Scribd
Upload
40 views

String Hacker Process2

Uploaded by

Nguyễn Quân
Copyright
© © All Rights Reserved
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
40 views

String Hacker Process2

Uploaded by

Nguyễn Quân
Copyright
© © All Rights Reserved
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 19

Process Hacker 2.39.

124
Windows NT 10.0 (64-bit)
11/11/2024 7:48:06 AM

0x7ffe0030 (20): d:\Windows


0xa1ebf80324 (192): ! "!#"$#%$&%'&(')(*)+*,+-,.-/.0/102132435465768798:9;:<;=<>=?
>@?A@EAIBMCQDUEYF]GaHeIiJmKqLuMyN}O
0xa1ec0b0324 (192): ! "!#"$#%$&%'&(')(*)+*,+-,.-/.0/102132435465768798:9;:<;=<>=?
>@?A@EAIBMCQDUEYF]GaHeIiJmKqLuMyN}O
0xa1ec100860 (60): ALLUSERSPROFILE=C:\ProgramData
0xa1ec10089e (74): APPDATA=C:\Users\quan\AppData\Roaming
0xa1ec1008ea (68): BuildLab=10240.th1_st1.170427-1347
0xa1ec100930 (102): BuildLabEx=10240.17394.amd64fre.th1_st1.170427-1347
0xa1ec100998 (96): CommonProgramFiles=C:\Program Files\Common Files
0xa1ec1009fa (118): CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files
0xa1ec100a72 (96): CommonProgramW6432=C:\Program Files\Common Files
0xa1ec100ad4 (56): COMPUTERNAME=DESKTOP-SH8VOCG
0xa1ec100b0e (70): ComSpec=C:\Windows\system32\cmd.exe
0xa1ec100b56 (24): HOMEDRIVE=C:
0xa1ec100b70 (40): HOMEPATH=\Users\quan
0xa1ec100b9a (80): LOCALAPPDATA=C:\Users\quan\AppData\Local
0xa1ec100bec (58): LOGONSERVER=\\DESKTOP-SH8VOCG
0xa1ec100c28 (44): NUMBER_OF_PROCESSORS=2
0xa1ec100c56 (62): OneDrive=C:\Users\quan\OneDrive
0xa1ec100c96 (26): OS=Windows_NT
0xa1ec100cb2 (268): Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\
Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Graphviz\bin
0xa1ec100dc0 (122): PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
0xa1ec100e3c (56): PROCESSOR_ARCHITECTURE=AMD64
0xa1ec100e76 (144): PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 140 Stepping 1,
GenuineIntel
0xa1ec100f08 (34): PROCESSOR_LEVEL=6
0xa1ec100f2c (46): PROCESSOR_REVISION=8c01
0xa1ec100f5c (52): ProgramData=C:\ProgramData
0xa1ec100f92 (58): ProgramFiles=C:\Program Files
0xa1ec100fce (80): ProgramFiles(x86)=C:\Program Files (x86)
0xa1ec101020 (58): ProgramW6432=C:\Program Files
0xa1ec10105c (128): PSModulePath=C:\Windows\system32\WindowsPowerShell\v1.0\
Modules\
0xa1ec1010de (44): PUBLIC=C:\Users\Public
0xa1ec10110c (28): SystemDrive=C:
0xa1ec10112a (42): SystemRoot=C:\Windows
0xa1ec101156 (74): TEMP=C:\Users\quan\AppData\Local\Temp
0xa1ec1011a2 (72): TMP=C:\Users\quan\AppData\Local\Temp
0xa1ec1011ec (52): USERDOMAIN=DESKTOP-SH8VOCG
0xa1ec101222 (82): USERDOMAIN_ROAMINGPROFILE=DESKTOP-SH8VOCG
0xa1ec101276 (26): USERNAME=quan
0xa1ec101292 (50): USERPROFILE=C:\Users\quan
0xa1ec1012c6 (34): windir=C:\Windows
0xa1ec101710 (20): C:\Windows
0xa1ec101918 (70): \??\C:\Windows\system32\conhost.exe
0xa1ec101960 (78): \??\C:\Windows\system32\conhost.exe 0x4
0xa1ec1019b0 (30): ffffff -ForceV1
0xa1ec1019d2 (30): WinSta0\Default
0xa1ec101a00 (58): C:\Windows\SYSTEM32\ntdll.dll
0xa1ec101a50 (38): C:\Windows\system32
0xa1ec101a90 (100): C:\Windows\SYSTEM32\;C:\Windows\system;C:\Windows;
0xa1ec101e30 (22): C:\Windows\
0xa1ec102280 (64): C:\Windows\system32\KERNEL32.DLL
0xa1ec102740 (68): C:\Windows\system32\KERNELBASE.dll
0xa1ec1027b0 (66): \Sessions\1\Windows\ApiPortection
0xa1ec102800 (39): \??\C:\Windows\system32\conhost.exe 0x4
0xa1ec103840 (54): C:\Windows\System32\cmd.exe
0xa1ec1039b0 (60): C:\Windows\system32\msvcrt.dll
0xa1ec103a10 (28): Lucida Console
0xa1ec103a70 (38): C:\Windows\SYSTEM32
0xa1ec104278 (22): MSCTFIME UI
0xa1ec104b68 (104): \Device\HarddiskVolume4\Windows\System32\conhost.exe
0xa1ec104d78 (58): C:\Program Files\Common Files
0xa1ec104db4 (56): COMPUTERNAME=DESKTOP-SH8VOCG
0xa1ec104dee (70): ComSpec=C:\Windows\system32\cmd.exe
0xa1ec104e36 (24): HOMEDRIVE=C:
0xa1ec104e50 (40): HOMEPATH=\Users\quan
0xa1ec104e7a (80): LOCALAPPDATA=C:\Users\quan\AppData\Local
0xa1ec104ecc (58): LOGONSERVER=\\DESKTOP-SH8VOCG
0xa1ec104f08 (44): NUMBER_OF_PROCESSORS=2
0xa1ec104f36 (62): OneDrive=C:\Users\quan\OneDrive
0xa1ec104f76 (26): OS=Windows_NT
0xa1ec104f92 (38): Path=C:\Windows\sys
0xa1ec105240 (66): C:\Windows\SYSTEM32\ConhostV2.dll
0xa1ec1056b0 (20): sr-Latn-CS
0xa1ec1056c6 (20): sr-Latn-RS
0xa1ec10573e (26): qps-Latn-x-sh
0xa1ec105f00 (62): C:\Windows\system32\combase.dll
0xa1ec105fe8 (32): C:\Windows\SYSTE
0xa1ec106010 (36): kernel.appcore.dll
0xa1ec1062b0 (60): C:\Windows\system32\RPCRT4.dll
0xa1ec106650 (60): C:\Windows\system32\USER32.dll
0xa1ec106a20 (58): C:\Windows\system32\GDI32.dll
0xa1ec106df0 (58): C:\Windows\system32\ole32.dll
0xa1ec107140 (22): sechost.dll
0xa1ec1072e0 (62): C:\Windows\system32\sechost.dll
0xa1ec10a590 (78): C:\Windows\system32\windows.storage.dll
0xa1ec10a710 (76): C:\Windows\system32\kernel.appcore.dll
0xa1ec10ac90 (58): C:\Windows\system32\IMM32.dll
0xa1ec10ad78 (20): WINSTA.dll
0xa1ec10adb0 (54): NT Authority\NetworkService
0xa1ec10adf0 (52): NT AUTHORITY\LOCAL SERVICE
0xa1ec10afe0 (64): C:\Windows\system32\powrprof.dll
0xa1ec10b030 (62): C:\Windows\system32\SHELL32.dll
0xa1ec10b210 (58): C:\Windows\system32\MSCTF.dll
0xa1ec10b260 (60): C:\Windows\system32\shcore.dll
0xa1ec10b440 (62): C:\Windows\system32\conhost.exe
0xa1ec10b4e0 (62): C:\Windows\system32\shlwapi.dll
0xa1ec10b530 (62): C:\Windows\system32\profapi.dll
0xa1ec10b580 (62): C:\Windows\SYSTEM32\PROPSYS.dll
0xa1ec10b6c0 (64): C:\Windows\system32\advapi32.dll
0xa1ec10b710 (64): C:\Windows\system32\OLEAUT32.dll
0xa1ec10baf0 (402): C:\Windows\system32;.;C:\Windows\SYSTEM32\;C:\Windows\
system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\
Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Graphviz\bin
0xa1ec10da90 (402): C:\Windows\system32;C:\Windows\SYSTEM32\;C:\Windows\system;C:\
Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\
System32\WindowsPowerShell\v1.0\;C:\Program Files\Graphviz\bin
0xa1ec1115d0 (122): C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll
0xa1ec111668 (26): SysListView32
0xa1ec1116e0 (190): !"#$%&'()*+,-./0123456789:;<=>?
@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
0xa1ec111afc (512):
```````````````````````````````````````````````````````````````````````````````````
```````````````````````````````````````````````````````````````````````````````````
```````````````````````````````````````````````````````````````````````````````````
```````
0xa1ec11a61c (516):
ppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
ppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
ppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
ppppppp``
0xa1ec11b3dc (512):
PPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPP
PPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPP
PPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPP
PPPPPPP
0xa1ec11b69c (512):
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@@@@@@@
0xa1ec11c0b0 (38): C:\Windows\rescache
0xa1ec11d4e0 (62): C:\Windows\system32\clbcatq.dll
0xa1ec11d5d0 (62): C:\Windows\System32\USERENV.dll
0xa1ec11d670 (62): C:\Windows\system32\uxtheme.dll
0xa1ec11d710 (60): C:\Windows\system32\dwmapi.dll
0xa1ec11d990 (60): C:\Windows\SYSTEM32\bcrypt.dll
0xa1ec11da30 (58): %SystemRoot%\System32\cmd.exe
0xa1ec11dbc0 (62): C:\Windows\SYSTEM32\cryptsp.dll
0xa1ec11dcb0 (68): UIAutomation8 Client Central Class
0xa1ec11e020 (66): C:\Windows\system32\CRYPTBASE.dll
0xa1ec11e070 (60): C:\Windows\system32\rsaenh.dll
0xa1ec11e110 (60): C:\Windows\SYSTEM32\WINSTA.dll
0xa1ec11e200 (62): OLEDDBF4473638163077DCFC8C9CF20
0xa1ec11e2a0 (64): C:\Windows\SYSTEM32\wtsapi32.dll
0xa1ec11e5f0 (226): C:\Windows\WinSxS\amd64_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.10240.17184_none_f41d7a705752bce6\
0xa1ec11e6e0 (250): C:\Windows\WinSxS\amd64_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.10240.17184_none_f41d7a705752bce6\comctl32.DLL
0xa1ec121026 (30): DESKTOP-SH8VOCG
0xa1ec121048 (30): 192.168.134.171
0xa1ec12106a (72): 2001:0:2851:782c:14bc:72e6:d589:2fe8
0xa1ec1210f6 (30): DESKTOP-SH8VOCG
0xa1ec121118 (30): 192.168.134.171
0xa1ec12113a (72): 2001:0:2851:782c:3424:20f1:d589:2fe8
0xa1ec1211c6 (30): DESKTOP-SH8VOCG
0xa1ec1211e8 (30): 192.168.134.171
0xa1ec12120a (72): 2001:0:2851:782c:38a2:72f5:d589:2fe8
0xa1ec121296 (30): DESKTOP-SH8VOCG
0xa1ec1212b8 (30): 192.168.134.171
0xa1ec1212da (72): 2001:0:2851:782c:38a2:72f5:d589:2fe8
0xa1ec121366 (30): DESKTOP-SH8VOCG
0xa1ec121388 (30): 192.168.134.171
0xa1ec1213aa (72): 2001:0:2851:782c:2cd3:b2f2:d589:2fe8
0xa1ec121506 (30): DESKTOP-SH8VOCG
0xa1ec121528 (30): 192.168.134.171
0xa1ec12154a (72): 2001:0:2851:782c:1492:20f0:d589:2fe8
0xa1ec1216a6 (30): DESKTOP-SH8VOCG
0xa1ec1216c8 (30): 192.168.134.171
0xa1ec1216ea (72): 2001:0:2851:782c:38c0:2127:d589:2fe8
0xa1ec121776 (30): DESKTOP-SH8VOCG
0xa1ec121798 (30): 192.168.134.171
0xa1ec1217ba (72): 2001:0:2851:782c:18b9:2f3e:d589:2fe8
0xa1ec121916 (30): DESKTOP-SH8VOCG
0xa1ec121938 (30): 192.168.134.171
0xa1ec12195a (72): 2001:0:2851:782c:1c83:2342:d589:2fe8
0xa1ec1219e6 (30): DESKTOP-SH8VOCG
0xa1ec121a08 (30): 192.168.134.171
0xa1ec121a2a (72): 2001:0:2851:782c:18c0:2f4b:d589:2fe8
0xa1ec121ab6 (30): DESKTOP-SH8VOCG
0xa1ec121ad8 (30): 192.168.134.171
0xa1ec121afa (72): 2001:0:2851:782c:2454:234d:d589:2fe8
0xa1ec121b86 (30): DESKTOP-SH8VOCG
0xa1ec121ba8 (30): 192.168.134.171
0xa1ec121bca (72): 2001:0:2851:782c:1c83:2342:d589:2fe8
0xa1ec121d26 (30): DESKTOP-SH8VOCG
0xa1ec121d48 (30): 192.168.134.171
0xa1ec121d6a (72): 2001:0:2851:782c:18c0:2f4b:d589:2fe8
0xa1ec121df6 (30): DESKTOP-SH8VOCG
0xa1ec121e18 (30): 192.168.134.171
0xa1ec121e3a (72): 2001:0:2851:782c:2cd3:b2f2:d589:2fe8
0xa1ec121ec6 (30): DESKTOP-SH8VOCG
0xa1ec121ee8 (30): 192.168.134.171
0xa1ec121f0a (72): 2001:0:2851:782c:38c0:2127:d589:2fe8
0xa1ec1222c4 (26): Consolas Bold
0xa1ec122384 (32): Central European
0xa1ec12268c (26): Consolas Bold
0xa1ec12274c (20): Vietnamese
0xa1ec123000 (40): Consolas Bold Italic
0xa1ec123080 (22): Bold Italic
0xa1ec1230c0 (32): Central European
0xa1ec1231e4 (40): Consolas Bold Italic
0xa1ec123264 (22): Bold Italic
0xa1ec123448 (22): Bold Italic
0xa1ec123488 (20): Vietnamese
0xa1ec123734 (20): devlicense
0xa1ec123790 (30): Consolas Italic
0xa1ec123974 (30): Consolas Italic
0xa1ec1a0260 (80): C:\Windows\System32\UIAutomationCore.dll
0xa1ec1a0320 (72): Security=Impersonation Dynamic False
0xa1ec1a044c (40): DESKTOP-SH8VOCG\quan
0xa1ec1a0500 (80): C:\Windows\System32\uiautomationcore.dll
0xa1ec1a0b00 (80): C:\Windows\SYSTEM32\bcryptPrimitives.dll
0xa1ec1a0b80 (40): C:\Windows\System32\
0xa1ec1a0d40 (80): C:\Windows\System32\uiautomationcore.dll
0xa1ec1a0da0 (80): C:\Windows\System32\uiautomationcore.dll
0xa1ec1a0fe0 (72): Security=Impersonation Dynamic False
0xa1ec1a1470 (30): DESKTOP-SH8VOCG
0xa1ec1a1800 (30): DESKTOP-SH8VOCG
0xa1ec1a1890 (38): NT AUTHORITY\SYSTEM
0xa1ec1a1988 (22): richedit20w
0xa1ec1a2010 (54): MSCTFIME::Function Provider
0xa1ec1a4738 (16): qqqqqqqqqqqqqqqq
0xa1ec1a4bb2 (30): DESKTOP-SH8VOCG
0xa1ec1a4bd4 (30): 192.168.134.171
0xa1ec1a4d60 (24): NegoExtender
0xa1ec1a516c (84): OWSER_APP_PROFILE_STRING=Internet Explorer
0xa1ec1a51c2 (78): FPS_BROWSER_USER_PROFILE_STRING=Default
0xa1ec1a5212 (24): HOMEDRIVE=C:
0xa1ec1a522c (40): HOMEPATH=\Users\quan
0xa1ec1a5256 (184): LOCALAPPDATA=C:\Users\quan\AppData\Local\Packages\
microsoft.windows.cortana_cw5n1h2txyewy\AC
0xa1ec1a6570 (24): ral European
0xa1ec1a6930 (20): Vietnamese
0xa1ec1a6a54 (26): Consolas Bold
0xa1ec1a7790 (40): Consolas Bold Italic
0xa1ec1a7810 (22): Bold Italic
0xa1ec1a7f20 (40): Consolas Bold Italic
0xa1ec1a7fa0 (22): Bold Italic
0xa1ec1a7fe0 (32): Central European
0xa1ec1a8104 (40): Consolas Bold Italic
0xa1ec1a8184 (22): Bold Italic
0xa1ec1a8368 (22): Bold Italic
0xa1ec1a83a8 (20): Vietnamese
0xa1ec1a84cc (30): Consolas Italic
0xa1ec1a86b0 (30): Consolas Italic
0xa1ec1a8894 (30): Consolas Italic
0xa1ec1a8a78 (30): Consolas Italic
0xa1ec1a8c5c (30): Consolas Italic
0xa1ec1a8d1c (32): Central European
0xa1ec1a8e40 (30): Consolas Italic
0xa1ec1a9024 (30): Consolas Italic
0xa1ec1a90e4 (20): Vietnamese
0xa1ec1a920c (164): -./0123456789:;<=>?
@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
0xa1ec1b1298 (22): .richedit20
0xa1ec1b12c8 (22): RichEdit60W
0xa1ec1b1328 (22): RichEdit50W
0xa1ec1b1358 (22): richedit50w
0xa1ec1b1388 (22): RichEdit20W
0xa1ec1b13b8 (22): .RichEdit20
0xa1ec1b13e8 (22): richedit60w
0xa1ec1b23b0 (88): CLSID\{E22AD333-B25F-460C-83D0-0581107395C9}
0xa1ec1b43d4 (20): ows;.;C:\W
0xa1ec1b61c0 (258): C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\
Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Graphviz\bin
0xa1ec1b63e8 (58): Local\1DefaultTIPSharedMemory
0xa1ec1b6424 (26): onCoreRes.dll
0xa1ec1b8fe8 (26): syslistview32
0xa1ec1b9068 (26): SysListView32
0xa1ec1b9780 (30): DESKTOP-SH8VOCG
0xa1ec1b9938 (26): AfxControlBar
0xa1ec1b9970 (54): NT Authority\NetworkService
0xa1ec1b99b0 (54): NT Authority\NetworkService
0xa1ec1b9a30 (54): NT Authority\NetworkService
0xa1ec1b9ab8 (24): comboboxex32
0xa1ec1b9af8 (32): shelldll_defview
0xa1ec1b9df8 (26): richedit20wpt
0xa1ec1b9eb8 (26): SysTreeView32
0xa1ec1ba038 (26): syslistview32
0xa1ec1ba0f8 (32): SHELLDLL_DefView
0xa1ec1ba138 (26): systreeview32
0xa1ec1ba170 (54): NT Authority\NetworkService
0xa1ec1ba1b0 (24): NegoExtender
0xa1ec1ba278 (26): RichEdit20WPT
0xa1ec1ba478 (26): afxcontrolbar
0xa1ec1ba4b8 (24): ComboBoxEx32
0xa1ec1ba4f0 (54): NT Authority\NetworkService
0xa1ec1baa40 (39): Microsoft Strong Cryptographic Provider
0xa1ec1bad40 (30): WinSta0\Default
0xa1ec1bb0d8 (22): RichEdit20A
0xa1ec1bb108 (22): richedit20a
0xa1ec1bb230 (88): CLSID\{8613E14C-D0C0-4161-AC0F-1DD2563286BC}
0xa1ec1bc9dc (20): devlicense
0xa1ec1bcb30 (86): -+ncalrpc:[OLEDDBF4473638163077DCFC8C9CF20]
0xa1ec1bcba4 (40): DESKTOP-SH8VOCG\quan
0xa1ec1be1e8 (20): bcrypt.dll
0xa1ec1bea5c (32): C:\Windows\SYSTE
0xa1ec1bf3a0 (86): -+ncalrpc:[OLEDDBF4473638163077DCFC8C9CF20]
0xa1ec1bf760 (140): SUCCESS: The process "WinDump.exe" with PID 5536 has been
terminated.

0xa1ec1bfc30 (38): C:\Windows\SYSTEM32


0xa1ec1c4dd0 (86): -+ncalrpc:[OLEDDBF4473638163077DCFC8C9CF20]
0xa1ec1c4e44 (40): DESKTOP-SH8VOCG\quan
0xa1ec1c6102 (30): DESKTOP-SH8VOCG
0xa1ec1c6124 (30): 192.168.134.171
0xa1ec1c6146 (72): 2001:0:2851:782c:3c47:2ef4:d589:2fe8
0xa1ec1c7618 (16): qqqqqqqqqqqqqqqq
0xa1ec1c8f50 (54): C:\Windows\SYSTEM32\sxs.dll
0xa1ec1c8fd8 (32): shelldll_defview
0xa1ec1cf810 (122): C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll
0xa1ec1d01a0 (122): C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll
0xa1ec1d0590 (122): C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll
0xa1ec1d0620 (126): Logs Saved - C:\Users\quan\Downloads\logs\2024-11-11_06-05-51

0xa1ec1d1028 (16): qqqqqqqqqqqqqqqq


0xa1ec1d14f8 (22): RichEdit60W
0xa1ec1d1528 (22): .RichEdit20
0xa1ec1d1588 (22): RichEdit50W
0xa1ec1d16d8 (22): richedit20a
0xa1ec1d1858 (22): .richedit20
0xa1ec1d18e8 (22): RichEdit20W
0xa1ec1d1978 (22): RichEdit20A
0xa1ec1d19d0 (26): PSOAInterface
0xa1ec1d1a98 (22): richedit50w
0xa1ec1d1af8 (22): richedit60w
0xa1ec1d1b28 (22): richedit20w
0xa1ec1d20a8 (16): qqqqqqqqqqqqqqqq
0xa1ec1d2980 (86): -+ncalrpc:[OLEDDBF4473638163077DCFC8C9CF20]
0xa1ec1d29f0 (86): -+ncalrpc:[OLEDDBF4473638163077DCFC8C9CF20]
0xa1ec1d2ad0 (86): -+ncalrpc:[OLEDDBF4473638163077DCFC8C9CF20]
0xa1ec1d2c20 (86): -+ncalrpc:[OLEDDBF4473638163077DCFC8C9CF20]
0xa1ec1d2c90 (86): -+ncalrpc:[OLEDDBF4473638163077DCFC8C9CF20]
0xa1ec1d2d00 (86): -+ncalrpc:[OLEDDBF4473638163077DCFC8C9CF20]
0xa1ec1d33e6 (30): DESKTOP-SH8VOCG
0xa1ec1d3408 (30): 192.168.134.171
0xa1ec1d3466 (30): DESKTOP-SH8VOCG
0xa1ec1d3488 (30): 192.168.134.171
0xa1ec1d34e6 (30): DESKTOP-SH8VOCG
0xa1ec1d3508 (30): 192.168.134.171
0xa1ec1d3666 (30): DESKTOP-SH8VOCG
0xa1ec1d3688 (30): 192.168.134.171
0xa1ec1d3766 (30): DESKTOP-SH8VOCG
0xa1ec1d3788 (30): 192.168.134.171
0xa1ec1d3866 (30): DESKTOP-SH8VOCG
0xa1ec1d3888 (30): 192.168.134.171
0xa1ec1d38e6 (30): DESKTOP-SH8VOCG
0xa1ec1d3908 (30): 192.168.134.171
0xa1ec1d3ae6 (30): DESKTOP-SH8VOCG
0xa1ec1d3b08 (30): 192.168.134.171
0xa1ec1d3be6 (30): DESKTOP-SH8VOCG
0xa1ec1d3c08 (30): 192.168.134.171
0xa1ec1d3c66 (30): DESKTOP-SH8VOCG
0xa1ec1d3c88 (30): 192.168.134.171
0xa1ec1d3ce6 (30): DESKTOP-SH8VOCG
0xa1ec1d3d08 (30): 192.168.134.171
0xa1ec1d3f66 (30): DESKTOP-SH8VOCG
0xa1ec1d3f88 (30): 192.168.134.171
0xa1ec1d4066 (30): DESKTOP-SH8VOCG
0xa1ec1d4088 (30): 192.168.134.171
0xa1ec1d4166 (30): DESKTOP-SH8VOCG
0xa1ec1d4188 (30): 192.168.134.171
0xa1ec1d42e8 (84): DisableKeyboardDisplayOnProgrammaticFocus
0xa1ec1d4792 (30): DESKTOP-SH8VOCG
0xa1ec1d47b4 (30): 192.168.134.171
0xa1ec1d5770 (38): ws\System32\cmd.exe
0xa1ec1d7df0 (88): CLSID\{6E29FABF-9977-42D1-8D0E-CA7E61AD87E6}
0xa1ec1d85dc (132): MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{69783A79-B416-43B5-
AD0
0xa1ec1d8cf0 (88): CLSID\{00020424-0000-0000-C000-000000000046}
0xa1ec1d8e40 (56): UIAutomation Registrar Class
0xa1ec1d9020 (68): C:\Windows\SYSTEM32\kernelbase.dll
0xa1ec1d94d0 (68): C:\Windows\SYSTEM32\kernelbase.dll
0xa1ec1d96b0 (64): Press any key to continue . . .
0xa1ec1d9700 (60): C:\Windows\System32\OLEACC.dll
0xa1ec1d97a0 (64): C:\Windows\System32\oleaut32.dll
0xa1ec1d97f0 (64): Press any key to continue . . .
0xa1ec1d98e0 (56): UIAutomation Registrar Class
0xa1ec1d99d0 (64): C:\Windows\System32\oleaut32.dll
0xa1ec1d9ac0 (64): C:\Windows\system32\OLEACCRC.DLL
0xa1ec1d9f48 (74): Builtin Assembly Metadata Contributor
0xa1ec1da3f8 (70): Builtin DLL Redirection contributor
0xa1ec1da8a8 (76): Builtin Compatibility Info contributor
0xa1ec1dad58 (88): Builtin Window Class Redirection contributor
0xa1ec1db208 (84): Builtin COM Server Redirection contributor
0xa1ec1db6b8 (84): Builtin COM ProgId redirection contributor
0xa1ec1dbb68 (96): Builtin COM Type Library redirection contributor
0xa1ec1dc018 (90): Builtin COM interface redirection contributor
0xa1ec1dc4c8 (76): Builtin NDP surrogate data contributor
0xa1ec1dc978 (80): Builtin application settings contributor
0xa1ec1dd1c0 (104): Y\USER\S-1-5-21-245077564-3469246947-3992900880-1001
0xa1ec1dd2f8 (26): SysListView32
0xa1ec1dd338 (26): syslistview32
0xa1ec1dd7f8 (26): AfxControlBar
0xa1ec1dd838 (26): systreeview32
0xa1ec1dda38 (26): afxcontrolbar
0xa1ec1dda78 (32): SHELLDLL_DefView
0xa1ec1ddbf8 (26): richedit20wpt
0xa1ec1dddf8 (26): SysTreeView32
0xa1ec1ddef8 (26): syslistview32
0xa1ec1ddfb8 (26): SysListView32
0xa1ec1de1b8 (26): RichEdit20WPT
0xa1ec1de6b0 (44): MSAA_*FCFFFFFF00000000
0xa1ec1de710 (72): \??\C:\Windows\system32\OLEACCRC.DLL
0xa1ec1de7d0 (44): MSAA_*FCFFFFFF00000000
0xa1ec1de830 (44): MSAA_*FCFFFFFF00000000
0xa1ec1de890 (44): MSAA_*FCFFFFFF00000000
0xa1ec1de8f0 (44): MSAA_*FCFFFFFF00000000
0xa1ec1de950 (44): MSAA_*FCFFFFFF00000000
0xa1ec1dea10 (44): MSAA_*FCFFFFFF00000000
0xa1ec1dea70 (44): MSAA_*FCFFFFFF00000000
0xa1ec1dead0 (44): MSAA_*FCFFFFFF00000000
0xa1ec1deb30 (44): MSAA_*FCFFFFFF00000000
0xa1ec1deb90 (44): MSAA_*FCFFFFFF00000000
0xa1ec1debf0 (44): MSAA_*FCFFFFFF00000000
0xa1ec1dec50 (44): MSAA_*FCFFFFFF00000000
0xa1ec1decb0 (44): MSAA_*FCFFFFFF00000000
0xa1ec1ded70 (44): MSAA_*FCFFFFFF00000000
0xa1ec1dedd0 (44): MSAA_*FCFFFFFF00000000
0xa1ec1deef0 (44): MSAA_*FCFFFFFF00000000
0xa1ec1def50 (44): MSAA_*FCFFFFFF00000000
0xa1ec1defb0 (44): MSAA_*FCFFFFFF00000000
0xa1ec1df010 (44): MSAA_*FCFFFFFF00000000
0xa1ec1df0d0 (44): MSAA_*FCFFFFFF00000000
0xa1ec1df190 (44): MSAA_*FCFFFFFF00000000
0xa1ec1df1f0 (44): MSAA_*FCFFFFFF00000000
0xa1ec1df2b0 (44): MSAA_*FCFFFFFF00000000
0xa1ec1df370 (44): MSAA_*FCFFFFFF00000000
0xa1ec1df3d0 (44): MSAA_*FCFFFFFF00000000
0xa1ec1df430 (44): MSAA_*FCFFFFFF00000000
0xa1ec1df490 (44): MSAA_*FCFFFFFF00000000
0xa1ec1df550 (44): MSAA_*FCFFFFFF00000000
0xa1ec1df5b0 (80): C:\Windows\System32\uiautomationcore.dll
0xa1ec1df6d0 (38): ws\System32\cmd.exe
0xa1ec1dfa8a (30): J"UIAutomationBlockingCoreLibW
0xa1ec1dfab3 (29): 5IUIAutomationBlockingCoreWWW
0xa1ec1dfae0 (54): C:\Windows\System32\cmd.exe
0xa1ec1dfb18 (16): utomationElement
0xa1ec1dfb48 (12): GetRuntimeId
0xa1ec1dfb60 (12): runtimeIdWWW
0xa1ec1dfb78 (12): TreeScopeWWW
0xa1ec1dfb90 (20): TreeScope_ElementWWW
0xa1ec1dfbb0 (20): TreeScope_ChildrenWW
0xa1ec1dfbd0 (24): TreeScope_DescendantsWWW
0xa1ec1dfbf1 (19): 01
TreeScope_Parent
0xa1ec1dfc10 (20): TreeScope_AncestorsW
0xa1ec1dfc30 (20): TreeScope_SubtreeWWW
0xa1ec1dfc50 (24): IUIAutomationConditionWW
0xa1ec1dfc72 (14): M=FindFirstWWW
0xa1ec1dfca0 (12): conditionWWW
0xa1ec1dfccc (28): IUIAutomationElementArrayWWW
0xa1ec1dfcf0 (54): C:\Windows\System32\cmd.exe
0xa1ec1dfd46 (10): B;FindAllW
0xa1ec1dfd59 (31): 8M?IUIAutomationCacheRequestWWW
0xa1ec1dfd84 (12): AddPropertyW
0xa1ec1dfd9b (13): PpropertyIdWW
0xa1ec1dfdb2 (14): n.AddPatternWW
0xa1ec1dfdcc (12): patternIdWWW
0xa1ec1dfdf8 (16): clonedRequestWWW
0xa1ec1dfe13 (13): LTreeFilterWW
0xa1ec1dfe40 (24): AutomationElementModeWWW
0xa1ec1dfe64 (28): AutomationElementMode_NoneWW
0xa1ec1dfe89 (31): 0SwAutomationElementMode_FullWW
0xa1ec1dfec3 (21): *FindFirstBuildCacheW
0xa1ec1dfee4 (12): cacheRequest
0xa1ec1dff10 (38): ws\System32\cmd.exe
0xa1ec1dff3a (18): /oupdatedElementWW
0xa1ec1dff58 (24): GetCurrentPropertyValueW
0xa1ec1dff90 (28): GetCurrentPropertyValueExWWW
0xa1ec1dffb6 (22): m]ignoreDefaultValueWW
0xa1ec1dffd8 (24): GetCachedPropertyValueWW
0xa1ec1dfffb (25): YGetCachedPropertyValueEx
0xa1ec1e0020 (20): GetCurrentPatternAsW
0xa1ec1e0050 (16): patternObjectWWW
0xa1ec1e006c (20): GetCachedPatternAsWW
0xa1ec1e008c (20): GetCurrentPatternWWW
0xa1ec1e00ac (16): GetCachedPattern
0xa1ec1e00c8 (16): GetCachedParentW
0xa1ec1e00f6 (18): TpGetCachedChildre
0xa1ec1e0110 (54): C:\Windows\System32\cmd.exe
0xa1ec1e0148 (20): CurrentControlTypeWW
0xa1ec1e0168 (28): CurrentLocalizedControlTypeW
0xa1ec1e0190 (12): CurrentNameW
0xa1ec1e01a7 (25): WCurrentAcceleratorKeyWWW
0xa1ec1e01cc (16): CurrentAccessKey
0xa1ec1e01e7 (25): UCurrentHasKeyboardFocusW
0xa1ec1e020c (28): CurrentIsKeyboardFocusableWW
0xa1ec1e0234 (16): CurrentIsEnabled
0xa1ec1e0250 (20): CurrentAutomationIdW
0xa1ec1e026f (17): <CurrentClassName
0xa1ec1e028c (16): CurrentHelpTextW
0xa1ec1e02a7 (17): CCurrentCultureWW
0xa1ec1e02c2 (26): v3CurrentIsControlElementW
0xa1ec1e02e8 (24): CurrentIsContentElementW
0xa1ec1e030c (12): CurrentIsPas
0xa1ec1e0320 (54): C:\Windows\System32\cmd.exe
0xa1ec1e0358 (12): entItemTypeW
0xa1ec1e0370 (20): CurrentIsOffscreenWW
0xa1ec1e0390 (16): OrientationTypeW
0xa1ec1e03ac (20): OrientationType_None
0xa1ec1e03cc (28): OrientationType_HorizontalWW
0xa1ec1e03f4 (24): OrientationType_Vertical
0xa1ec1e0417 (21): jCurrentOrientationWW
0xa1ec1e0438 (20): CurrentFrameworkIdWW
0xa1ec1e0457 (25): gCurrentIsRequiredForForm
0xa1ec1e047b (21): ?CurrentItemStatusWWW
0xa1ec1e04e2 (10): H{bottomWW
0xa1ec1e04f7 (25): ?CurrentBoundingRectangle
0xa1ec1e051b (13): )CurrentLabel
0xa1ec1e0530 (54): C:\Windows\System32\cmd.exe
0xa1ec1e0577 (29): &CurrentIsDataValidForFormWWW
0xa1ec1e059e (22): FQCurrentControllerFor
0xa1ec1e05bf (21): WCurrentDescribedByWW
0xa1ec1e05de (18): -eCurrentFlowsToWW
0xa1ec1e05fb (29): =CurrentProviderDescriptionWW
0xa1ec1e0624 (16): CachedProcessIdW
0xa1ec1e0640 (20): CachedControlTypeWWW
0xa1ec1e0660 (28): CachedLocalizedControlTypeWW
0xa1ec1e0688 (12): CachedNameWW
0xa1ec1e069f (21): zCachedAcceleratorKey
0xa1ec1e06c0 (16): CachedAccessKeyW
0xa1ec1e06dc (24): CachedHasKeyboardFocusWW
0xa1ec1e0700 (28): CachedIsKeyboardFocusableWWW
0xa1ec1e0728 (16): CachedIsEnabledW
0xa1ec1e0743 (21): ZCachedAutomationIdWW
0xa1ec1e0764 (16): CachedClassNameW
0xa1ec1e077e (18): ^6CachedHelpTextWW
0xa1ec1e079b (17): :CachedCultureWWW
0xa1ec1e07b8 (24): CachedIsControlElementWW
0xa1ec1e07db (25): "CachedIsContentElementWW
0xa1ec1e0800 (16): CachedIsPassword
0xa1ec1e081c (24): CachedNativeWindowHandle
0xa1ec1e0840 (16): CachedItemTypeWW
0xa1ec1e085c (20): CachedIsOffscreenWWW
0xa1ec1e087b (21): _CachedOrientationWWW
0xa1ec1e089c (20): CachedFrameworkIdWWW
0xa1ec1e08bc (24): CachedIsRequiredForFormW
0xa1ec1e08df (17): =CachedItemStatus
0xa1ec1e08fb (25): YCachedBoundingRectangleW
0xa1ec1e091f (17): oCachedLabeledByW
0xa1ec1e093a (16): e>CachedAriaRoYd
0xa1ec1e0950 (54): C:\Windows\System32\cmd.exe
0xa1ec1e099c (20): CachedControllerForW
0xa1ec1e09bb (21): \CachedDescribedByWWW
0xa1ec1e09db (17): \CachedFlowsToWWW
0xa1ec1e09f8 (28): CachedProviderDescriptionWWW
0xa1ec1e0a52 (22): JLGetClickablePointWWW
0xa1ec1e0a74 (12): clickableWWW
0xa1ec1e0a8c (12): gotClickable
0xa1ec1e0aa3 (17): :CompareElementsW
0xa1ec1e0af4 (20): CompareRuntimeIdsWWW
0xa1ec1e0b13 (13): |runtimeId1WW
0xa1ec1e0b2b (13): |runtimeId2WW
0xa1ec1e0b44 (16): GetRootElementWW
0xa1ec1e0b70 (20): ElementFromHandleWWW
0xa1ec1e0b9e (18): E*ElementFromPoint
0xa1ec1e0bcb (21): XGetFocusedElementWWW
0xa1ec1e0bec (24): GetRootElementBuildCache
0xa1ec1e0c10 (28): ElementFromHandleBuildCacheW
0xa1ec1e0c36 (30): ohElementFromPointBuildCacheWW
0xa1ec1e0c60 (28): GetFocusedElementBuildCacheW
0xa1ec1e0c85 (27): 89qIUIAutomationTreeWalkerW
0xa1ec1e0cab (17): .GetParentElement
0xa1ec1e0cc7 (21): ;GetFirstChildElement
0xa1ec1e0cfc (20): GetLastChildElementW
0xa1ec1e0d2c (24): GetNextSiblingElementWWW
0xa1ec1e0d70 (54): C:\Windows\System32\cmd.exe
0xa1ec1e0db8 (12): normalizedWW
0xa1ec1e0dce (30): )XGetParentElementBuildCacheWW
0xa1ec1e0df8 (32): GetFirstChildElementBuildCacheWW
0xa1ec1e0e24 (32): GetLastChildElementBuildCacheWWW
0xa1ec1e0e50 (32): GetNextSiblingElementBuildCacheW
0xa1ec1e0e7c (36): GetPreviousSiblingElementBuildCacheW
0xa1ec1e0eac (28): NormalizeElementBuildCacheWW
0xa1ec1e0ed4 (16): CreateTreeWalker
0xa1ec1e0eee (14): IapConditionWW
0xa1ec1e0f1c (20): ControlViewWalkerWWW
0xa1ec1e0f3b (21): xContentViewWalkerWWW
0xa1ec1e0f5a (18): '%RawViewWalkerWWW
0xa1ec1e0f80 (54): C:\Windows\System32\cmd.exe
0xa1ec1e0fb8 (16): entViewCondition
0xa1ec1e0fd3 (21): TCreateCacheRequestWW
0xa1ec1e0ff4 (20): CreateTrueConditionW
0xa1ec1e1012 (14): #UnewCondition
0xa1ec1e102b (21): JCreateFalseCondition
0xa1ec1e104c (24): CreatePropertyConditionW
0xa1ec1e1084 (24): PropertyConditionFlagsWW
0xa1ec1e10a7 (29): bPropertyConditionFlags_NoneW
0xa1ec1e10d0 (36): PropertyConditionFlags_IgnoreCaseWWW
0xa1ec1e1100 (28): CreatePropertyConditionExWWW
0xa1ec1e113a (22): }dCreateAndConditionWW
0xa1ec1e115c (12): condition1WW
0xa1ec1e1174 (12): condition2WW
0xa1ec1e11b4 (12): conditionsWW
0xa1ec1e11cc (36): CreateAndConditionFromNativeArrayWWW
0xa1ec1e11fb (17): 5conditionCountWW
0xa1ec1e1218 (20): CreateOrConditionWWW
0xa1ec1e1238 (28): CreateOrConditionFromArrayWW
0xa1ec1e1260 (32): CreateOrConditionFromNativeArray
0xa1ec1e128c (20): CreateNotConditionWW
0xa1ec1e12ac (28): IUIAutomationEventHandlerWWW
0xa1ec1e12d2 (26): 'QHandleAutomationEventWWW
0xa1ec1e1320 (28): AddAutomationEventHandlerWWW
0xa1ec1e1346 (10): ?handlerW
0xa1ec1e135c (28): RemoveAutomationEventHandler
0xa1ec1e1383 (21): TIUIAutomationPropert
0xa1ec1e13b0 (38): ws\System32\cmd.exe
0xa1ec1e13f2 (46): TnAddPropertyChangedEventHandlerNativeArrayWWW
0xa1ec1e142c (16): propertyArrayWWW
0xa1ec1e1447 (17): jpropertyCountWWW
0xa1ec1e1464 (32): AddPropertyChangedEventHandlerWW
0xa1ec1e1490 (36): RemovePropertyChangedEventHandlerWWW
0xa1ec1e14c0 (44): IUIAutomationStructureChangedEventHandlerWWW
0xa1ec1e14f8 (20): StructureChangeTypeW
0xa1ec1e1517 (33): `StructureChangeType_ChildAddedWW
0xa1ec1e1544 (32): StructureChangeType_ChildRemoved
0xa1ec1e1570 (40): StructureChangeType_ChildrenInvalidatedW
0xa1ec1e15a4 (40): StructureChangeType_ChildrenBulkAddedWWW
0xa1ec1e15d4 (44): '0CtStructureChangeType_ChildrenBulkRemovedW
0xa1ec1e160c (40): StructureChangeType_ChildrenReorderedWWW
0xa1ec1e163f (29): PHandleStructureChangedEventW
0xa1ec1e1667 (13): ichangeTypeWW
0xa1ec1e1690 (16): gedEventHandlerW
0xa1ec1e16ab (37): nRemoveStructureChangedEventHandlerWW
0xa1ec1e16dc (40): IUIAutomationFocusChangedEventHandlerWWW
0xa1ec1e170e (26): /SHandleFocusChangedEventW
0xa1ec1e1733 (29): aAddFocusChangedEventHandlerW
0xa1ec1e175c (32): RemoveFocusChangedEventHandlerWW
0xa1ec1e1788 (24): RemoveAllEventHandlersWW
0xa1ec1e17ac (28): IntNativeArrayToSafeArrayWWW
0xa1ec1e17e7 (13): arrayCountWW
0xa1ec1e1800 (12): safeArrayWWW
0xa1ec1e1818 (28): IntSafeArrayToNativeArrayWWW
0xa1ec1e1854 (16): RectToVariantWWW
0xa1ec1e188f (17): gVariantToRectWWW
0xa1ec1e18ac (28): SafeArrayToRectNativeArrayWW
0xa1ec1e18e6 (14): 7qrectArrayWWW
0xa1ec1e1900 (16): rectArrayCountWW
0xa1ec1e191b (29): mIUIAutomationProxyFactoryWWW
0xa1ec1e1944 (28): IRawElementProviderSimpleWWW
0xa1ec1e196c (16): ProviderOptionsW
0xa1ec1e1984 (40): "03#ProviderOptions_ClientSideProviderWW
0xa1ec1e19b8 (36): ProviderOptions_ServerSideProviderWW
0xa1ec1e19e8 (40): ProviderOptions_NonClientAreaProviderWWW
0xa1ec1e1a1c (32): ProviderOptions_OverrideProvider
0xa1ec1e1a47 (37): PProviderOptions_ProviderOwnsSetFocus
0xa1ec1e1a77 (33): jProviderOptions_UseComThreadingW
0xa1ec1e1aa4 (40): ProviderOptions_RefuseNonClientSupportWW
0xa1ec1e1ad8 (36): ProviderOptions_HasNativeIAccessible
0xa1ec1e1b08 (36): ProviderOptions_UseClientCoordinates
0xa1ec1e1b4b (21): VGetPatternProviderWW
0xa1ec1e1b6b (17): yGetPropertyValue
0xa1ec1e1b88 (24): HostRawElementProviderWW
0xa1ec1e1bab (17): |CreateProviderWW
0xa1ec1e1bc6 (10): R
idObject
0xa1ec1e1c04 (16): ProxyFactoryIdWW
0xa1ec1e1c20 (12): factoryIdWWW
0xa1ec1e1c35 (35): 8.iIUIAutomationProxyFactoryEntryWW
0xa1ec1e1c64 (12): ProxyFactory
0xa1ec1e1c90 (12): ClassNameWWW
0xa1ec1e1ca8 (12): ImageNameWWW
0xa1ec1e1cc0 (20): AllowSubstringMatchW
0xa1ec1e1ce0 (20): CanCheckBaseClassWWW
0xa1ec1e1d00 (20): NeedsAdviseEventsWWW
0xa1ec1e1d1f (13): ;adviseEvents
0xa1ec1e1d38 (32): SetWinEventsForAutomationEventWW
0xa1ec1e1d64 (12): winEventsWWW
0xa1ec1e1d7b (33): %GetWinEventsForAutomationEventWW
0xa1ec1e1da8 (24): CreateProxyFactoryEntryW
0xa1ec1e1dcc (12): factoryEntry
0xa1ec1e1de0 (36): 8P4IUIAutomationProxyFactoryMapping
0xa1ec1e1e0e (10): 0vCountWWW
0xa1ec1e1e88 (12): factoryListW
0xa1ec1e1ea0 (16): InsertEntriesWWW
0xa1ec1e1ed0 (12): InsertEntryW
0xa1ec1e1ee8 (12): RemoveEntryW
0xa1ec1e1eff (13): $ClearTableWW
0xa1ec1e1f17 (21): 0RestoreDefaultTableW
0xa1ec1e1f37 (21): xProxyFactoryMappingW
0xa1ec1e1f57 (17): =factoryMappingWW
0xa1ec1e1f73 (29): DGetPropertyProgrammaticNameW
0xa1ec1e1fbf (29): UGetPatternProgrammaticNameWW
0xa1ec1e1ffc (36): PollForPotentialSupportedPatternsWWW
0xa1ec1e2040 (12): patternIdsWW
0xa1ec1e2058 (12): patternNames
0xa1ec1e2070 (36): PollForPotentialSupportedPropertiesW
0xa1ec1e20a0 (12): propertyIdsW
0xa1ec1e20b8 (16): propertyNamesWWW
0xa1ec1e20d4 (20): CheckNotSupportedWWW
0xa1ec1e20f4 (16): isNotSupportedWW
0xa1ec1e210f (29): gReservedNotSupportedValueWWW
0xa1ec1e2136 (22): M|notSupportedValueWWW
0xa1ec1e2156 (30): KiReservedMixedAttributeValueW
0xa1ec1e217f (21): rmixedAttributeValueW
0xa1ec1e21a0 (12): IAccessibleW
0xa1ec1e21b7 (13): #accParentWWW
0xa1ec1e21ce (14): KHppdispParent
0xa1ec1e21e7 (17): TaccChildCountWWW
0xa1ec1e2202 (18): p9pcountChildrenWW
0xa1ec1e2248 (12): ppdispChildW
0xa1ec1e2286 (10): wgaccValue
0xa1ec1e229a (10): 39pszValue
0xa1ec1e22af (17): =accDescriptionWW
0xa1ec1e22cc (16): pszDescriptionWW
0xa1ec1e22e6 (10): MQaccRoleW
0xa1ec1e2322 (14): }qpvarStateWWW
0xa1ec1e233a (10): 4caccHelpW
0xa1ec1e2363 (13): ZaccHelpTopic
0xa1ec1e237c (12): pszHelpFileW
0xa1ec1e23a7 (21): uaccKeyboardShortcutW
0xa1ec1e23c8 (20): pszKeyboardShortcutW
0xa1ec1e23fa (14): ^8pvarChildWWW
0xa1ec1e2414 (12): accSelection
0xa1ec1e242c (12): pvarChildren
0xa1ec1e2444 (16): accDefaultAction
0xa1ec1e245e (18): c!pszDefaultAction
0xa1ec1e247c (12): accSelectWWW
0xa1ec1e2494 (12): flagsSelectW
0xa1ec1e24ac (12): accLocationW
0xa1ec1e24c2 (10): L[pxLeftWW
0xa1ec1e24ea (10): A1pcxWidth
0xa1ec1e24fe (14): ["pcyHeightWWW
0xa1ec1e2516 (14): sfaccNavigateW
0xa1ec1e2557 (13): 9pvarEndUpAtW
0xa1ec1e2570 (12): accHitTestWW
0xa1ec1e25ac (20): accDoDefaultActionWW
0xa1ec1e25ca (26): 'IElementFromIAccessibleWW
0xa1ec1e25f0 (12): accessibleWW
0xa1ec1e261b (33): RElementFromIAccessibleBuildCache
0xa1ec1e2648 (12): automationWW
0xa1ec1e265f (17): ycallerThreadIdWW
0xa1ec1e267c (12): ULONG_PTRWWW
0xa1ec1e2694 (16): DoCallWithReturn
0xa1ec1e26b0 (16): clientConnection
0xa1ec1e26e0 (12): requestLenWW
0xa1ec1e26f7 (33): EfUseCAutomation8TimeoutBehaviorW
0xa1ec1e2723 (13): )dwTimeoutWWW
0xa1ec1e273b (17): .pResponseTypeWWW
0xa1ec1e2757 (13): 7pResponseWWW
0xa1ec1e2770 (12): pResponseLen
0xa1ec1e2787 (21): eTextEditChangeTypeWW
0xa1ec1e27a8 (24): TextEditChangeType_NoneW
0xa1ec1e27c9 (35): 0#+TextEditChangeType_AutoCorrectWW
0xa1ec1e27f8 (32): TextEditChangeType_CompositionWW
0xa1ec1e2824 (40): TextEditChangeType_CompositionFinalizedW
0xa1ec1e2858 (44): IUIAutomationTextEditTextChangedEventHandler
0xa1ec1e2890 (32): HandleTextEditTextChangedEventWW
0xa1ec1e28bc (12): eventStrings
0xa1ec1e28d4 (36): AddTextEditTextChangedEventHandlerWW
0xa1ec1e2904 (40): RemoveTextEditTextChangedEventHandlerWWW
0xa1ec1e2938 (28): IUIAutomationIODisconnectWWW
0xa1ec1e295f (21): QDisconnectProviderWW
0xa1ec1e297f (13): ;pRuntimeIdWW
0xa1ec1e2998 (32): IUIAutomationCrossThreadReleaseW
0xa1ec1e29c4 (16): ReleaseObjectWWW
0xa1ec1e29de (18): NrpObjToReleaseWWW
0xa1ec1e29f9 (31): 8nJCUIAutomationBlockingCoreWWW
0xa1ec1e2a24 (36): IUIAutomationViewManagerEventHandler
0xa1ec1e2a52 (18): oGHandleViewAddedW
0xa1ec1e2a7e (22): Q8HandleViewRemovedWWW
0xa1ec1e2a9f (25): cHandleActiveViewChangedW
0xa1ec1e2ac4 (13): activePIDWWWp
0xa1ec1e3ba0 (24): tomationBlockingCoreLibW
0xa1ec1e3bc3 (29): 5IUIAutomationBlockingCoreWWW
0xa1ec1e3bec (16): CUIAutomationWWW
0xa1ec1e3c08 (16): IUIAutomationWWW
0xa1ec1e3c24 (20): IUIAutomationElement
0xa1ec1e3c58 (12): GetRuntimeId
0xa1ec1e3c70 (12): runtimeIdWWW
0xa1ec1e3ca0 (20): TreeScope_ElementWWW
0xa1ec1e3cc0 (20): TreeScope_ChildrenWW
0xa1ec1e3ce0 (24): TreeScope_DescendantsWWW
0xa1ec1e3d01 (19): 01
TreeScope_Parent
0xa1ec1e3d20 (20): TreeScope_AncestorsW
0xa1ec1e3d40 (20): TreeScope_SubtreeWWW
0xa1ec1e3d60 (24): IUIAutomationConditionWW
0xa1ec1e3d82 (14): M=FindFirstWWW
0xa1ec1e3db0 (12): conditionWWW
0xa1ec1e3ddc (28): IUIAutomationElementArrayWWW
0xa1ec1e3e18 (12): GetElementWW
0xa1ec1e3e56 (10): B;FindAllW
0xa1ec1e3e69 (31): 8M?IUIAutomationCacheRequestWWW
0xa1ec1e3e94 (12): AddPropertyW
0xa1ec1e3eab (13): PpropertyIdWW
0xa1ec1e3ec2 (14): n.AddPatternWW
0xa1ec1e3edc (12): patternIdWWW
0xa1ec1e3f08 (16): clonedRequestWWW
0xa1ec1e3f23 (13): LTreeFilterWW
0xa1ec1e3f50 (24): AutomationElementModeWWW
0xa1ec1e3f74 (28): AutomationElementMode_NoneWW
0xa1ec1e3f99 (31): 0SwAutomationElementMode_FullWW
0xa1ec1e3fd3 (21): *FindFirstBuildCacheW
0xa1ec1e3ff4 (12): cacheRequest
0xa1ec1e400c (20): FindAllBuildCacheWWW
0xa1ec1e402c (20): BuildUpdatedCacheWWW
0xa1ec1e404a (18): /oupdatedElementWW
0xa1ec1e4068 (24): GetCurrentPropertyValueW
0xa1ec1e40a0 (28): GetCurrentPropertyValueExWWW
0xa1ec1e40c6 (22): m]ignoreDefaultValueWW
0xa1ec1e40e8 (24): GetCachedPropertyValueWW
0xa1ec1e410b (25): YGetCachedPropertyValueEx
0xa1ec1e4130 (20): GetCurrentPatternAsW
0xa1ec1e4160 (16): patternObjectWWW
0xa1ec1e417c (20): GetCachedPatternAsWW
0xa1ec1e419c (20): GetCurrentPatternWWW
0xa1ec1e41bc (16): GetCachedPattern
0xa1ec1e41d8 (16): GetCachedParentW
0xa1ec1e4210 (12): dChildrenWWW
0xa1ec1e423c (16): CurrentProcessId
0xa1ec1e4258 (20): CurrentControlTypeWW
0xa1ec1e4278 (28): CurrentLocalizedControlTypeW
0xa1ec1e42a0 (12): CurrentNameW
0xa1ec1e42b7 (25): WCurrentAcceleratorKeyWWW
0xa1ec1e42dc (16): CurrentAccessKey
0xa1ec1e42f7 (25): UCurrentHasKeyboardFocusW
0xa1ec1e431c (28): CurrentIsKeyboardFocusableWW
0xa1ec1e4344 (16): CurrentIsEnabled
0xa1ec1e4360 (20): CurrentAutomationIdW
0xa1ec1e437f (17): <CurrentClassName
0xa1ec1e439c (16): CurrentHelpTextW
0xa1ec1e43b7 (17): CCurrentCultureWW
0xa1ec1e43d2 (26): v3CurrentIsControlElementW
0xa1ec1e43f8 (24): CurrentIsContentElementW
0xa1ec1e441c (20): CurrentIsPasswordWWW
0xa1ec1e443a (30): CHCurrentNativeWindowHandleWWW
0xa1ec1e4464 (16): CurrentItemTypeW
0xa1ec1e4480 (20): CurrentIsOffscreenWW
0xa1ec1e44a0 (16): OrientationTypeW
0xa1ec1e44bc (12): OrientationT
0xa1ec1e44dc (28): OrientationType_HorizontalWW
0xa1ec1e4504 (24): OrientationType_Vertical
0xa1ec1e4527 (21): jCurrentOrientationWW
0xa1ec1e4548 (20): CurrentFrameworkIdWW
0xa1ec1e4567 (25): gCurrentIsRequiredForForm
0xa1ec1e458b (21): ?CurrentItemStatusWWW
0xa1ec1e45f2 (10): H{bottomWW
0xa1ec1e4607 (25): ?CurrentBoundingRectangle
0xa1ec1e462b (17): )CurrentLabeledBy
0xa1ec1e4648 (16): CurrentAriaRoleW
0xa1ec1e4664 (24): CurrentAriaPropertiesWWW
0xa1ec1e4687 (29): &CurrentIsDataValidForFormWWW
0xa1ec1e46ae (22): FQCurrentControllerFor
0xa1ec1e46cf (21): WCurrentDescribedByWW
0xa1ec1e46ee (18): -eCurrentFlowsToWW
0xa1ec1e470b (29): =CurrentProviderDescriptionWW
0xa1ec1e4734 (16): CachedProcessIdW
0xa1ec1e4750 (20): CachedControlTypeWWW
0xa1ec1e4770 (24): CachedLocalizedControlTy
0xa1ec1e4d20 (28): ElementFromHandleBuildCacheW
0xa1ec1e4d46 (30): ohElementFromPointBuildCacheWW
0xa1ec1e4d70 (28): GetFocusedElementBuildCacheW
0xa1ec1e4d95 (27): 89qIUIAutomationTreeWalkerW
0xa1ec1e4dbb (17): .GetParentElement
0xa1ec1e4dd7 (21): ;GetFirstChildElement
0xa1ec1e4e0c (20): GetLastChildElementW
0xa1ec1e4e3c (24): GetNextSiblingElementWWW
0xa1ec1e4e70 (28): GetPreviousSiblingElementWWW
0xa1ec1e4e96 (10): :bprevious
0xa1ec1e4eac (16): NormalizeElement
0xa1ec1e4ec8 (12): normalizedWW
0xa1ec1e4ede (30): )XGetParentElementBuildCacheWW
0xa1ec1e4f08 (32): GetFirstChildElementBuildCacheWW
0xa1ec1e4f34 (32): GetLastChildElementBuildCacheWWW
0xa1ec1e4f60 (32): GetNextSiblingElementBuildCacheW
0xa1ec1e4f8c (36): GetPreviousSiblingElementBuildCacheW
0xa1ec1e4fbc (14): NormalizeEle1`
0xa1ec1e4fe4 (16): CreateTreeWalker
0xa1ec1e4ffe (14): IapConditionWW
0xa1ec1e502c (20): ControlViewWalkerWWW
0xa1ec1e504b (21): xContentViewWalkerWWW
0xa1ec1e506a (18): '%RawViewWalkerWWW
0xa1ec1e5088 (16): RawViewCondition
0xa1ec1e50a4 (20): ControlViewCondition
0xa1ec1e50c2 (22): T^ContentViewCondition
0xa1ec1e50e3 (21): TCreateCacheRequestWW
0xa1ec1e5104 (20): CreateTrueConditionW
0xa1ec1e5122 (14): #UnewCondition
0xa1ec1e513b (21): JCreateFalseCondition
0xa1ec1e515c (24): CreatePropertyConditionW
0xa1ec1e5194 (24): PropertyConditionFlagsWW
0xa1ec1e51b7 (29): bPropertyConditionFlags_NoneW
0xa1ec1e51e0 (36): PropertyConditionFlags_IgnoreCaseWWW
0xa1ec1e5210 (28): CreatePropertyConditionExWWW
0xa1ec1e524a (22): }dCreateAndConditionWW
0xa1ec1e526c (12): condition1WW
0xa1ec1e529c (28): CreateAndConditionFromArrayW
0xa1ec1e52c4 (12): conditionsWW
0xa1ec1e52dc (36): CreateAndConditionFromNativeArrayWWW
0xa1ec1e530b (17): 5conditionCountWW
0xa1ec1e5328 (20): CreateOrConditionWWW
0xa1ec1e5348 (28): CreateOrConditionFromArrayWW
0xa1ec1e5370 (32): CreateOrConditionFromNativeArray
0xa1ec1e539c (20): CreateNotConditionWW
0xa1ec1e53bc (28): IUIAutomationEventHandlerWWW
0xa1ec1e53e2 (26): 'QHandleAutomationEventWWW
0xa1ec1e5430 (28): AddAutomationEventHandlerWWW
0xa1ec1e5456 (10): ?handlerW
0xa1ec1e546c (28): RemoveAutomationEventHandler
0xa1ec1e5493 (41): TIUIAutomationPropertyChangedEventHandler
0xa1ec1e54c8 (28): HandlePropertyChangedEventWW
0xa1ec1e5502 (46): TnAddPropertyChangedEventHandlerNativeArrayWWW
0xa1ec1e553c (12): propertyArra
0xa1ec1e5557 (17): jpropertyCountWWW
0xa1ec1e5574 (32): AddPropertyChangedEventHandlerWW
0xa1ec1e55a0 (36): RemovePropertyChangedEventHandlerWWW
0xa1ec1e55d0 (44): IUIAutomationStructureChangedEventHandlerWWW
0xa1ec1e5608 (20): StructureChangeTypeW
0xa1ec1e5627 (33): `StructureChangeType_ChildAddedWW
0xa1ec1e5654 (32): StructureChangeType_ChildRemoved
0xa1ec1e5680 (40): StructureChangeType_ChildrenInvalidatedW
0xa1ec1e56b4 (40): StructureChangeType_ChildrenBulkAddedWWW
0xa1ec1e56e4 (44): '0CtStructureChangeType_ChildrenBulkRemovedW
0xa1ec1e571c (40): StructureChangeType_ChildrenReorderedWWW
0xa1ec1e574f (29): PHandleStructureChangedEventW
0xa1ec1e5777 (13): ichangeTypeWW
0xa1ec1e578e (34): 4_AddStructureChangedEventHandlerW
0xa1ec1e57bb (37): nRemoveStructureChangedEventHandlerWW
0xa1ec1e57ec (40): IUIAutomationFocusChangedEventHandlerWWW
0xa1ec1e581e (26): /SHandleFocusChangedEventW
0xa1ec1e5843 (29): aAddFocusChangedEventHandlerW
0xa1ec1e586c (32): RemoveFocusChangedEventHandlerWW
0xa1ec1e5898 (24): RemoveAllEventHandlersWW
0xa1ec1e58bc (28): IntNativeArrayToSafeArrayWWW
0xa1ec1e58f7 (13): arrayCountWW
0xa1ec1e5910 (12): safeArrayWWW
0xa1ec1e5928 (28): IntSafeArrayToNativeArrayWWW
0xa1ec1e5964 (16): RectToVariantWWW
0xa1ec1e6988 (17): qqqqqqqqqqqqqqqqx
0xa1ec1e6bd4 (12): activePIDWWW
0xa1ec1e6ea0 (86): -+ncalrpc:[OLEDDBF4473638163077DCFC8C9CF20]
0xa1ec1e6f14 (40): DESKTOP-SH8VOCG\quan
0xa1ec1e863c (40): DESKTOP-SH8VOCG\quan
0xa1ec1e86bc (40): DESKTOP-SH8VOCG\quan
0xa1ec1e86fc (40): DESKTOP-SH8VOCG\quan
0xa1ec1e877c (40): DESKTOP-SH8VOCG\quan
0xa1ec1e87b0 (46): Correction Widget Class
0xa1ec1e87fc (40): DESKTOP-SH8VOCG\quan
0xa1ec1e887c (40): DESKTOP-SH8VOCG\quan
0xa1ec1e88bc (40): DESKTOP-SH8VOCG\quan
0xa1ec1e893c (40): DESKTOP-SH8VOCG\quan
0xa1ec1e89bc (40): DESKTOP-SH8VOCG\quan
0xa1ec1e8a3c (40): DESKTOP-SH8VOCG\quan
0xa1ec1e8a7c (40): DESKTOP-SH8VOCG\quan
0xa1ec1e8abc (40): DESKTOP-SH8VOCG\quan
0xa1ec1e8afc (40): DESKTOP-SH8VOCG\quan
0xa1ec1e8b7c (40): DESKTOP-SH8VOCG\quan
0xa1ec1e8c3c (40): DESKTOP-SH8VOCG\quan
0xa1ec1e8c7c (40): DESKTOP-SH8VOCG\quan
0xa1ec1e8cbc (40): DESKTOP-SH8VOCG\quan
0xa1ec1e8cfc (40): DESKTOP-SH8VOCG\quan
0xa1ec1e8d3c (40): DESKTOP-SH8VOCG\quan
0xa1ec1e8d7c (40): DESKTOP-SH8VOCG\quan
0xa1ec1e8dbc (40): DESKTOP-SH8VOCG\quan
0xa1ec1e8df8 (24): comboboxex32
0xa1ec1e8ebc (40): DESKTOP-SH8VOCG\quan
0xa1ec1e8efc (40): DESKTOP-SH8VOCG\quan
0xa1ec1e8f3c (40): DESKTOP-SH8VOCG\quan
0xa1ec1e8f7c (40): DESKTOP-SH8VOCG\quan
0xa1ec1e8fbc (40): DESKTOP-SH8VOCG\quan
0xa1ec1e8ffc (40): DESKTOP-SH8VOCG\quan
0xa1ec1e903c (40): DESKTOP-SH8VOCG\quan
0xa1ec1e907c (40): DESKTOP-SH8VOCG\quan
0xa1ec1e90bc (40): DESKTOP-SH8VOCG\quan
0xa1ec1e90fc (40): DESKTOP-SH8VOCG\quan
0xa1ec1e913c (40): DESKTOP-SH8VOCG\quan
0xa1ec1e917c (40): DESKTOP-SH8VOCG\quan
0xa1ec1e91bc (40): DESKTOP-SH8VOCG\quan
0xa1ec1e91fc (40): DESKTOP-SH8VOCG\quan
0xa1ec1e923c (40): DESKTOP-SH8VOCG\quan
0xa1ec1e927c (40): DESKTOP-SH8VOCG\quan
0xa1ec1e92fc (40): DESKTOP-SH8VOCG\quan
0xa1ec1e933c (40): DESKTOP-SH8VOCG\quan
0xa1ec1e937c (40): DESKTOP-SH8VOCG\quan
0xa1ec1e93b8 (28): Local\1Default
0xa1ec1e93fc (40): DESKTOP-SH8VOCG\quan
0xa1ec1e947c (40): DESKTOP-SH8VOCG\quan
0xa1ec1e94bc (40): DESKTOP-SH8VOCG\quan
0xa1ec1e94fc (40): DESKTOP-SH8VOCG\quan
0xa1ec1e953c (40): DESKTOP-SH8VOCG\quan
0xa1ec1e9578 (24): ComboBoxEx32
0xa1ec1e9cd0 (24): taskkill.exe
0xa1ec1ea898 (17): qqqqqqqqqqqqqqqq
0xa1ec1ebc9e (14): #LFontChangedW
0xa1ec1ebcb8 (12): PropertyName
0xa1ec1ec2a0 (64): Press any key to continue . . .
0xa1ec1eeb90 (992): ---------Starting Analysis-----------------Starting
Windump...Starting Procmon...Starting PSR...Sleeping 5 seconds...Capturing
Data...Execute test plan and close when done executing processes.Press any key to
continue . . .Killing windumpSUCCESS: The process "WinDump.exe" with PID 5536 has
been terminated.Sleeping 10 seconds...Terminating CaptureSleeping 5
seconds...Sleeping 5 seconds...Saving as .csvLogs Saved - C:\Users\quan\Downloads\
logs\2024-11-11_06-05-51Press any key to continue . . .
0xa1ec200324 (192): ! "!#"$#%$&%'&(')(*)+*,+-,.-/.0/102132435465768798:9;:<;=<>=?
>@?A@EAIBMCQDUEYF]GaHeIiJmKqLuMyN}O
0xa1ec3f1348 (35): \??\C:\Windows\system32\conhost.exe
0xa1ec3f15c8 (14): \Program Files
0xa1ec3f15d7 (40): ProgramFiles(x86)=C:\Program Files (x86)
0xa1ec3f1600 (29): ProgramW6432=C:\Program Files
0xa1ec3f161e (64): PSModulePath=C:\Windows\system32\WindowsPowerShell\v1.0\Modules\
0xa1ec3f165f (22): PUBLIC=C:\Users\Public
0xa1ec3f1676 (14): SystemDrive=C:
0xa1ec3f1685 (21): SystemRoot=C:\Windows
0xa1ec3f169b (13): TEMP=C:\Users
0xa1ec3f16d0 (21): an\AppData\Local\Temp
0xa1ec3f16e6 (26): USERDOMAIN=DESKTOP-SH8VOCG
0xa1ec3f1701 (16): USERDOMAIN_ROAM<
0xa1ec3f171c (12): ESKTOP-SH8VO
0xa1ec3f17ee (26):
0xa1ec3f186c (24):
0xa1ec3f18ce (26): abcdefghijklmnopqrstuvwxyz
0xa1ec3f18ee (26): ABCDEFGHIJKLMNOPQRSTUVWXYZ
0xa1ec3f1ad0 (30): ALLUSERSPROFILE=C:\ProgramData
0xa1ec3f1aef (37): APPDATA=C:\Users\quan\AppData\Roaming
0xa1ec3f1b15 (34): BuildLab=10240.th1_st1.170427-1347
0xa1ec3f1b38 (51): BuildLabEx=10240.17394.amd64fre.th1_st1.170427-1347
0xa1ec3f1b6c (48): CommonProgramFiles=C:\Program Files\Common Files
0xa1ec3f1b9d (59): CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files
0xa1ec3f1bd9 (48): CommonProgramW6432=C:\Program Files\Common Files
0xa1ec3f1c0a (28): COMPUTERNAME=DESKTOP-SH8VOCG
0xa1ec3f1c27 (35): ComSpec=C:\Windows\system32\cmd.exe
0xa1ec3f1c4b (12): HOMEDRIVE=C:
0xa1ec3f1c58 (20): HOMEPATH=\Users\quan
0xa1ec3f1c6d (40): LOCALAPPDATA=C:\Users\quan\AppData\Local
0xa1ec3f1c96 (29): LOGONSERVER=\\DESKTOP-SH8VOCG
0xa1ec3f1cb4 (22): NUMBER_OF_PROCESSORS=2
0xa1ec3f1ccb (31): OneDrive=C:\Users\quan\OneDrive
0xa1ec3f1ceb (13): OS=Windows_NT
0xa1ec3f1cf9 (134): Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\
Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Graphviz\bin
0xa1ec3f1d80 (61): PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
0xa1ec3f1dbe (28): PROCESSOR_ARCHITECTURE=AMD64
0xa1ec3f1ddb (72): PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 140 Stepping 1,
GenuineIntel
0xa1ec3f1e24 (17): PROCESSOR_LEVEL=6
0xa1ec3f1e36 (23): PROCESSOR_REVISION=8c01
0xa1ec3f1e4e (26): ProgramData=C:\ProgramData
0xa1ec3f1e69 (29): ProgramFiles=C:\Program Files
0xa1ec3f1e87 (40): ProgramFiles(x86)=C:\Program Files (x86)
0xa1ec3f1eb0 (29): ProgramW6432=C:\Program Files
0xa1ec3f1ece (64): PSModulePath=C:\Windows\system32\WindowsPowerShell\v1.0\Modules\
0xa1ec3f1f0f (22): PUBLIC=C:\Users\Public
0xa1ec3f1f26 (14): SystemDrive=C:
0xa1ec3f1f35 (21): SystemRoot=C:\Windows
0xa1ec3f1f4b (37): TEMP=C:\Users\quan\AppData\Local\Temp
0xa1ec3f1f71 (36): TMP=C:\Users\quan\AppData\Local\Temp
0xa1ec3f1f96 (26): USERDOMAIN=DESKTOP-SH8VOCG
0xa1ec3f1fb1 (41): USERDOMAIN_ROAMINGPROFILE=DESKTOP-SH8VOCG
0xa1ec3f1fdb (13): USERNAME=quan
0xa1ec3f1fe9 (25): USERPROFILE=C:\Users\quan
0xa1ec3f2003 (17): windir=C:\Windows
0xa1ec3f6792 (28): StringFileInfo
0xa1ec3f67ce (22): CompanyName
0xa1ec3f67e8 (42): Microsoft Corporation
0xa1ec3f681a (30): FileDescription
0xa1ec3f686a (22): FileVersion
0xa1ec3f6884 (68): 10.0.10240.16384 (th1.150709-1700)
0xa1ec3f68d2 (24): InternalName
0xa1ec3f6902 (28): LegalCopyright
0xa1ec3f6922 (38): Microsoft Corporat
0xa1ec3f6982 (32): OriginalFilename
0xa1ec3f69a4 (22): CONHOST.EXE
0xa1ec3f69c2 (22): ProductName
0xa1ec3f6a02 (34): Operating System
0xa1ec3f6a2e (28): ProductVersion
0xa1ec3f6a76 (22): VarFileInfo
0xa1ec3f6a96 (22): Translation
0xa1ed9dd140 (20): C:\Windows
0xa1ed9dd3d0 (74): C:\Windows\system32\en-US\cmd.exe.mui
0xa1ed9de376 (32): system32\cmd.exe
0xa1ed9de878 (30): ystem32\cmd.exe
0xa1ed9df0f2 (44): *ping -n 5 localhost
0xa1ed9df9e0 (122): Press any key to continue . . . oads\logs\2024-11-11_06-05-51
0xa1ed9dfea0 (64): Press any key to continue . . .
0xa1eda20324 (192): ! "!#"$#%$&%'&(')(*)+*,+-,.-/.0/102132435465768798:9;:<;=<>=?
>@?A@EAIBMCQDUEYF]GaHeIiJmKqLuMyN}O
0xa1edf54040 (2160240): -----------------
Starting Analysis
-----------------
Starting Windump...
Starting Procmon...
Starting PSR...
Sleeping 5 seconds...
Capturing Data...
Execute test plan and close when done executing processes.
Press any key to continue . . .
Killing windump
SUCCESS: The process "WinDump.exe" with PID 5536 has been terminated.
Sleeping 10 seconds...
Terminating Capture
Sleeping 5 seconds...
Sleeping 5 seconds...
Saving as .csv
Logs Saved - C:\Users\quan\Downloads\logs\2024-11-11_06-05-51
Press any key to continue . . .

You might also like