API tools faq
paste
Guest User

tofee spambot

a guest
Jul 2nd, 2018
264
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 51.47 KB | None | 0 0
raw download clone embed print report
  1. Process
  2. Time of Day Name PID Operation Path Result Detail
  3. Parent PID: 476, Command line: "C:\Users\hackbox\Music\
  4. C:\Users\hackbox\Music\unpacked\, Environment:
  5. ; =::=::\
  6. ; ALLUSERSPROFILE=C:\ProgramData
  7. ; APPDATA=C:\Users\hackbox\AppData\Roaming
  8. ; CommonProgramFiles=C:\Program Files\Common Files
  9. ; COMPUTERNAME=HACKBOX-PC
  10. ; ComSpec=C:\Windows\system32\cmd.exe
  11. ; FP_NO_HOST_CHECK=NO
  12. ; HOMEDRIVE=C:
  13. ; HOMEPATH=\Users\hackbox
  14. ; LOCALAPPDATA=C:\Users\hackbox\AppData\Local
  15. ; LOGONSERVER=\\HACKBOX-PC
  16. ; NUMBER_OF_PROCESSORS=2
  17. ; OS=Windows_NT
  18. ;
  19. Path=C:\Windows\system32;C:\Windows;C:\Windows\Syst
  20. ; PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.
  21. ; PROCESSOR_ARCHITECTURE=x86
  22. ; PROCESSOR_IDENTIFIER=x86 Family 6 Model 44 Step
  23. ; PROCESSOR_LEVEL=6
  24. ; PROCESSOR_REVISION=2c01
  25. ; ProgramData=C:\ProgramData
  26. ; ProgramFiles=C:\Program Files
  27. ; PSModulePath=C:\Windows\system32\WindowsPowerSh
  28. ; PUBLIC=C:\Users\Public
  29. ; SESSIONNAME=Console
  30. ; SystemDrive=C:
  31. ; SystemRoot=C:\Windows
  32. ; TEMP=C:\Users\hackbox\AppData\Local\Temp
  33. ; TMP=C:\Users\hackbox\AppData\Local\Temp
  34. ; USERDOMAIN=hackbox-PC
  35. ; USERNAME=hackbox
  36. ; USERPROFILE=C:\Users\hackbox
  37. ; windir=C:\Windows
  38. 2:48:03.0868668 ; windows_tracing_flags=3
  39. PM unpacked.exe3456Process Start SUCCESS ; windows_tracing_logfile=C:\BVTBin\Tests\installpackage\c
  40. 2:48:03.0868688
  41. PM unpacked.exe3456Thread Create SUCCESS Thread ID: 2560
  42. 2:48:03.0963196
  43. PM unpacked.exe3456Load Image C:\Users\hackbox\Music\unpacked\unpacked.exe SUCCESS Image Base: 0x400000, Image Size: 0x12000
  44. 2:48:03.0982563
  45. PM unpacked.exe3456Load Image C:\Windows\System32\ntdll.dll SUCCESS Image Base: 0x77b80000, Image Size: 0x13c000
  46. 2:48:03.0984246 Desired Access: Generic Read, Disposition: Open, Options
  47. PM unpacked.exe3456CreateFile C:\Windows\Prefetch\UNPACKED.EXE-D6A8C3AC.pf NAME NOT FOUND AllocationSize: n/a
  48. 2:48:03.0985053
  49. PM unpacked.exe3456RegOpenKey HKLM\System\CurrentControlSet\Control\Session Manager REPARSE Desired Access: Read
  50. 2:48:03.0985175
  51. PM unpacked.exe3456RegOpenKey HKLM\System\CurrentControlSet\Control\Session Manager SUCCESS Desired Access: Read
  52. 2:48:03.0985315
  53. PM unpacked.exe3456RegQueryValue HKLM\System\CurrentControlSet\Control\Session Manager\CWDIllegalInDLLSearch NAME NOT FOUND Length: 1,024
  54. 2:48:03.0985384
  55. PM unpacked.exe3456RegCloseKey HKLM\System\CurrentControlSet\Control\Session Manager SUCCESS
  56. 2:48:03.0986781 Desired Access: Execute/Traverse, Synchronize, Dispositio
  57. PM unpacked.exe3456CreateFile C:\Users\hackbox\Music\unpacked SUCCESS Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a
  58. 2:48:03.0988453
  59. PM unpacked.exe3456Load Image C:\Windows\System32\kernel32.dll SUCCESS Image Base: 0x778a0000, Image Size: 0xd4000
  60. 2:48:03.0991404
  61. PM unpacked.exe3456Load Image C:\Windows\System32\KernelBase.dll SUCCESS Image Base: 0x75d50000, Image Size: 0x4a000
  62. 2:48:03.1012381
  63. PM unpacked.exe3456RegOpenKey HKLM\System\CurrentControlSet\Control\Terminal Server REPARSE Desired Access: Read
  64. 2:48:03.1012505
  65. PM unpacked.exe3456RegOpenKey HKLM\System\CurrentControlSet\Control\Terminal Server SUCCESS Desired Access: Read
  66. 2:48:03.1012616
  67. PM unpacked.exe3456RegQueryValue HKLM\System\CurrentControlSet\Control\Terminal Server\TSAppCompat NAME NOT FOUND Length: 548
  68. 2:48:03.1012667
  69. PM unpacked.exe3456RegQueryValue HKLM\System\CurrentControlSet\Control\Terminal Server\TSUserEnabled SUCCESS Type: REG_DWORD, Length: 4, Data: 0
  70. 2:48:03.1012719
  71. PM unpacked.exe3456RegCloseKey HKLM\System\CurrentControlSet\Control\Terminal Server SUCCESS
  72. 2:48:03.1012869
  73. PM unpacked.exe3456RegOpenKey HKLM\System\CurrentControlSet\Control\SafeBoot\Option REPARSE Desired Access: Query Value, Set Value
  74. 2:48:03.1012941
  75. PM unpacked.exe3456RegOpenKey HKLM\System\CurrentControlSet\Control\SafeBoot\Option NAME NOT FOUND Desired Access: Query Value, Set Value
  76. 2:48:03.1013018
  77. PM unpacked.exe3456RegOpenKey HKLM\System\CurrentControlSet\Control\Srp\GP\DLL REPARSE Desired Access: Read
  78. 2:48:03.1013083
  79. PM unpacked.exe3456RegOpenKey HKLM\System\CurrentControlSet\Control\Srp\GP\DLL NAME NOT FOUND Desired Access: Read
  80. 2:48:03.1013154
  81. PM unpacked.exe3456RegOpenKey HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers SUCCESS Desired Access: Query Value
  82. 2:48:03.1013281
  83. PM unpacked.exe3456RegQueryValue HKLM\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\TransparentEnabled NAME NOT FOUND Length: 80
  84. 2:48:03.1013323
  85. PM unpacked.exe3456RegCloseKey HKLM\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers SUCCESS
  86. 2:48:03.1013450
  87. PM unpacked.exe3456RegOpenKey HKCU\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers NAME NOT FOUND Desired Access: Query Value
  88. 2:48:03.1014923
  89. PM unpacked.exe3456Load Image C:\Windows\System32\ws2_32.dll SUCCESS Image Base: 0x77d10000, Image Size: 0x35000
  90. 2:48:03.1016319
  91. PM unpacked.exe3456Load Image C:\Windows\System32\msvcrt.dll SUCCESS Image Base: 0x76720000, Image Size: 0xac000
  92. 2:48:03.1019505
  93. PM unpacked.exe3456Load Image C:\Windows\System32\rpcrt4.dll SUCCESS Image Base: 0x76670000, Image Size: 0xa1000
  94. 2:48:03.1021554
  95. PM unpacked.exe3456Load Image C:\Windows\System32\nsi.dll SUCCESS Image Base: 0x77d00000, Image Size: 0x6000
  96. 2:48:03.1023824 Desired Access: Read Attributes, Disposition: Open, Option
  97. PM unpacked.exe3456CreateFile C:\Users\hackbox\Music\unpacked\dbghelp.dll NAME NOT FOUND Write, Delete, AllocationSize: n/a
  98. 2:48:03.1025221 Desired Access: Read Attributes, Disposition: Open, Option
  99. PM unpacked.exe3456CreateFile C:\Windows\System32\dbghelp.dll SUCCESS Write, Delete, AllocationSize: n/a, OpenResult: Opened
  100. 2:48:03.1026246 CreationTime: 11/21/2010 2:59:12 AM, LastAccessTime: 11
  101. PM unpacked.exe3456QueryBasicInformationFile C:\Windows\System32\dbghelp.dll SUCCESS ChangeTime: 6/30/2018 5:09:17 AM, FileAttributes: A
  102. 2:48:03.1026289
  103. PM unpacked.exe3456CloseFile C:\Windows\System32\dbghelp.dll SUCCESS
  104. 2:48:03.1027141 Desired Access: Read Data/List Directory, Execute/Travers
  105. PM unpacked.exe3456CreateFile C:\Windows\System32\dbghelp.dll SUCCESS Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: R
  106. 2:48:03.1027927 FILE LOCKED WITH
  107. PM unpacked.exe3456CreateFileMapping C:\Windows\System32\dbghelp.dll ONLY READERS SyncType: SyncTypeCreateSection, PageProtection: PAGE
  108. 2:48:03.1028249
  109. PM unpacked.exe3456CreateFileMapping C:\Windows\System32\dbghelp.dll SUCCESS SyncType: SyncTypeOther
  110. 2:48:03.1029163
  111. PM unpacked.exe3456Load Image C:\Windows\System32\dbghelp.dll SUCCESS Image Base: 0x6cd80000, Image Size: 0xeb000
  112. 2:48:03.1029271
  113. PM unpacked.exe3456CloseFile C:\Windows\System32\dbghelp.dll SUCCESS
  114. 2:48:03.1031051
  115. PM unpacked.exe3456Load Image C:\Windows\System32\user32.dll SUCCESS Image Base: 0x76ae0000, Image Size: 0xc9000
  116. 2:48:03.1032307
  117. PM unpacked.exe3456Load Image C:\Windows\System32\gdi32.dll SUCCESS Image Base: 0x76320000, Image Size: 0x4e000
  118. 2:48:03.1033268
  119. PM unpacked.exe3456Load Image C:\Windows\System32\lpk.dll SUCCESS Image Base: 0x762f0000, Image Size: 0xa000
  120. 2:48:03.1034539
  121. PM unpacked.exe3456Load Image C:\Windows\System32\usp10.dll SUCCESS Image Base: 0x76bb0000, Image Size: 0x9d000
  122. 2:48:03.1035599
  123. PM unpacked.exe3456Load Image C:\Windows\System32\advapi32.dll SUCCESS Image Base: 0x75fd0000, Image Size: 0xa0000
  124. 2:48:03.1037262 Desired Access: Read Attributes, Disposition: Open, Option
  125. PM unpacked.exe3456CreateFile C:\Windows\System32\sechost.dll SUCCESS Write, Delete, AllocationSize: n/a, OpenResult: Opened
  126. 2:48:03.1037969 CreationTime: 7/14/2009 4:41:59 AM, LastAccessTime: 7/14
  127. PM unpacked.exe3456QueryBasicInformationFile C:\Windows\System32\sechost.dll SUCCESS ChangeTime: 6/30/2018 5:09:52 AM, FileAttributes: A
  128. 2:48:03.1038014
  129. PM unpacked.exe3456CloseFile C:\Windows\System32\sechost.dll SUCCESS
  130. 2:48:03.1038682 Desired Access: Read Data/List Directory, Execute/Travers
  131. PM unpacked.exe3456CreateFile C:\Windows\System32\sechost.dll SUCCESS Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: R
  132. 2:48:03.1039353 FILE LOCKED WITH
  133. PM unpacked.exe3456CreateFileMapping C:\Windows\System32\sechost.dll ONLY READERS SyncType: SyncTypeCreateSection, PageProtection: PAGE
  134. 2:48:03.1039548
  135. PM unpacked.exe3456CreateFileMapping C:\Windows\System32\sechost.dll SUCCESS SyncType: SyncTypeOther
  136. 2:48:03.1040322
  137. PM unpacked.exe3456Load Image C:\Windows\System32\sechost.dll SUCCESS Image Base: 0x768d0000, Image Size: 0x19000
  138. 2:48:03.1040428
  139. PM unpacked.exe3456CloseFile C:\Windows\System32\sechost.dll SUCCESS
  140. 2:48:03.1042860
  141. PM unpacked.exe3456Load Image C:\Windows\System32\shell32.dll SUCCESS Image Base: 0x76c50000, Image Size: 0xc4a000
  142. 2:48:03.1048389
  143. PM unpacked.exe3456Load Image C:\Windows\System32\shlwapi.dll SUCCESS Image Base: 0x77d50000, Image Size: 0x57000
  144. 2:48:03.1049907
  145. PM unpacked.exe3456RegOpenKey HKLM\System\CurrentControlSet\Control\Nls\Sorting\Versions REPARSE Desired Access: Read
  146. 2:48:03.1050023
  147. PM unpacked.exe3456RegOpenKey HKLM\System\CurrentControlSet\Control\Nls\Sorting\Versions SUCCESS Desired Access: Read
  148. 2:48:03.1050171
  149. PM unpacked.exe3456RegQueryValue HKLM\System\CurrentControlSet\Control\Nls\Sorting\Versions\(Default) SUCCESS Type: REG_SZ, Length: 36, Data: 00060101.00060101
  150. 2:48:03.1052328
  151. PM unpacked.exe3456RegOpenKey HKLM\System\CurrentControlSet\Control\Session Manager REPARSE Desired Access: Query Value
  152. 2:48:03.1052419
  153. PM unpacked.exe3456RegOpenKey HKLM\System\CurrentControlSet\Control\Session Manager SUCCESS Desired Access: Query Value
  154. 2:48:03.1052503
  155. PM unpacked.exe3456RegQueryValue HKLM\System\CurrentControlSet\Control\Session Manager\SafeDllSearchMode NAME NOT FOUND Length: 16
  156. 2:48:03.1055695 Desired Access: Read Attributes, Disposition: Open, Option
  157. PM unpacked.exe3456CreateFile C:\Windows\System32\imm32.dll SUCCESS Write, Delete, AllocationSize: n/a, OpenResult: Opened
  158. 2:48:03.1056467 CreationTime: 11/21/2010 2:59:20 AM, LastAccessTime: 11
  159. PM unpacked.exe3456QueryBasicInformationFile C:\Windows\System32\imm32.dll SUCCESS ChangeTime: 6/30/2018 5:09:22 AM, FileAttributes: A
  160. 2:48:03.1056513
  161. PM unpacked.exe3456CloseFile C:\Windows\System32\imm32.dll SUCCESS
  162. 2:48:03.1057424 Desired Access: Read Data/List Directory, Synchronize, Dis
  163. PM unpacked.exe3456CreateFile C:\Windows\System32\imm32.dll SUCCESS Directory File, Attributes: n/a, ShareMode: Read, Delete, Allo
  164. 2:48:03.1058415 FILE LOCKED WITH
  165. PM unpacked.exe3456CreateFileMapping C:\Windows\System32\imm32.dll ONLY READERS SyncType: SyncTypeCreateSection, PageProtection: PAGE
  166. 2:48:03.1058462
  167. PM unpacked.exe3456QueryStandardInformationFileC:\Windows\System32\imm32.dll SUCCESS AllocationSize: 118,784, EndOfFile: 118,272, NumberOfLink
  168. 2:48:03.1058556
  169. PM unpacked.exe3456CreateFileMapping C:\Windows\System32\imm32.dll SUCCESS SyncType: SyncTypeOther
  170. 2:48:03.1058843
  171. PM unpacked.exe3456CloseFile C:\Windows\System32\imm32.dll SUCCESS
  172. 2:48:03.1060436 Desired Access: Read Attributes, Disposition: Open, Option
  173. PM unpacked.exe3456CreateFile C:\Windows\System32\imm32.dll SUCCESS Write, Delete, AllocationSize: n/a, OpenResult: Opened
  174. 2:48:03.1061153 CreationTime: 11/21/2010 2:59:20 AM, LastAccessTime: 11
  175. PM unpacked.exe3456QueryBasicInformationFile C:\Windows\System32\imm32.dll SUCCESS ChangeTime: 6/30/2018 5:09:22 AM, FileAttributes: A
  176. 2:48:03.1061196
  177. PM unpacked.exe3456CloseFile C:\Windows\System32\imm32.dll SUCCESS
  178. 2:48:03.1062275 Desired Access: Read Data/List Directory, Synchronize, Dis
  179. PM unpacked.exe3456CreateFile C:\Windows\System32\imm32.dll SUCCESS Directory File, Attributes: n/a, ShareMode: Read, Delete, Allo
  180. 2:48:03.1063070 FILE LOCKED WITH
  181. PM unpacked.exe3456CreateFileMapping C:\Windows\System32\imm32.dll ONLY READERS SyncType: SyncTypeCreateSection, PageProtection: PAGE
  182. 2:48:03.1063109
  183. PM unpacked.exe3456QueryStandardInformationFileC:\Windows\System32\imm32.dll SUCCESS AllocationSize: 118,784, EndOfFile: 118,272, NumberOfLink
  184. 2:48:03.1063208
  185. PM unpacked.exe3456CreateFileMapping C:\Windows\System32\imm32.dll SUCCESS SyncType: SyncTypeOther
  186. 2:48:03.1063430
  187. PM unpacked.exe3456CloseFile C:\Windows\System32\imm32.dll SUCCESS
  188. 2:48:03.1064779 Desired Access: Read Attributes, Disposition: Open, Option
  189. PM unpacked.exe3456CreateFile C:\Windows\System32\imm32.dll SUCCESS Write, Delete, AllocationSize: n/a, OpenResult: Opened
  190. 2:48:03.1065700 CreationTime: 11/21/2010 2:59:20 AM, LastAccessTime: 11
  191. PM unpacked.exe3456QueryBasicInformationFile C:\Windows\System32\imm32.dll SUCCESS ChangeTime: 6/30/2018 5:09:22 AM, FileAttributes: A
  192. 2:48:03.1065740
  193. PM unpacked.exe3456CloseFile C:\Windows\System32\imm32.dll SUCCESS
  194. 2:48:03.1066460 Desired Access: Read Data/List Directory, Execute/Travers
  195. PM unpacked.exe3456CreateFile C:\Windows\System32\imm32.dll SUCCESS Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: R
  196. 2:48:03.1067327 FILE LOCKED WITH
  197. PM unpacked.exe3456CreateFileMapping C:\Windows\System32\imm32.dll ONLY READERS SyncType: SyncTypeCreateSection, PageProtection: PAGE
  198. 2:48:03.1067530
  199. PM unpacked.exe3456CreateFileMapping C:\Windows\System32\imm32.dll SUCCESS SyncType: SyncTypeOther
  200. 2:48:03.1068327
  201. PM unpacked.exe3456Load Image C:\Windows\System32\imm32.dll SUCCESS Image Base: 0x76300000, Image Size: 0x1f000
  202. 2:48:03.1068507
  203. PM unpacked.exe3456CloseFile C:\Windows\System32\imm32.dll SUCCESS
  204. 2:48:03.1069789
  205. PM unpacked.exe3456Load Image C:\Windows\System32\msctf.dll SUCCESS Image Base: 0x76370000, Image Size: 0xcc000
  206. 2:48:03.1071816
  207. PM unpacked.exe3456RegOpenKey HKLM\System\CurrentControlSet\Control\Error Message Instrument",REPARSE" Desired Access: Read
  208. 2:48:03.1071949
  209. PM unpacked.exe3456RegOpenKey HKLM\System\CurrentControlSet\Control\Error Message Instrument NAME NOT FOUND Desired Access: Read
  210.  
  211. 2:48:03.1072048unpacked.exe3456RegOpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize SUCCESS Desired Access: Read
  212. PM
  213. 2:48:03.1072221 HKLM\SOFTWARE\Microsoft\Windows
  214. PM unpacked.exe3456RegQueryValue NT\CurrentVersion\GRE_Initialize\DisableMetaFiles NAME NOT FOUND Length: 20
  215. 2:48:03.1072282
  216. PM unpacked.exe3456RegCloseKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize SUCCESS
  217. 2:48:03.1072593
  218. PM unpacked.exe3456RegOpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Compatibility32 SUCCESS Desired Access: Read
  219. 2:48:03.1072708
  220. PM unpacked.exe3456RegQueryValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Compatibility32\unpacked NAME NOT FOUND Length: 172
  221. 2:48:03.1072769
  222. PM unpacked.exe3456RegCloseKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Compatibility32 SUCCESS
  223. 2:48:03.1072825
  224. PM unpacked.exe3456RegOpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\IME Compatibility NAME NOT FOUND Desired Access: Read
  225. 2:48:03.1074281
  226. PM unpacked.exe3456RegOpenKey HKLM SUCCESS Desired Access: Maximum Allowed, Granted Access: Read
  227. 2:48:03.1074374
  228. PM unpacked.exe3456RegOpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows SUCCESS Desired Access: Read
  229. 2:48:03.1074471
  230. PM unpacked.exe3456RegQueryValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\LoadAppInit_DLLs SUCCESS Type: REG_DWORD, Length: 4, Data: 0
  231. 2:48:03.1074532
  232. PM unpacked.exe3456RegCloseKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows SUCCESS
  233. 2:48:03.1075229
  234. PM unpacked.exe3456RegOpenKey HKLM\System\CurrentControlSet\Control\Terminal Server REPARSE Desired Access: Read
  235. 2:48:03.1075304
  236. PM unpacked.exe3456RegOpenKey HKLM\System\CurrentControlSet\Control\Terminal Server SUCCESS Desired Access: Read
  237. 2:48:03.1075376
  238. PM unpacked.exe3456RegQueryValue HKLM\System\CurrentControlSet\Control\Terminal Server\TSAppCompat NAME NOT FOUND Length: 548
  239. 2:48:03.1075412
  240. PM unpacked.exe3456RegQueryValue HKLM\System\CurrentControlSet\Control\Terminal Server\TSUserEnabled SUCCESS Type: REG_DWORD, Length: 4, Data: 0
  241. 2:48:03.1075446
  242. PM unpacked.exe3456RegCloseKey HKLM\System\CurrentControlSet\Control\Terminal Server SUCCESS
  243. 2:48:03.1075567
  244. PM unpacked.exe3456RegOpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Diagnostics NAME NOT FOUND Desired Access: Read
  245. 2:48:03.1077572
  246. PM unpacked.exe3456QueryNameInformationFile C:\Users\hackbox\Music\unpacked\unpacked.exe SUCCESS Name: \Users\hackbox\Music\unpacked\unpacked.exe
  247. Desired Access:
  248. Synchronize, Disposition:
  249. Open, Options: Directory,
  250. Synchronous IO Non-
  251. Alert, Attributes: n/a,
  252. ShareMode: None,
  253. 2:48:03.1077938 AllocationSize: n/a,
  254. PM unpacked.exe3456CreateFile C:",SUCCESS" OpenResult: Opened
  255.  
  256.  
  257.  
  258.  
  259. 2:48:03.1078316 Name: "
  260. PM unpacked.exe3456QueryNameInformationFile C:",SUCCESS" 2:48:03.1078409 PM" unpacked.exe
  261. 2:48:03.1078475
  262. PM unpacked.exe3456CloseFile C:",SUCCESS"
  263. 2:48:03.1078873
  264. PM unpacked.exe3456RegOpenKey HKCU SUCCESS Desired Access: Maximum Allowed, Granted Access: All A
  265. 2:48:03.1078979
  266. PM unpacked.exe3456RegOpenKey HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run SUCCESS Desired Access: Query Value
  267. 2:48:03.1079067
  268. PM unpacked.exe3456RegQueryValue HKCU\Software\Microsoft\Windows\CurrentVersion\Run\MSConfig NAME NOT FOUND Length: 144
  269. 2:48:03.1079106
  270. PM unpacked.exe3456RegCloseKey HKCU\Software\Microsoft\Windows\CurrentVersion\Run SUCCESS
  271. 2:48:03.1080155 Desired Access: Generic Read, Disposition: Open, Options
  272. PM unpacked.exe3456CreateFile C:\Users\hackbox\Music\unpacked\unpacked.exe SUCCESS ShareMode: Read, Write, AllocationSize: n/a, OpenResult: O
  273. 2:48:03.1080402
  274. PM unpacked.exe3456QueryStandardInformationFileC:\Users\hackbox\Music\unpacked\unpacked.exe SUCCESS AllocationSize: 61,440, EndOfFile: 58,880, NumberOfLinks:
  275. 2:48:03.1080485
  276. PM unpacked.exe3456ReadFile C:\Users\hackbox\Music\unpacked\unpacked.exe SUCCESS Offset: 0, Length: 64, Priority: Normal
  277. 2:48:03.1080705
  278. PM unpacked.exe3456ReadFile C:\Users\hackbox\Music\unpacked\unpacked.exe SUCCESS Offset: 208, Length: 248, Priority: Normal
  279. 2:48:03.1080794
  280.  
  281. PM
  282. 2:48:03.1080867unpacked.exe3456ReadFile C:\Users\hackbox\Music\unpacked\unpacked.exe SUCCESS Offset: 456, Length: 40, Priority: Normal
  283. PM unpacked.exe3456ReadFile C:\Users\hackbox\Music\unpacked\unpacked.exe SUCCESS Offset: 496, Length: 40, Priority: Normal
  284. 2:48:03.1081021
  285. PM unpacked.exe3456ReadFile C:\Users\hackbox\Music\unpacked\unpacked.exe SUCCESS Offset: 536, Length: 40, Priority: Normal
  286. 2:48:03.1081091
  287. PM unpacked.exe3456ReadFile C:\Users\hackbox\Music\unpacked\unpacked.exe SUCCESS Offset: 576, Length: 40, Priority: Normal
  288. 2:48:03.1081378
  289. PM unpacked.exe3456ReadFile C:\Users\hackbox\Music\unpacked\unpacked.exe SUCCESS Offset: 0, Length: 58,880, Priority: Normal
  290. 2:48:03.1081594
  291. PM unpacked.exe3456CloseFile C:\Users\hackbox\Music\unpacked\unpacked.exe SUCCESS
  292. 2:48:03.1082840 Desired Access: Generic Write, Read Attributes, Disposition
  293. PM unpacked.exe3456CreateFile C:\Users\hackbox\phkzamed.exe SUCCESS Directory File, Attributes: N, ShareMode: None, AllocationSi
  294. 2:48:03.1085662 Desired Access: Write Attributes, Synchronize, Disposition:
  295. PM unpacked.exe3456CreateFile C:\Users\hackbox\phkzamed.exe SUCCESS Point, Attributes: n/a, ShareMode: Read, Write, Delete, Alloc
  296. 2:48:03.1086371 CreationTime: 1/1/1601 5:30:00 AM, LastAccessTime: 1/1/1
  297. PM unpacked.exe3456SetBasicInformationFile C:\Users\hackbox\phkzamed.exe SUCCESS ChangeTime: 1/1/1601 5:30:00 AM, FileAttributes: HN
  298. 2:48:03.1086656
  299. PM unpacked.exe3456CloseFile C:\Users\hackbox\phkzamed.exe SUCCESS
  300. Desired Access:
  301. Synchronize, Disposition:
  302. Open, Options: Directory,
  303. Synchronous IO Non-
  304. Alert, Open For Free
  305. Space Query, Attributes:
  306. n/a, ShareMode: Read,
  307. 2:48:03.1086951 Write, AllocationSize: n/a,
  308. PM unpacked.exe3456CreateFile C:",SUCCESS" OpenResult: Opened
  309. TotalAllocationUnits:
  310. 5,452,543,
  311. AvailableAllocationUnits:
  312. 3,002,704,
  313. 2:48:03.1087225 SectorsPerAllocationUnit:
  314. PM unpacked.exe3456QuerySizeInformationVolume C:",SUCCESS" 8, BytesPerSector: 512
  315. 2:48:03.1087289
  316. PM unpacked.exe3456CloseFile C:",SUCCESS"
  317. 2:48:03.1087595
  318. PM unpacked.exe3456WriteFile C:\Users\hackbox\phkzamed.exe SUCCESS Offset: 0, Length: 55,296, Priority: Normal
  319. 2:48:03.1088506
  320. PM unpacked.exe3456WriteFile C:\Users\hackbox\phkzamed.exe SUCCESS Offset: 55,296, Length: 3,584, Priority: Normal
  321. 2:48:03.1088754
  322. PM unpacked.exe3456WriteFile C:\Users\hackbox\phkzamed.exe SUCCESS Offset: 58,880, Length: 3,584
  323. 2:48:03.1088861
  324. PM unpacked.exe3456WriteFile C:\Users\hackbox\phkzamed.exe SUCCESS Offset: 62,464, Length: 3,584, Priority: Normal
  325. 2:48:03.1089058
  326. PM unpacked.exe3456WriteFile C:\Users\hackbox\phkzamed.exe SUCCESS Offset: 66,048, Length: 3,584
  327. 2:48:03.1089102
  328. PM unpacked.exe3456WriteFile C:\Users\hackbox\phkzamed.exe SUCCESS Offset: 69,632, Length: 3,584
  329. 2:48:03.1089144
  330. PM unpacked.exe3456WriteFile C:\Users\hackbox\phkzamed.exe SUCCESS Offset: 73,216, Length: 3,584
  331. 2:48:03.1089193
  332. PM unpacked.exe3456WriteFile C:\Users\hackbox\phkzamed.exe SUCCESS Offset: 76,800, Length: 3,584
  333. 2:48:03.1089268
  334. PM unpacked.exe3456WriteFile C:\Users\hackbox\phkzamed.exe SUCCESS Offset: 80,384, Length: 3,584, Priority: Normal
  335. 2:48:03.1089453
  336. PM unpacked.exe3456WriteFile C:\Users\hackbox\phkzamed.exe SUCCESS Offset: 83,968, Length: 3,584
  337. 2:48:03.1089515
  338. PM unpacked.exe3456WriteFile C:\Users\hackbox\phkzamed.exe SUCCESS Offset: 87,552, Length: 3,584
  339. 2:48:03.1089562
  340. PM unpacked.exe3456WriteFile C:\Users\hackbox\phkzamed.exe SUCCESS Offset: 91,136, Length: 3,584
  341. 2:48:03.1089611
  342. PM unpacked.exe3456WriteFile C:\Users\hackbox\phkzamed.exe SUCCESS Offset: 94,720, Length: 3,584
  343. 2:48:03.1089652
  344. PM unpacked.exe3456WriteFile C:\Users\hackbox\phkzamed.exe SUCCESS Offset: 98,304, Length: 3,584
  345. 2:48:03.1089709
  346. PM unpacked.exe3456WriteFile C:\Users\hackbox\phkzamed.exe SUCCESS Offset: 101,888, Length: 3,584
  347. 2:48:03.1089858
  348. PM unpacked.exe3456WriteFile C:\Users\hackbox\phkzamed.exe SUCCESS Offset: 105,472, Length: 3,584
  349. 2:48:03.1089927
  350. PM unpacked.exe3456WriteFile C:\Users\hackbox\phkzamed.exe SUCCESS Offset: 109,056, Length: 3,584
  351.  
  352. 2:48:03.1089984unpacked.exe3456WriteFile C:\Users\hackbox\phkzamed.exe SUCCESS Offset: 112,640, Length: 3,584
  353. PM
  354. 2:48:03.1090034
  355. PM unpacked.exe3456WriteFile C:\Users\hackbox\phkzamed.exe SUCCESS Offset: 116,224, Length: 3,584
  356. 2:48:03.1090082
  357. PM unpacked.exe3456WriteFile C:\Users\hackbox\phkzamed.exe SUCCESS Offset: 119,808, Length: 3,584
  358. 2:48:03.1090130
  359. PM unpacked.exe3456WriteFile C:\Users\hackbox\phkzamed.exe SUCCESS Offset: 123,392, Length: 3,584
  360. 2:48:03.1090169
  361. PM unpacked.exe3456WriteFile C:\Users\hackbox\phkzamed.exe SUCCESS Offset: 126,976, Length: 3,584
  362. 2:48:03.1090238
  363. PM unpacked.exe3456WriteFile C:\Users\hackbox\phkzamed.exe SUCCESS Offset: 130,560, Length: 3,584, Priority: Normal
  364. 2:48:03.1090441
  365. PM unpacked.exe3456WriteFile C:\Users\hackbox\phkzamed.exe SUCCESS Offset: 134,144, Length: 3,584
  366. 2:48:03.1090496
  367. PM unpacked.exe3456WriteFile C:\Users\hackbox\phkzamed.exe SUCCESS Offset: 137,728, Length: 3,584
  368. 2:48:03.1090552
  369. PM unpacked.exe3456WriteFile C:\Users\hackbox\phkzamed.exe SUCCESS Offset: 141,312, Length: 3,584
  370. 2:48:03.1090626
  371. PM unpacked.exe3456WriteFile C:\Users\hackbox\phkzamed.exe SUCCESS Offset: 144,896, Length: 3,584
  372. 2:48:03.1090679
  373. PM unpacked.exe3456WriteFile C:\Users\hackbox\phkzamed.exe SUCCESS Offset: 148,480, Length: 3,584
  374. 2:48:03.1090725
  375. PM unpacked.exe3456WriteFile C:\Users\hackbox\phkzamed.exe SUCCESS Offset: 152,064, Length: 3,584
  376. 2:48:03.1090766
  377. PM unpacked.exe3456WriteFile C:\Users\hackbox\phkzamed.exe SUCCESS Offset: 155,648, Length: 3,584
  378. 2:48:03.1090808
  379. PM unpacked.exe3456WriteFile C:\Users\hackbox\phkzamed.exe SUCCESS Offset: 159,232, Length: 3,584
  380. 2:48:03.1090855
  381. PM unpacked.exe3456WriteFile C:\Users\hackbox\phkzamed.exe SUCCESS Offset: 162,816, Length: 3,584
  382. 2:48:03.1090924
  383. PM unpacked.exe3456WriteFile C:\Users\hackbox\phkzamed.exe SUCCESS Offset: 166,400, Length: 3,584
  384. 2:48:03.1090977
  385. PM unpacked.exe3456WriteFile C:\Users\hackbox\phkzamed.exe SUCCESS Offset: 169,984, Length: 3,584
  386. 2:48:03.1091025
  387. PM unpacked.exe3456WriteFile C:\Users\hackbox\phkzamed.exe SUCCESS Offset: 173,568, Length: 3,584
  388. 2:48:03.1091071
  389. PM unpacked.exe3456WriteFile C:\Users\hackbox\phkzamed.exe SUCCESS Offset: 177,152, Length: 3,584
  390. 2:48:03.1091116
  391. PM unpacked.exe3456WriteFile C:\Users\hackbox\phkzamed.exe SUCCESS Offset: 180,736, Length: 3,584
  392. 2:48:03.1091154
  393. PM unpacked.exe3456WriteFile C:\Users\hackbox\phkzamed.exe SUCCESS Offset: 184,320, Length: 3,584
  394. 2:48:03.1091195
  395. PM unpacked.exe3456WriteFile C:\Users\hackbox\phkzamed.exe SUCCESS Offset: 187,904, Length: 3,584
  396. 2:48:03.1091244
  397. PM unpacked.exe3456WriteFile C:\Users\hackbox\phkzamed.exe SUCCESS Offset: 191,488, Length: 3,584
  398. 2:48:03.1091353
  399. PM unpacked.exe3456WriteFile C:\Users\hackbox\phkzamed.exe SUCCESS Offset: 195,072, Length: 3,584, Priority: Normal
  400. 2:48:03.1091562
  401. PM unpacked.exe3456WriteFile C:\Users\hackbox\phkzamed.exe SUCCESS Offset: 198,656, Length: 3,584
  402. 2:48:03.1091614
  403. PM unpacked.exe3456WriteFile C:\Users\hackbox\phkzamed.exe SUCCESS Offset: 202,240, Length: 3,584
  404. 2:48:03.1091663
  405. PM unpacked.exe3456WriteFile C:\Users\hackbox\phkzamed.exe SUCCESS Offset: 205,824, Length: 3,584
  406. 2:48:03.1091709
  407. PM unpacked.exe3456WriteFile C:\Users\hackbox\phkzamed.exe SUCCESS Offset: 209,408, Length: 3,584
  408. 2:48:03.1091748
  409. PM unpacked.exe3456WriteFile C:\Users\hackbox\phkzamed.exe SUCCESS Offset: 212,992, Length: 3,584
  410. 2:48:03.1091791
  411. PM unpacked.exe3456WriteFile C:\Users\hackbox\phkzamed.exe SUCCESS Offset: 216,576, Length: 3,584
  412. 2:48:03.1091839
  413. PM unpacked.exe3456WriteFile C:\Users\hackbox\phkzamed.exe SUCCESS Offset: 220,160, Length: 3,584
  414. 2:48:03.1091902
  415. PM unpacked.exe3456WriteFile C:\Users\hackbox\phkzamed.exe SUCCESS Offset: 223,744, Length: 3,584
  416.  
  417. 2:48:03.1169408unpacked.exe3456WriteFile C:\Users\hackbox\phkzamed.exe SUCCESS Offset: 3,442,176, Length: 3,584
  418. PM unpacked.exe3456WriteFile C:\Users\hackbox\phkzamed.exe SUCCESS Offset: 3,445,760, Length: 3,584
  419. 2:48:03.1169453
  420. PM unpacked.exe3456WriteFile C:\Users\hackbox\phkzamed.exe SUCCESS Offset: 3,449,344, Length: 3,584
  421. 2:48:03.1169494
  422. PM unpacked.exe3456WriteFile C:\Users\hackbox\phkzamed.exe SUCCESS Offset: 3,452,928, Length: 3,584
  423. 2:48:03.1169537
  424. PM unpacked.exe3456WriteFile C:\Users\hackbox\phkzamed.exe SUCCESS Offset: 3,456,512, Length: 3,584
  425. 2:48:03.1169586
  426. PM unpacked.exe3456WriteFile C:\Users\hackbox\phkzamed.exe SUCCESS Offset: 3,460,096, Length: 3,584
  427. 2:48:03.1169633
  428. PM unpacked.exe3456WriteFile C:\Users\hackbox\phkzamed.exe SUCCESS Offset: 3,463,680, Length: 3,584
  429. 2:48:03.1169680
  430. PM unpacked.exe3456WriteFile C:\Users\hackbox\phkzamed.exe SUCCESS Offset: 3,467,264, Length: 3,584
  431. 2:48:03.1169758
  432. PM unpacked.exe3456WriteFile C:\Users\hackbox\phkzamed.exe SUCCESS Offset: 3,470,848, Length: 3,584, Priority: Normal
  433. 2:48:03.1170086
  434. PM unpacked.exe3456WriteFile C:\Users\hackbox\phkzamed.exe SUCCESS Offset: 3,474,432, Length: 3,584
  435. 2:48:03.1170135
  436. PM unpacked.exe3456WriteFile C:\Users\hackbox\phkzamed.exe SUCCESS Offset: 3,478,016, Length: 3,584
  437. 2:48:03.1170174
  438. PM unpacked.exe3456WriteFile C:\Users\hackbox\phkzamed.exe SUCCESS Offset: 3,481,600, Length: 3,584
  439. 2:48:03.1170232
  440. PM unpacked.exe3456WriteFile C:\Users\hackbox\phkzamed.exe SUCCESS Offset: 3,485,184, Length: 3,584
  441. 2:48:03.1170301
  442. PM unpacked.exe3456WriteFile C:\Users\hackbox\phkzamed.exe SUCCESS Offset: 3,488,768, Length: 3,584
  443. 2:48:03.1170446
  444. PM unpacked.exe3456WriteFile C:\Users\hackbox\phkzamed.exe SUCCESS Offset: 3,492,352, Length: 3,584
  445. 2:48:03.1170502
  446. PM unpacked.exe3456WriteFile C:\Users\hackbox\phkzamed.exe SUCCESS Offset: 3,495,936, Length: 3,584
  447. 2:48:03.1170874
  448. PM unpacked.exe3456WriteFile C:\Users\hackbox\phkzamed.exe SUCCESS Offset: 3,499,520, Length: 3,584
  449. 2:48:03.1170931
  450. PM unpacked.exe3456WriteFile C:\Users\hackbox\phkzamed.exe SUCCESS Offset: 3,503,104, Length: 3,584
  451. 2:48:03.1170981
  452. PM unpacked.exe3456WriteFile C:\Users\hackbox\phkzamed.exe SUCCESS Offset: 3,506,688, Length: 3,584
  453. 2:48:03.1171023
  454. PM unpacked.exe3456WriteFile C:\Users\hackbox\phkzamed.exe SUCCESS Offset: 3,510,272, Length: 3,584
  455. 2:48:03.1171066
  456. PM unpacked.exe3456WriteFile C:\Users\hackbox\phkzamed.exe SUCCESS Offset: 3,513,856, Length: 3,584
  457. 2:48:03.1171111
  458. PM unpacked.exe3456WriteFile C:\Users\hackbox\phkzamed.exe SUCCESS Offset: 3,517,440, Length: 3,584
  459. 2:48:03.1171157
  460. PM unpacked.exe3456WriteFile C:\Users\hackbox\phkzamed.exe SUCCESS Offset: 3,521,024, Length: 3,584
  461. 2:48:03.1171219
  462. PM unpacked.exe3456WriteFile C:\Users\hackbox\phkzamed.exe SUCCESS Offset: 3,524,608, Length: 3,584
  463. 2:48:03.1171266
  464. PM unpacked.exe3456WriteFile C:\Users\hackbox\phkzamed.exe SUCCESS Offset: 3,528,192, Length: 3,584
  465. 2:48:03.1171311
  466. PM unpacked.exe3456WriteFile C:\Users\hackbox\phkzamed.exe SUCCESS Offset: 3,531,776, Length: 3,584
  467. 2:48:03.1171365
  468. PM unpacked.exe3456WriteFile C:\Users\hackbox\phkzamed.exe SUCCESS Offset: 3,535,360, Length: 3,584
  469. 2:48:03.1171435
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!