 80 CA DB B8 | success or wait | 761352540 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\L1ZDGPDD\j_e6a6aca6[1].png Offset: unknown Length: 2186 Value: DC 75 AB E5 F4 6A B6 C8 1B C2 21 25 53 38 4F B1 80 6B 74 1B B8 C6 B0 85 7F A9 D6 70 52 D1 AC 61 27 5D 67 5D 84 92 B2 29 D9 C3 90 6F 85 7E AB B4 44 6C BA BF 32 E4 46 17 66 69 B5 2D 03 55 DF C7 85 8A 6A 3C 4B E2 23 01 0F D6 9D 73 D3 A8 8E D9 40 37 1D D0 81 20 67 F3 FE 2C D0 C7 16 BE 10 F4 4D C2 FE 73 | success or wait | 761396983 |
Process information queried | PID: 1728 Info Class: BasicInformation | success or wait | 761411103 |
Process information queried | PID: 2948 Info Class: Wow64Information | success or wait | 761473089 |
File opened | Path: C:\WINDOWS\system32\wininet.dll Access: synchronize and generic read Options: synchronous io non alert and non directory file and random access Overwritten: false | success or wait | 761473584 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and write and read and execute and extend size Type: image Baseaddress: 6990000 Size: 942080 Protection: readonly Mapped to pid: own pid | image not at base | 761474628 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\L1ZDGPDD\b0659096785d29d3[1].js Offset: unknown Length: 46 Value: 28 66 75 6E 63 74 69 6F 6E 28 29 7B 76 61 72 20 6A 65 3D 67 6F 6F 67 6C 65 2E 6A 2C 64 72 3D 30 2C 66 70 3D 27 62 30 36 35 39 30 39 36 37 | success or wait | 761491750 |
Section loaded | Path: C:\WINDOWS\system32\mshtml.tlb Access: query and read Type: commit Baseaddress: 6990000 Size: 1642496 Protection: readonly Mapped to pid: own pid | success or wait | 761525617 |
Section loaded | Path: C:\WINDOWS\system32\mshtml.tlb Access: query and read Type: commit Baseaddress: 6990000 Size: 1642496 Protection: readonly Mapped to pid: own pid | success or wait | 761626695 |
Section loaded | Path: C:\WINDOWS\system32\mshtml.tlb Access: query and read Type: commit Baseaddress: 6990000 Size: 1642496 Protection: readonly Mapped to pid: own pid | success or wait | 761676854 |
Process information queried | PID: 2948 Info Class: SessionInformation | success or wait | 761717717 |
Section loaded | Path: C:\WINDOWS\system32\mshtml.tlb Access: query and read Type: commit Baseaddress: 6990000 Size: 1642496 Protection: readonly Mapped to pid: own pid | success or wait | 761838804 |
Section loaded | Path: C:\WINDOWS\system32\mshtml.tlb Access: query and read Type: commit Baseaddress: 6990000 Size: 1642496 Protection: readonly Mapped to pid: own pid | success or wait | 761876959 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\L1ZDGPDD\b0659096785d29d3[1].js Offset: unknown Length: 1024 Value: 38 35 64 32 39 64 33 27 2C 5F 6C 6F 63 3D 27 27 2C 5F 73 73 3D 30 3B 6A 65 2E 61 63 28 7B 63 73 73 3A 27 62 6F 64 79 7B 63 6F 6C 6F 72 3A 23 30 30 30 3B 6D 61 72 67 69 6E 3A 30 3B 6F 76 65 72 66 6C 6F 77 2D 79 3A 73 63 72 6F 6C 6C 7D 62 6F 64 79 2C 23 6C 65 66 74 6E 61 76 2C 23 74 62 64 69 2C 23 68 | success or wait | 761918324 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\L1ZDGPDD\b0659096785d29d3[1].js Offset: unknown Length: 1024 Value: 6C 65 3A 6E 6F 72 6D 61 6C 7D 2E 6D 73 6C 67 20 63 69 74 65 7B 64 69 73 70 6C 61 79 3A 6E 6F 6E 65 7D 2E 6E 67 7B 63 6F 6C 6F 72 3A 23 64 64 34 62 33 39 7D 68 31 2C 6F 6C 2C 75 6C 2C 6C 69 7B 6D 61 72 67 69 6E 3A 30 3B 70 61 64 64 69 6E 67 3A 30 7D 6C 69 2E 68 65 61 64 2C 6C 69 2E 67 2C 62 6F 64 79 | success or wait | 761921702 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\L1ZDGPDD\b0659096785d29d3[1].js Offset: unknown Length: 24 Value: 7D 68 33 2C 2E 6D 65 64 7B 66 6F 6E 74 2D 73 69 7A 65 3A 6D 65 64 69 75 | success or wait | 761922465 |
Section loaded | Path: C:\WINDOWS\system32\mshtml.tlb Access: query and read Type: commit Baseaddress: 6990000 Size: 1642496 Protection: readonly Mapped to pid: own pid | success or wait | 761930305 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\L1ZDGPDD\b0659096785d29d3[1].js Offset: unknown Length: 1024 Value: 6D 3B 66 6F 6E 74 2D 77 65 69 67 68 74 3A 6E 6F 72 6D 61 6C 3B 70 61 64 64 69 6E 67 3A 30 3B 6D 61 72 67 69 6E 3A 30 7D 2E 65 7B 6D 61 72 67 69 6E 3A 32 70 78 20 30 20 2E 37 35 65 6D 7D 2E 73 6C 6B 20 64 69 76 7B 70 61 64 64 69 6E 67 2D 6C 65 66 74 3A 31 32 70 78 3B 74 65 78 74 2D 69 6E 64 65 6E 74 | success or wait | 761953311 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\L1ZDGPDD\b0659096785d29d3[1].js Offset: unknown Length: 1024 Value: 3B 62 6F 72 64 65 72 2D 63 6F 6C 6F 72 3A 23 63 39 64 37 66 31 20 23 33 36 63 20 23 33 36 63 20 23 61 32 62 61 65 37 3B 6C 65 66 74 3A 30 3B 6D 61 72 67 69 6E 2D 74 6F 70 3A 2E 31 65 6D 3B 70 6F 73 69 74 69 6F 6E 3A 61 62 73 6F 6C 75 74 65 3B 76 69 73 69 62 69 6C 69 74 79 3A 68 69 64 64 65 6E 3B 7A | success or wait | 761955475 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\L1ZDGPDD\b0659096785d29d3[1].js Offset: unknown Length: 1024 Value: 6E 3A 61 62 73 6F 6C 75 74 65 3B 77 69 64 74 68 3A 31 37 70 78 3B 62 61 63 6B 67 72 6F 75 6E 64 2D 70 6F 73 69 74 69 6F 6E 3A 30 20 2D 32 31 32 70 78 3B 72 69 67 68 74 3A 33 32 70 78 3B 74 6F 70 3A 2D 31 31 70 78 7D 2E 77 74 61 6C 62 61 72 7B 68 65 69 67 68 74 3A 31 31 70 78 3B 70 6F 73 69 74 69 6F | success or wait | 761958475 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\L1ZDGPDD\b0659096785d29d3[1].js Offset: unknown Length: 363 Value: 3A 61 62 73 6F 6C 75 74 65 7D 2E 73 69 61 20 2E 66 2C 2E 73 69 61 20 61 2E 66 6C 3A 6C 69 6E 6B 2C 2E 73 69 61 20 61 2E 66 6C 3A 76 69 73 69 74 65 64 7B 63 6F 6C 6F 72 3A 23 66 66 66 21 69 6D 70 6F 72 74 61 6E 74 3B 6F 76 65 72 66 6C 6F 77 3A 68 69 64 64 65 6E 3B 74 65 78 74 2D 6F 76 65 72 66 6C 6F | success or wait | 761959985 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\L1ZDGPDD\b0659096785d29d3[1].js Offset: unknown Length: 1024 Value: 6D 6F 7A 2D 75 73 65 72 2D 73 65 6C 65 63 74 3A 20 6E 6F 6E 65 3B 2D 6F 2D 75 73 65 72 2D 73 65 6C 65 63 74 3A 20 6E 6F 6E 65 3B 75 73 65 72 2D 73 65 6C 65 63 74 3A 20 6E 6F 6E 65 7D 73 70 61 6E 2E 69 6E 6C 62 74 6E 6C 62 6C 7B 63 6F 6C 6F 72 3A 23 31 32 63 3B 6D 61 72 67 69 6E 2D 6C 65 66 74 3A 34 | success or wait | 761963092 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\L1ZDGPDD\b0659096785d29d3[1].js Offset: unknown Length: 1024 Value: 74 68 3A 39 70 78 3B 7D 2E 70 73 70 61 2D 70 72 69 63 65 7B 66 6F 6E 74 2D 73 69 7A 65 3A 6D 65 64 69 75 6D 3B 66 6F 6E 74 2D 77 65 69 67 68 74 3A 62 6F 6C 64 7D 2E 70 73 70 61 2D 63 61 6C 6C 2D 70 72 69 63 65 7B 66 6F 6E 74 2D 73 69 7A 65 3A 73 6D 61 6C 6C 3B 66 6F 6E 74 2D 77 65 69 67 68 74 3A 62 | success or wait | 761965213 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\L1ZDGPDD\b0659096785d29d3[1].js Offset: unknown Length: 1024 Value: 64 2D 63 6F 6C 6F 72 3A 72 67 62 61 28 32 35 35 2C 20 32 35 35 2C 20 32 35 35 2C 20 31 2E 30 29 7D 6C 69 2E 70 70 6C 3A 68 6F 76 65 72 20 2E 70 70 6C 66 65 65 64 62 61 63 6B 7B 6F 70 61 63 69 74 79 3A 31 2E 30 7D 2E 70 70 6C 63 6C 75 73 74 65 72 65 64 3A 68 6F 76 65 72 7B 62 6F 72 64 65 72 3A 30 70 | success or wait | 761967363 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\L1ZDGPDD\b0659096785d29d3[1].js Offset: unknown Length: 823 Value: 65 7D 74 61 62 6C 65 2E 70 70 6C 63 69 6C 7B 6D 61 72 67 69 6E 2D 6C 65 66 74 3A 2D 33 70 78 3B 6D 61 72 67 69 6E 2D 74 6F 70 3A 32 70 78 7D 74 61 62 6C 65 2E 70 70 6C 63 69 6C 20 74 64 7B 76 65 72 74 69 63 61 6C 2D 61 6C 69 67 6E 3A 74 6F 70 7D 74 61 62 6C 65 2E 70 70 6C 63 69 6C 20 74 72 20 74 64 | success or wait | 761970744 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\L1ZDGPDD\b0659096785d29d3[1].js Offset: unknown Length: 1024 Value: 7B 64 69 73 70 6C 61 79 3A 74 61 62 6C 65 2D 72 6F 77 3B 7D 2E 72 68 73 74 63 34 20 2E 6D 61 63 72 2C 2E 72 68 73 74 63 35 20 2E 6D 61 63 72 7B 64 69 73 70 6C 61 79 3A 74 61 62 6C 65 2D 63 65 6C 6C 3B 7D 2E 72 68 73 74 63 34 20 2E 6D 61 74 68 62 2C 2E 72 68 73 74 63 35 20 2E 6D 61 74 68 62 7B 64 69 | success or wait | 761973746 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\L1ZDGPDD\b0659096785d29d3[1].js Offset: unknown Length: 1024 Value: 6B 3B 6D 61 72 67 69 6E 3A 30 20 61 75 74 6F 20 34 70 78 7D 2E 75 68 5F 68 78 20 7B 6F 70 61 63 69 74 79 3A 30 2E 35 7D 2E 75 68 5F 68 78 3A 68 6F 76 65 72 20 7B 6F 70 61 63 69 74 79 3A 31 7D 2E 75 68 5F 68 6E 2C 2E 75 68 5F 68 72 2C 2E 75 68 5F 68 74 2C 2E 75 68 5F 68 61 7B 6D 61 72 67 69 6E 3A 30 | success or wait | 761975840 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\L1ZDGPDD\b0659096785d29d3[1].js Offset: unknown Length: 1024 Value: 65 61 6B 65 72 2D 69 63 6F 6E 2D 6C 69 73 74 65 6E 2D 6F 6E 3A 68 6F 76 65 72 7B 6F 70 61 63 69 74 79 3A 31 2E 30 3B 66 69 6C 74 65 72 3A 61 6C 70 68 61 28 6F 70 61 63 69 74 79 5C 78 33 64 31 30 30 29 3B 63 75 72 73 6F 72 3A 70 6F 69 6E 74 65 72 3B 7D 2E 63 6F 61 64 6C 62 61 6C 2C 2E 63 6F 61 64 6C | success or wait | 761977959 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\L1ZDGPDD\b0659096785d29d3[1].js Offset: unknown Length: 1024 Value: 23 74 61 64 73 20 2E 71 3A 76 69 73 69 74 65 64 2C 64 69 76 23 74 61 64 73 20 2E 74 62 6F 74 75 2C 64 69 76 23 74 61 64 73 20 61 2E 66 6C 3A 6C 69 6E 6B 2C 64 69 76 23 74 61 64 73 20 2E 66 6C 20 61 2C 64 69 76 23 74 61 64 73 20 2E 66 6C 74 2C 64 69 76 23 74 61 64 73 20 61 2E 66 6C 74 2C 64 69 76 23 | success or wait | 761980103 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\L1ZDGPDD\b0659096785d29d3[1].js Offset: unknown Length: 718 Value: 64 73 62 20 63 69 74 65 2C 64 69 76 23 74 61 64 73 62 20 63 69 74 65 20 61 3A 6C 69 6E 6B 2C 64 69 76 23 74 61 64 73 62 20 63 69 74 65 20 61 3A 76 69 73 69 74 65 64 2C 64 69 76 23 74 61 64 73 62 20 2E 63 69 74 65 2C 64 69 76 23 74 61 64 73 62 20 2E 63 69 74 65 3A 6C 69 6E 6B 2C 64 69 76 23 74 61 64 | success or wait | 761982031 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\L1ZDGPDD\b0659096785d29d3[1].js Offset: unknown Length: 1024 Value: 3B 6D 61 72 67 69 6E 2D 6C 65 66 74 3A 30 70 78 3B 7D 2E 62 69 6C 69 72 20 7B 6D 61 72 67 69 6E 3A 30 70 78 20 30 70 78 20 36 70 78 20 30 70 78 3B 7D 2E 62 69 61 20 7B 64 69 73 70 6C 61 79 3A 62 6C 6F 63 6B 3B 7D 2E 72 67 5F 69 6C 2C 2E 72 67 5F 69 6C 62 67 2C 2E 72 67 5F 69 6C 73 7B 62 6F 74 74 6F | success or wait | 761990937 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\L1ZDGPDD\b0659096785d29d3[1].js Offset: unknown Length: 1024 Value: 3A 30 3B 62 6F 72 64 65 72 2D 63 6F 6C 6C 61 70 73 65 3A 63 6F 6C 6C 61 70 73 65 3B 62 6F 72 64 65 72 2D 73 74 79 6C 65 3A 68 69 64 64 65 6E 3B 6D 61 72 67 69 6E 3A 32 70 78 20 30 20 30 7D 74 61 62 6C 65 2E 74 73 6E 69 70 20 74 64 2C 74 61 62 6C 65 2E 74 73 6E 69 70 20 74 68 7B 70 61 64 64 69 6E 67 | success or wait | 761993033 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\L1ZDGPDD\b0659096785d29d3[1].js Offset: unknown Length: 759 Value: 2D 6C 65 66 74 3A 37 31 32 70 78 3B 70 61 64 64 69 6E 67 2D 62 6F 74 74 6F 6D 3A 31 30 70 78 3B 70 6F 73 69 74 69 6F 6E 3A 61 62 73 6F 6C 75 74 65 3B 72 69 67 68 74 3A 30 3B 74 6F 70 3A 30 3B 6D 69 6E 2D 77 69 64 74 68 3A 32 36 38 70 78 3B 6F 76 65 72 66 6C 6F 77 3A 68 69 64 64 65 6E 3B 7D 23 6E 79 | success or wait | 761994887 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\L1ZDGPDD\b0659096785d29d3[1].js Offset: unknown Length: 1024 Value: 6E 6F 6E 65 21 69 6D 70 6F 72 74 61 6E 74 3B 64 69 73 70 6C 61 79 3A 6E 6F 6E 65 21 69 6D 70 6F 72 74 61 6E 74 7D 2E 72 68 73 74 63 35 20 2E 72 68 73 6C 35 2C 2E 72 68 73 74 63 35 20 2E 72 68 73 6C 34 2C 2E 72 68 73 74 63 34 20 2E 72 68 73 6C 34 7B 62 61 63 6B 67 72 6F 75 6E 64 3A 6E 6F 6E 65 21 69 | success or wait | 762023609 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\L1ZDGPDD\b0659096785d29d3[1].js Offset: unknown Length: 1024 Value: 6F 73 69 74 69 6F 6E 3A 61 62 73 6F 6C 75 74 65 3B 74 6F 70 3A 35 30 25 3B 76 69 73 69 62 69 6C 69 74 79 3A 68 69 64 64 65 6E 3B 77 69 64 74 68 3A 31 35 70 78 7D 2E 76 73 68 20 2E 76 73 63 3A 68 6F 76 65 72 20 2E 76 73 70 69 69 20 2E 76 73 70 69 69 63 7B 76 69 73 69 62 69 6C 69 74 79 3A 76 69 73 69 | success or wait | 762024263 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\L1ZDGPDD\b0659096785d29d3[1].js Offset: unknown Length: 452 Value: 65 72 20 2E 76 73 70 69 69 2C 2E 76 73 74 61 2E 76 73 6F 20 2E 76 73 70 69 69 7B 62 61 63 6B 67 72 6F 75 6E 64 2D 63 6F 6C 6F 72 3A 23 66 66 66 62 66 32 3B 62 6F 72 64 65 72 2D 63 6F 6C 6F 72 3A 23 66 65 63 3B 7D 2E 76 73 68 2E 6E 79 63 5F 6F 70 65 6E 69 6E 67 20 2E 76 73 63 61 2E 76 73 63 3A 68 6F | success or wait | 762026098 |
Section loaded | Path: C:\WINDOWS\system32\mshtml.tlb Access: query and read Type: commit Baseaddress: 6990000 Size: 1642496 Protection: readonly Mapped to pid: own pid | success or wait | 762034498 |
Section loaded | Path: C:\WINDOWS\system32\mshtml.tlb Access: query and read Type: commit Baseaddress: 6990000 Size: 1642496 Protection: readonly Mapped to pid: own pid | success or wait | 762071206 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\L1ZDGPDD\b0659096785d29d3[1].js Offset: unknown Length: 1024 Value: 30 39 70 78 7D 2E 76 73 74 61 20 2E 76 73 74 69 74 6F 70 7B 62 61 63 6B 67 72 6F 75 6E 64 2D 70 6F 73 69 74 69 6F 6E 3A 2D 31 30 70 78 20 2D 33 31 38 70 78 7D 23 74 61 64 73 2C 20 23 74 61 64 73 74 6F 2C 20 23 74 61 64 73 62 7B 77 69 64 74 68 3A 35 31 32 70 78 7D 2E 6E 79 63 5F 6F 70 65 6E 20 23 6E | success or wait | 762101600 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\L1ZDGPDD\b0659096785d29d3[1].js Offset: unknown Length: 1024 Value: 3A 30 3B 6D 61 72 67 69 6E 3A 30 3B 70 61 64 64 69 6E 67 3A 30 7D 6C 69 7B 6C 69 6E 65 2D 68 65 69 67 68 74 3A 31 2E 32 7D 6C 69 2E 67 7B 6D 61 72 67 69 6E 2D 74 6F 70 3A 30 3B 6D 61 72 67 69 6E 2D 62 6F 74 74 6F 6D 3A 32 30 70 78 7D 2E 69 62 6B 2C 23 70 72 6F 64 75 63 74 62 6F 78 20 2E 66 6D 67 7B | success or wait | 762104643 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\L1ZDGPDD\b0659096785d29d3[1].js Offset: unknown Length: 1024 Value: 6F 74 74 6F 6D 3A 31 31 70 78 21 69 6D 70 6F 72 74 61 6E 74 3B 7A 2D 69 6E 64 65 78 3A 30 7D 23 74 61 64 73 20 6C 69 2C 23 74 61 64 73 62 20 6C 69 2C 23 74 61 64 73 74 6F 20 6C 69 7B 70 61 64 64 69 6E 67 3A 32 30 70 78 20 30 20 30 7D 23 74 61 64 73 20 6C 69 3A 66 69 72 73 74 2D 63 68 69 6C 64 2C 23 | success or wait | 762106839 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\L1ZDGPDD\b0659096785d29d3[1].js Offset: unknown Length: 1022 Value: 7D 2E 6D 69 74 65 6D 20 2E 6B 6C 2C 23 73 68 6F 77 6D 6F 64 65 73 7B 70 61 64 64 69 6E 67 2D 6C 65 66 74 3A 31 36 70 78 7D 2E 6D 69 74 65 6D 20 2E 6B 6C 3A 68 6F 76 65 72 2C 2E 6D 73 65 6C 20 2E 6B 6C 73 3A 68 6F 76 65 72 2C 23 73 68 6F 77 6D 6F 64 65 73 3A 68 6F 76 65 72 7B 6F 70 61 63 69 74 79 3A | success or wait | 762108954 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\L1ZDGPDD\b0659096785d29d3[1].js Offset: unknown Length: 1024 Value: 63 73 6F 7B 66 6F 6E 74 2D 73 69 7A 65 3A 31 33 70 78 7D 2E 74 62 70 63 2C 2E 74 62 6F 20 2E 74 62 70 6F 7B 64 69 73 70 6C 61 79 3A 69 6E 6C 69 6E 65 7D 2E 74 62 6F 20 2E 74 62 70 63 2C 2E 74 62 70 6F 2C 2E 6C 63 6F 20 2E 6C 63 73 6F 2C 2E 6C 63 6F 20 2E 6C 63 6F 74 2C 23 73 65 74 5F 6C 6F 63 61 74 | success or wait | 762111985 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\L1ZDGPDD\b0659096785d29d3[1].js Offset: unknown Length: 1024 Value: 3A 72 65 64 3B 66 6F 6E 74 2D 73 69 7A 65 3A 38 34 25 3B 66 6F 6E 74 2D 77 65 69 67 68 74 3A 6E 6F 72 6D 61 6C 7D 2E 72 68 73 73 7B 6D 61 72 67 69 6E 3A 30 20 30 20 33 32 70 78 3B 6D 61 72 67 69 6E 2D 6C 65 66 74 3A 38 70 78 7D 23 6D 62 45 6E 64 7B 6D 61 72 67 69 6E 3A 35 70 78 20 30 20 33 32 70 78 | success or wait | 762114171 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\L1ZDGPDD\b0659096785d29d3[1].js Offset: unknown Length: 1024 Value: 3A 68 6F 76 65 72 2C 2E 6D 69 3A 68 6F 76 65 72 2C 2E 6D 69 3A 68 6F 76 65 72 20 2A 7B 63 6F 6C 6F 72 3A 23 66 66 66 21 69 6D 70 6F 72 74 61 6E 74 7D 23 67 75 73 65 72 7B 63 6F 6C 6F 72 3A 23 30 30 30 7D 23 72 65 73 20 61 20 69 6D 67 7B 62 6F 72 64 65 72 2D 63 6F 6C 6F 72 3A 23 31 32 63 7D 23 72 65 | success or wait | 762116274 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\L1ZDGPDD\b0659096785d29d3[1].js Offset: unknown Length: 971 Value: 6E 6B 3A 76 69 73 69 74 65 64 7B 63 6F 6C 6F 72 3A 23 36 30 39 7D 23 62 6C 75 72 62 62 6F 78 5F 62 6F 74 74 6F 6D 7B 63 6F 6C 6F 72 3A 23 37 36 37 36 37 36 7D 2E 73 74 70 7B 6D 61 72 67 69 6E 3A 37 70 78 20 30 20 31 37 70 78 7D 2E 73 73 70 7B 6D 61 72 67 69 6E 3A 2E 33 33 65 6D 20 30 20 31 37 70 78 | success or wait | 762126004 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\L1ZDGPDD\b0659096785d29d3[1].js Offset: unknown Length: 1024 Value: 7D 2E 73 6C 6B 7B 6D 61 72 67 69 6E 2D 74 6F 70 3A 36 70 78 21 69 6D 70 6F 72 74 61 6E 74 7D 61 2E 6E 6C 72 6C 3A 6C 69 6E 6B 2C 20 61 2E 6E 6C 72 6C 3A 76 69 73 69 74 65 64 7B 63 6F 6C 6F 72 3A 23 30 30 30 7D 61 2E 6E 6C 72 6C 3A 68 6F 76 65 72 2C 20 61 2E 6C 72 6C 6E 3A 61 63 74 69 76 65 7B 63 6F | success or wait | 762129303 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\L1ZDGPDD\b0659096785d29d3[1].js Offset: unknown Length: 1024 Value: 2C 61 2E 61 62 5F 62 75 74 74 6F 6E 7B 63 6F 6C 6F 72 3A 23 34 34 34 3B 74 65 78 74 2D 64 65 63 6F 72 61 74 69 6F 6E 3A 6E 6F 6E 65 7D 2E 63 70 62 62 3A 68 6F 76 65 72 2C 2E 6B 70 62 62 3A 68 6F 76 65 72 2C 2E 6B 70 72 62 3A 68 6F 76 65 72 2C 2E 6B 70 67 62 3A 68 6F 76 65 72 2C 2E 6B 70 67 72 62 3A | success or wait | 762131460 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\L1ZDGPDD\b0659096785d29d3[1].js Offset: unknown Length: 1024 Value: 65 30 65 30 65 30 29 3B 62 6F 72 64 65 72 3A 31 70 78 20 73 6F 6C 69 64 20 23 63 63 63 3B 62 6F 78 2D 73 68 61 64 6F 77 3A 69 6E 73 65 74 20 30 20 31 70 78 20 32 70 78 20 72 67 62 61 28 30 2C 30 2C 30 2C 30 2E 31 29 3B 63 6F 6C 6F 72 3A 23 32 32 32 3B 66 69 6C 74 65 72 3A 70 72 6F 67 69 64 3A 44 58 | success or wait | 762133531 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\L1ZDGPDD\b0659096785d29d3[1].js Offset: unknown Length: 1024 Value: 6B 3B 66 6F 6E 74 2D 73 69 7A 65 3A 31 30 70 78 3B 68 65 69 67 68 74 3A 31 36 70 78 3B 6C 69 6E 65 2D 68 65 69 67 68 74 3A 31 36 70 78 3B 6D 69 6E 2D 77 69 64 74 68 3A 30 3B 70 61 64 64 69 6E 67 3A 30 3B 74 65 78 74 2D 64 65 63 6F 72 61 74 69 6F 6E 3A 6E 6F 6E 65 3B 77 69 64 74 68 3A 32 36 70 78 3B | success or wait | 762135609 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\L1ZDGPDD\b0659096785d29d3[1].js Offset: unknown Length: 870 Value: 3B 70 6F 73 69 74 69 6F 6E 3A 72 65 6C 61 74 69 76 65 3B 74 65 78 74 2D 69 6E 64 65 6E 74 3A 30 7D 2E 6B 63 62 3A 68 6F 76 65 72 7B 62 6F 72 64 65 72 2D 63 6F 6C 6F 72 3A 23 63 36 63 36 63 36 3B 62 6F 78 2D 73 68 61 64 6F 77 3A 69 6E 73 65 74 20 30 20 31 70 78 20 31 70 78 20 72 67 62 61 28 30 2C 30 | success or wait | 762136123 |
Section loaded | Path: C:\WINDOWS\system32\mshtml.tlb Access: query and read Type: commit Baseaddress: 6990000 Size: 1642496 Protection: readonly Mapped to pid: own pid | success or wait | 762146781 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\L1ZDGPDD\b0659096785d29d3[1].js Offset: unknown Length: 1024 Value: 7B 70 6F 73 69 74 69 6F 6E 3A 72 65 6C 61 74 69 76 65 3B 72 69 67 68 74 3A 31 36 70 78 3B 66 6C 6F 61 74 3A 72 69 67 68 74 3B 74 6F 70 3A 31 34 70 78 3B 7A 2D 69 6E 64 65 78 3A 33 7D 23 73 73 6C 6F 63 6B 7B 62 61 63 6B 67 72 6F 75 6E 64 3A 75 72 6C 28 69 6D 61 67 65 73 2F 73 72 70 72 2F 73 61 66 65 | success or wait | 762152730 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\L1ZDGPDD\b0659096785d29d3[1].js Offset: unknown Length: 1024 Value: 6F 67 6F 31 30 37 2E 70 6E 67 29 20 6E 6F 2D 72 65 70 65 61 74 3B 64 69 73 70 6C 61 79 3A 69 6E 6C 69 6E 65 2D 62 6C 6F 63 6B 3B 6F 70 61 63 69 74 79 3A 30 2E 36 36 37 3B 76 65 72 74 69 63 61 6C 2D 61 6C 69 67 6E 3A 6D 69 64 64 6C 65 7D 2E 61 62 5F 62 75 74 74 6F 6E 3A 68 6F 76 65 72 20 5C 78 33 65 | success or wait | 762155984 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\L1ZDGPDD\b0659096785d29d3[1].js Offset: unknown Length: 1024 Value: 72 3A 31 70 78 20 73 6F 6C 69 64 20 23 66 33 66 33 66 33 3B 62 6F 72 64 65 72 3A 31 70 78 20 73 6F 6C 69 64 20 72 67 62 61 28 30 2C 30 2C 30 2C 30 2E 30 35 29 3B 70 6F 69 6E 74 65 72 2D 65 76 65 6E 74 73 3A 6E 6F 6E 65 7D 61 2E 61 62 5F 64 72 6F 70 64 6F 77 6E 69 74 65 6D 2E 64 69 73 61 62 6C 65 64 | success or wait | 762158083 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\L1ZDGPDD\b0659096785d29d3[1].js Offset: unknown Length: 1024 Value: 69 6E 2D 74 6F 70 3A 2D 32 30 70 78 7D 2E 6C 6E 73 65 70 7B 62 6F 72 64 65 72 2D 62 6F 74 74 6F 6D 3A 31 70 78 20 73 6F 6C 69 64 20 23 65 66 65 66 65 66 3B 6D 61 72 67 69 6E 2D 62 6F 74 74 6F 6D 3A 31 34 70 78 3B 6D 61 72 67 69 6E 2D 6C 65 66 74 3A 31 30 70 78 3B 6D 61 72 67 69 6E 2D 72 69 67 68 74 | success or wait | 762160186 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\L1ZDGPDD\b0659096785d29d3[1].js Offset: unknown Length: 545 Value: 73 7B 72 69 67 68 74 3A 32 38 70 78 3B 7D 2E 62 69 67 20 23 61 62 5F 63 74 6C 73 7B 72 69 67 68 74 3A 34 34 70 78 3B 7D 2E 6D 64 6D 20 23 62 6D 73 7B 6D 61 72 67 69 6E 2D 6C 65 66 74 3A 31 32 70 78 7D 2E 62 69 67 20 23 62 6D 73 7B 6D 61 72 67 69 6E 2D 6C 65 66 74 3A 32 38 70 78 7D 2E 6D 64 6D 20 2E | success or wait | 762161651 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\L1ZDGPDD\b0659096785d29d3[1].js Offset: unknown Length: 1024 Value: 6C 2C 2E 72 73 63 6F 6E 74 61 69 6E 65 72 20 61 3A 68 6F 76 65 72 20 2E 75 6C 7B 74 65 78 74 2D 64 65 63 6F 72 61 74 69 6F 6E 3A 75 6E 64 65 72 6C 69 6E 65 7D 2E 6C 72 5F 74 61 62 20 7B 64 69 73 70 6C 61 79 3A 69 6E 6C 69 6E 65 2D 62 6C 6F 63 6B 7D 2E 61 75 74 68 6F 72 73 68 69 70 5F 61 74 74 72 7B | success or wait | 762164698 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\L1ZDGPDD\b0659096785d29d3[1].js Offset: unknown Length: 1024 Value: 7B 20 64 69 73 70 6C 61 79 3A 62 6C 6F 63 6B 20 7D 20 20 2E 6C 73 74 7B 70 61 64 64 69 6E 67 2D 74 6F 70 3A 32 70 78 7D 20 27 7D 2C 66 70 2C 64 72 2C 30 2C 5F 6C 6F 63 2C 5F 73 73 29 3B 76 61 72 20 72 6C 7A 3D 27 27 3B 76 61 72 20 6C 6F 67 50 61 72 61 6D 73 3D 27 27 3B 6A 65 2E 70 63 28 27 6D 61 69 | success or wait | 762166820 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\L1ZDGPDD\b0659096785d29d3[1].js Offset: unknown Length: 1024 Value: 78 33 63 64 69 76 20 69 64 5C 78 33 64 5C 78 32 32 73 72 63 68 64 73 63 5C 78 32 32 5C 78 33 65 5C 78 33 63 2F 64 69 76 5C 78 33 65 5C 78 33 63 64 69 76 20 69 64 5C 78 33 64 5C 78 32 32 73 64 62 5C 78 32 32 5C 78 33 65 5C 78 33 63 2F 64 69 76 5C 78 33 65 5C 78 33 63 64 69 76 20 69 64 5C 78 33 64 5C | success or wait | 762168907 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\L1ZDGPDD\b0659096785d29d3[1].js Offset: unknown Length: 1024 Value: 2F 64 69 76 5C 78 33 65 20 5C 78 33 63 2F 64 69 76 5C 78 33 65 5C 78 33 63 2F 64 69 76 5C 78 33 65 5C 78 33 63 2F 64 69 76 5C 78 33 65 5C 78 33 63 64 69 76 20 69 64 5C 78 33 64 5C 78 32 32 72 68 73 63 6F 6C 5C 78 32 32 5C 78 33 65 5C 78 33 63 2F 64 69 76 5C 78 33 65 5C 78 33 63 2F 64 69 76 5C 78 33 | success or wait | 762177850 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\L1ZDGPDD\b0659096785d29d3[1].js Offset: unknown Length: 100 Value: 2F 5C 78 32 32 5C 78 33 65 41 63 63 75 65 69 6C 5C 78 32 36 6E 62 73 70 3B 47 6F 6F 67 6C 65 5C 78 33 63 2F 61 5C 78 33 65 E2 80 8E 20 5C 78 33 63 61 20 68 72 65 66 5C 78 33 64 5C 78 32 32 2F 69 6E 74 6C 2F 66 72 2F 61 64 73 2F 5C 78 32 32 5C 78 33 65 53 6F 6C 75 74 69 6F 6E 73 20 70 75 62 6C 69 63 | success or wait | 762178953 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\L1ZDGPDD\b0659096785d29d3[1].js Offset: unknown Length: 889 Value: 69 74 61 69 72 65 73 5C 78 33 63 2F 61 5C 78 33 65 E2 80 8E 20 5C 78 33 63 61 20 68 72 65 66 5C 78 33 64 5C 78 32 32 2F 73 65 72 76 69 63 65 73 2F 5C 78 32 32 5C 78 33 65 53 6F 6C 75 74 69 6F 6E 73 20 64 5C 78 32 37 65 6E 74 72 65 70 72 69 73 65 5C 78 33 63 2F 61 5C 78 33 65 E2 80 8E 20 5C 78 33 63 | success or wait | 762184165 |
Process information queried | PID: 2948 Info Class: Wow64Information | success or wait | 762202375 |
File opened | Path: C:\WINDOWS\system32\wininet.dll Access: synchronize and generic read Options: synchronous io non alert and non directory file and random access Overwritten: false | success or wait | 762202870 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and write and read and execute and extend size Type: image Baseaddress: 6990000 Size: 942080 Protection: readonly Mapped to pid: own pid | image not at base | 762203915 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\3FZRZ9KZ\tia[1].png Offset: unknown Length: 188 Value: 89 50 4E 47 0D 0A 1A 0A 00 00 00 0D 49 48 44 52 00 00 00 1B 00 00 00 17 08 02 00 00 00 75 74 A3 79 00 00 00 01 73 52 47 42 00 AE CE 1C E9 00 00 00 04 67 41 4D 41 00 00 B1 8F 0B FC 61 05 00 00 00 20 63 48 52 4D 00 00 7A 26 00 00 80 84 00 00 FA 00 00 00 80 E8 00 00 75 30 00 00 EA 60 00 00 3A 98 00 00 | success or wait | 762209128 |
File opened | Path: C:\WINDOWS\system32\wininet.dll Access: synchronize and generic read Options: synchronous io non alert and non directory file and random access Overwritten: false | success or wait | 762357917 |
Section loaded | Path: C:\WINDOWS\system32\wininet.dll Access: query and write and read and execute and extend size Type: image Baseaddress: 6990000 Size: 942080 Protection: readonly Mapped to pid: own pid | image not at base | 762359469 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\3FZRZ9KZ\swxa[1].gif Offset: unknown Length: 5223 Value: 47 49 46 38 39 61 78 00 41 00 A2 00 00 FF FF FF F1 F1 F1 E2 E2 E2 D2 D2 D2 FE 01 02 00 00 00 00 00 00 00 00 00 21 F9 04 04 01 00 FF 00 2C 00 00 00 00 78 00 41 00 00 03 65 08 BA DC FE 30 CA 49 AB BD 38 EB CD BB FF 60 28 8E 64 69 9E 68 AA AE 6C EB BE 70 2C CF 74 6D DF 78 AE EF 7C EF FF C0 A0 70 48 2C | success or wait | 762378622 |
Section loaded | Path: C:\WINDOWS\system32\mshtml.tlb Access: query and read Type: commit Baseaddress: 6990000 Size: 1642496 Protection: readonly Mapped to pid: own pid | success or wait | 762384795 |
File write | Path: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\3FZRZ9KZ\tia[1].png Offset: unknown Length: 199 Value: 1A 8E 80 E2 70 43 D1 4D 5C B2 F3 7C D9 D4 ED C0 14 0A 04 4D F3 F6 12 64 00 15 00 CD 4D 6A 59 8D 6E E2 3B 18 20 CF 44 9F E2 F9 70 13 A0 6E 44 36 31 B9 6D 1D D0 75 C4 23 A0 1B 09 9B 08 F1 2C 91 1E C7 6E E2 63 18 00 FA 1A E8 46 32 4C 84 9B 00 F5 35 9A 89 C4 7B 19 A8 12 E2 46 9C 26 36 CF DA 02 77 23 3C | success or wait | 762751062 |
Section loaded | Path: C:\WINDOWS\system32\mshtml.tlb Access: query and read Type: commit Baseaddress: 6990000 Size: 1642496 Protection: readonly Mapped to pid: own pid | success or wait | 762752917 |
Section loaded | Path: C:\WINDOWS\system32\mshtml.tlb Access: query and read Type: commit Baseaddress: 6990000 Size: 1642496 Protection: readonly Mapped to pid: own pid | success or wait | 762771002 |
Section loaded | Path: C:\WINDOWS\system32\mshtml.tlb Access: query and read Type: commit Baseaddress: 6990000 Size: 1642496 Protection: readonly Mapped to pid: own pid | success or wait | 762794293 |
Section loaded | Path: C:\WINDOWS\system32\mshtml.tlb Access: query and read Type: commit Baseaddress: 6990000 Size: 1642496 Protection: readonly Mapped to pid: own pid | success or wait | 762814631 |
Section loaded | Path: C:\WINDOWS\system32\mshtml.tlb Access: query and read Type: commit Baseaddress: 6990000 Size: 1642496 Protection: readonly Mapped to pid: own pid | success or wait | 763079381 |
Section loaded | Path: C:\WINDOWS\system32\mshtml.tlb Access: query and read Type: commit Baseaddress: 6990000 Size: 1642496 Protection: readonly Mapped to pid: own pid | success or wait | 763097137 |
Section loaded | Path: C:\WINDOWS\system32\mshtml.tlb Access: query and read Type: commit Baseaddress: 6990000 Size: 1642496 Protection: readonly Mapped to pid: own pid | success or wait | 763111333 |
Section loaded | Path: C:\WINDOWS\system32\mshtml.tlb Access: query and read Type: commit Baseaddress: 6990000 Size: 1642496 Protection: readonly Mapped to pid: own pid | success or wait | 763123096 |
Process information queried | PID: 2948 Info Class: DeviceMap | success or wait | 763132454 |
Section loaded | Path: unknown Access: query and write and read Type: commit Baseaddress: 5810000 Size: 4096 Protection: read write Mapped to pid: own pid | success or wait | 763132850 |
Process information queried | PID: 2948 Info Class: SessionInformation | success or wait | 763140867 |
Process information queried | PID: 2948 Info Class: SessionInformation | success or wait | 763201964 |
Section loaded | Path: C:\WINDOWS\system32\mshtml.tlb Access: query and read Type: commit Baseaddress: 6990000 Size: 1642496 Protection: readonly Mapped to pid: own pid | success or wait | 763262161 |
Section loaded | Path: C:\WINDOWS\system32\mshtml.tlb Access: query and read Type: commit Baseaddress: 6990000 Size: 1642496 Protection: readonly Mapped to pid: own pid | success or wait | 763275462 |
Section loaded | Path: C:\WINDOWS\system32\mshtml.tlb Access: query and read Type: commit Baseaddress: 6990000 Size: 1642496 Protection: readonly Mapped to pid: own pid | success or wait | 763287404 |
Section loaded | Path: C:\WINDOWS\system32\mshtml.tlb Access: query and read Type: commit Baseaddress: 6990000 Size: 1642496 Protection: readonly Mapped to pid: own pid | success or wait | 763338265 |
Section loaded | Path: C:\WINDOWS\system32\mshtml.tlb Access: query and read Type: commit Baseaddress: 6990000 Size: 1642496 Protection: readonly Mapped to pid: own pid | success or wait | 763350086 |
Section loaded | Path: C:\WINDOWS\system32\mshtml.tlb Access: query and read Type: commit Baseaddress: 6990000 Size: 1642496 Protection: readonly Mapped to pid: own pid | success or wait | 763364305 |
Section loaded | Path: C:\WINDOWS\system32\mshtml.tlb Access: query and read Type: commit Baseaddress: 6990000 Size: 1642496 Protection: readonly Mapped to pid: own pid | success or wait | 763379530 |
Section loaded | Path: C:\WINDOWS\system32\mshtml.tlb Access: query and read Type: commit Baseaddress: 6990000 Size: 1642496 Protection: readonly Mapped to pid: own pid | success or wait | 763393138 |
Section loaded | Path: C:\WINDOWS\system32\mshtml.tlb Access: query and read Type: commit Baseaddress: 6990000 Size: 1642496 Protection: readonly Mapped to pid: own pid | success or wait | 763404420 |
Section loaded | Path: C:\WINDOWS\system32\mshtml.tlb Access: query and read Type: commit Baseaddress: 6990000 Size: 1642496 Protection: readonly Mapped to pid: own pid | success or wait | 763420018 |
Section loaded | Path: C:\WINDOWS\system32\mshtml.tlb Access: query and read Type: commit Baseaddress: 6990000 Size: 1642496 Protection: readonly Mapped to pid: own pid | success or wait | 763432567 |
Section loaded | Path: C:\WINDOWS\system32\mshtml.tlb Access: query and read Type: commit Baseaddress: 6990000 Size: 1642496 Protection: readonly Mapped to pid: own pid | success or wait | 763444273 |
Section loaded | Path: C:\WINDOWS\system32\mshtml.tlb Access: query and read Type: commit Baseaddress: 6990000 Size: 1642496 Protection: readonly Mapped to pid: own pid | success or wait | 763459064 |
Section loaded | Path: C:\WINDOWS\system32\mshtml.tlb Access: query and read Type: commit Baseaddress: 6990000 Size: 1642496 Protection: readonly Mapped to pid: own pid | success or wait | 763473290 |
Section loaded | Path: C:\WINDOWS\system32\mshtml.tlb Access: query and read Type: commit Baseaddress: 6990000 Size: 1642496 Protection: readonly Mapped to pid: own pid | success or wait | 763488472 |
Section loaded | Path: C:\WINDOWS\system32\mshtml.tlb Access: query and read Type: commit Baseaddress: 6990000 Size: 1642496 Protection: readonly Mapped to pid: own pid | success or wait | 763503219 |
Section loaded | Path: C:\WINDOWS\system32\mshtml.tlb Access: query and read Type: commit Baseaddress: 6990000 Size: 1642496 Protection: readonly Mapped to pid: own pid | success or wait | 763516279 |
Section loaded | Path: C:\WINDOWS\system32\mshtml.tlb Access: query and read Type: commit Baseaddress: 6990000 Size: 1642496 Protection: readonly Mapped to pid: own pid | success or wait | 763527571 |
Mutant created | Name: \BaseNamedObjects\ofjwkwufhdjfgki | object name exists | 775618351 |
File opened | Path: \pipe\globpluginspipe Access: read attributes and synchronize and generic read Options: synchronous io non alert and non directory file Attributes: none Content Overwritten: true | success or wait | 775619015 |
File read | Path: \globpluginspipe Offset: unknown Length: 4 Value: 41 0C 02 00 | success or wait | 775619546 |
File read | Path: \globpluginspipe Offset: unknown Length: 134209 Value: 67 6C 6F 62 70 6C 75 67 69 6E 73 00 04 00 00 00 72 73 74 5F 31 5F 31 00 00 0C 02 00 4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF 00 00 B8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 E8 00 00 00 0E 1F BA 0E 00 B4 09 CD | success or wait | 775630855 |