| flw | process | pid | timeStamp | mod | * |
|---|
 | \Device\HarddiskVolume1\Users\uii\Desktop\rat.exe | 1796 | 12-09-2017-08-35-26 | C:\Users\uii\Desktop\rat.exe | |
| \Device\HarddiskVolume1\Users\uii\Desktop\rat.exe | 1796 | 12-09-2017-08-35-26 | C:\Windows\SysWOW64\ntdll.dll | 0x77510000 |
| \Device\HarddiskVolume1\Users\uii\Desktop\rat.exe | 1796 | 12-09-2017-08-35-26 | C:\Windows\syswow64\kernel32.dll | 0x76A10000 |
| \Device\HarddiskVolume1\Users\uii\Desktop\rat.exe | 1796 | 12-09-2017-08-35-26 | C:\Windows\syswow64\KERNELBASE.dll | 0x75470000 |
| \Device\HarddiskVolume1\Users\uii\Desktop\rat.exe | 1796 | 12-09-2017-08-35-26 | C:\Windows\syswow64\USER32.dll | 0x76BA0000 |
| \Device\HarddiskVolume1\Users\uii\Desktop\rat.exe | 1796 | 12-09-2017-08-35-26 | C:\Windows\syswow64\GDI32.dll | 0x76B10000 |
| \Device\HarddiskVolume1\Users\uii\Desktop\rat.exe | 1796 | 12-09-2017-08-35-26 | C:\Windows\syswow64\LPK.dll | 0x774E0000 |
| \Device\HarddiskVolume1\Users\uii\Desktop\rat.exe | 1796 | 12-09-2017-08-35-26 | C:\Windows\syswow64\USP10.dll | 0x75800000 |
| \Device\HarddiskVolume1\Users\uii\Desktop\rat.exe | 1796 | 12-09-2017-08-35-26 | C:\Windows\syswow64\msvcrt.dll | 0x755B0000 |
| \Device\HarddiskVolume1\Users\uii\Desktop\rat.exe | 1796 | 12-09-2017-08-35-26 | C:\Windows\syswow64\ADVAPI32.dll | 0x751B0000 |
| \Device\HarddiskVolume1\Users\uii\Desktop\rat.exe | 1796 | 12-09-2017-08-35-26 | C:\Windows\SysWOW64\sechost.dll | 0x75450000 |
| \Device\HarddiskVolume1\Users\uii\Desktop\rat.exe | 1796 | 12-09-2017-08-35-26 | C:\Windows\syswow64\RPCRT4.dll | 0x758F0000 |
| \Device\HarddiskVolume1\Users\uii\Desktop\rat.exe | 1796 | 12-09-2017-08-35-26 | C:\Windows\syswow64\SspiCli.dll | 0x75080000 |
| \Device\HarddiskVolume1\Users\uii\Desktop\rat.exe | 1796 | 12-09-2017-08-35-26 | C:\Windows\syswow64\CRYPTBASE.dll | 0x75070000 |
| \Device\HarddiskVolume1\Users\uii\Desktop\rat.exe | 1796 | 12-09-2017-08-35-26 | C:\Windows\syswow64\SHELL32.dll | 0x75B00000 |
| \Device\HarddiskVolume1\Users\uii\Desktop\rat.exe | 1796 | 12-09-2017-08-35-26 | C:\Windows\syswow64\SHLWAPI.dll | 0x75A90000 |
| \Device\HarddiskVolume1\Users\uii\Desktop\rat.exe | 1796 | 12-09-2017-08-35-26 | C:\Windows\syswow64\ole32.dll | 0x76F50000 |
| \Device\HarddiskVolume1\Users\uii\Desktop\rat.exe | 1796 | 12-09-2017-08-35-26 | C:\Windows\syswow64\OLEAUT32.dll | 0x75250000 |
| \Device\HarddiskVolume1\Users\uii\Desktop\rat.exe | 1796 | 12-09-2017-08-35-26 | C:\Windows\syswow64\WS2_32.dll | 0x752E0000 |
| \Device\HarddiskVolume1\Users\uii\Desktop\rat.exe | 1796 | 12-09-2017-08-35-26 | C:\Windows\syswow64\NSI.dll | 0x76DF0000 |
| \Device\HarddiskVolume1\Users\uii\Desktop\rat.exe | 1796 | 12-09-2017-08-35-26 | C:\Windows\system32\AVIFIL32.dll | 0x711B0000 |
| \Device\HarddiskVolume1\Users\uii\Desktop\rat.exe | 1796 | 12-09-2017-08-35-26 | C:\Windows\system32\WINMM.dll | 0x71170000 |
| \Device\HarddiskVolume1\Users\uii\Desktop\rat.exe | 1796 | 12-09-2017-08-35-26 | C:\Windows\system32\MSACM32.dll | 0x711D0000 |
| \Device\HarddiskVolume1\Users\uii\Desktop\rat.exe | 1796 | 12-09-2017-08-35-26 | C:\Windows\system32\MSVFW32.dll | 0x6FD90000 |
| \Device\HarddiskVolume1\Users\uii\Desktop\rat.exe | 1796 | 12-09-2017-08-35-26 | C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7600.16385_none_ebf82fc36c758ad5\COMCTL32.dll | 0x754C0000 |
| \Device\HarddiskVolume1\Users\uii\Desktop\rat.exe | 1796 | 12-09-2017-08-35-26 | C:\Windows\system32\AVICAP32.dll | 0x6FDD0000 |
| \Device\HarddiskVolume1\Users\uii\Desktop\rat.exe | 1796 | 12-09-2017-08-35-26 | C:\Windows\system32\VERSION.dll | 0x73510000 |
| \Device\HarddiskVolume1\Users\uii\Desktop\rat.exe | 1796 | 12-09-2017-08-35-26 | C:\Windows\system32\pdh.dll | 0x6FD50000 |
| \Device\HarddiskVolume1\Users\uii\Desktop\rat.exe | 1796 | 12-09-2017-08-35-26 | C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll | 0x6FBC0000 |
| \Device\HarddiskVolume1\Users\uii\Desktop\rat.exe | 1796 | 12-09-2017-08-35-26 | C:\Windows\syswow64\IMM32.dll | 0x770B0000 |
| \Device\HarddiskVolume1\Users\uii\Desktop\rat.exe | 1796 | 12-09-2017-08-35-26 | C:\Windows\syswow64\MSCTF.dll | 0x750E0000 |
| \Device\HarddiskVolume1\Users\uii\Desktop\rat.exe | 1796 | 12-09-2017-08-35-26 | C:\Windows\system32\uxtheme.dll | 0x74D00000 |
| \Device\HarddiskVolume1\Users\uii\Desktop\rat.exe | 1796 | 12-09-2017-08-35-26 | C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll | 0x749A0000 |
| \Device\HarddiskVolume1\Users\uii\Desktop\rat.exe | 1796 | 12-09-2017-08-35-26 | C:\Windows\syswow64\SETUPAPI.dll | 0x75660000 |
| \Device\HarddiskVolume1\Users\uii\Desktop\rat.exe | 1796 | 12-09-2017-08-35-26 | C:\Windows\syswow64\CFGMGR32.dll | 0x767E0000 |
| \Device\HarddiskVolume1\Users\uii\Desktop\rat.exe | 1796 | 12-09-2017-08-35-26 | C:\Windows\syswow64\DEVOBJ.dll | 0x75430000 |
| \Device\HarddiskVolume1\Users\uii\Desktop\rat.exe | 1796 | 12-09-2017-08-35-27 | C:\Windows\system32\PROPSYS.dll | 0x72D00000 |
| \Device\HarddiskVolume1\Users\uii\Desktop\rat.exe | 1796 | 12-09-2017-08-35-27 | C:\Windows\system32\profapi.dll | 0x74CB0000 |
| \Device\HarddiskVolume1\Users\uii\Desktop\rat.exe | 1796 | 12-09-2017-08-35-27 | C:\Windows\syswow64\CLBCatQ.DLL | 0x76750000 |
| \Device\HarddiskVolume1\Users\uii\Desktop\rat.exe | 1796 | 12-09-2017-08-35-27 | C:\Windows\system32\apphelp.dll | 0x74DC0000 |
| \Device\HarddiskVolume1\Users\uii\Desktop\rat.exe | 1796 | 12-09-2017-08-35-27 | C:\Program Files (x86)\Windows Photo Viewer\PhotoBase.dll | 0x6F840000 |
| \Device\HarddiskVolume1\Users\uii\Desktop\rat.exe | 1796 | 12-09-2017-08-35-27 | C:\Windows\system32\CRYPTSP.dll | 0x73B80000 |
| \Device\HarddiskVolume1\Users\uii\Desktop\rat.exe | 1796 | 12-09-2017-08-35-27 | C:\Windows\system32\rsaenh.dll | 0x72E90000 |
| \Device\HarddiskVolume1\Users\uii\Desktop\rat.exe | 1796 | 12-09-2017-08-35-27 | C:\Windows\system32\RpcRtRemote.dll | 0x748B0000 |
| \Device\HarddiskVolume1\Users\uii\Desktop\rat.exe | 1796 | 12-09-2017-08-35-27 | C:\Windows\system32\wsock32.dll | 0x6F830000 |
| \Device\HarddiskVolume1\Users\uii\Desktop\rat.exe | 1796 | 12-09-2017-08-35-27 | C:\Windows\system32\mswsock.dll | 0x73630000 |
| \Device\HarddiskVolume1\Users\uii\Desktop\rat.exe | 1796 | 12-09-2017-08-35-27 | C:\Windows\System32\wshtcpip.dll | 0x73600000 |
| \Device\HarddiskVolume1\Users\uii\Desktop\rat.exe | 1796 | 12-09-2017-08-35-27 | C:\Windows\system32\NLAapi.dll | 0x748E0000 |
| \Device\HarddiskVolume1\Users\uii\Desktop\rat.exe | 1796 | 12-09-2017-08-35-27 | C:\Windows\system32\DNSAPI.dll | 0x74C30000 |
| \Device\HarddiskVolume1\Users\uii\Desktop\rat.exe | 1796 | 12-09-2017-08-35-27 | C:\Windows\System32\winrnr.dll | 0x748C0000 |
| \Device\HarddiskVolume1\Users\uii\Desktop\rat.exe | 1796 | 12-09-2017-08-35-27 | C:\Windows\system32\napinsp.dll | 0x73B70000 |
| \Device\HarddiskVolume1\Users\uii\Desktop\rat.exe | 1796 | 12-09-2017-08-35-27 | C:\Windows\system32\pnrpnsp.dll | 0x73610000 |
| \Device\HarddiskVolume1\Users\uii\Desktop\rat.exe | 1796 | 12-09-2017-08-35-27 | C:\Windows\system32\wshbth.dll | 0x73B60000 |
| \Device\HarddiskVolume1\Users\uii\Desktop\rat.exe | 1796 | 12-09-2017-08-35-27 | C:\Windows\system32\IPHLPAPI.DLL | 0x74980000 |
| \Device\HarddiskVolume1\Users\uii\Desktop\rat.exe | 1796 | 12-09-2017-08-35-27 | C:\Windows\system32\WINNSI.DLL | 0x74970000 |
| \Device\HarddiskVolume1\Users\uii\Desktop\rat.exe | 1796 | 12-09-2017-08-35-27 | C:\Windows\System32\fwpuclnt.dll | 0x735B0000 |
| \Device\HarddiskVolume1\Users\uii\Desktop\rat.exe | 1796 | 12-09-2017-08-35-27 | C:\Windows\system32\rasadhlp.dll | 0x748D0000 |
| \Device\HarddiskVolume1\Windows\SysWOW64\cmd.exe | 824 | 12-09-2017-08-35-46 | C:\Windows\SysWOW64\cmd.exe | |
| \Device\HarddiskVolume1\Windows\SysWOW64\cmd.exe | 824 | 12-09-2017-08-35-46 | C:\Windows\SysWOW64\ntdll.dll | 0x77510000 |
| \Device\HarddiskVolume1\Windows\SysWOW64\cmd.exe | 824 | 12-09-2017-08-35-46 | C:\Windows\syswow64\kernel32.dll | 0x76A10000 |
| \Device\HarddiskVolume1\Windows\SysWOW64\cmd.exe | 824 | 12-09-2017-08-35-46 | C:\Windows\syswow64\KERNELBASE.dll | 0x75470000 |
| \Device\HarddiskVolume1\Windows\SysWOW64\cmd.exe | 824 | 12-09-2017-08-35-46 | C:\Windows\syswow64\msvcrt.dll | 0x755B0000 |
| \Device\HarddiskVolume1\Windows\SysWOW64\cmd.exe | 824 | 12-09-2017-08-35-46 | C:\Windows\system32\WINBRAND.dll | 0x711D0000 |
| \Device\HarddiskVolume1\Windows\SysWOW64\cmd.exe | 824 | 12-09-2017-08-35-46 | C:\Windows\syswow64\USER32.dll | 0x76BA0000 |
| \Device\HarddiskVolume1\Windows\SysWOW64\cmd.exe | 824 | 12-09-2017-08-35-46 | C:\Windows\syswow64\GDI32.dll | 0x76B10000 |
| \Device\HarddiskVolume1\Windows\SysWOW64\cmd.exe | 824 | 12-09-2017-08-35-46 | C:\Windows\syswow64\LPK.dll | 0x774E0000 |
| \Device\HarddiskVolume1\Windows\SysWOW64\cmd.exe | 824 | 12-09-2017-08-35-46 | C:\Windows\syswow64\USP10.dll | 0x75800000 |
| \Device\HarddiskVolume1\Windows\SysWOW64\cmd.exe | 824 | 12-09-2017-08-35-46 | C:\Windows\syswow64\ADVAPI32.dll | 0x751B0000 |
| \Device\HarddiskVolume1\Windows\SysWOW64\cmd.exe | 824 | 12-09-2017-08-35-46 | C:\Windows\SysWOW64\sechost.dll | 0x75450000 |
| \Device\HarddiskVolume1\Windows\SysWOW64\cmd.exe | 824 | 12-09-2017-08-35-46 | C:\Windows\syswow64\RPCRT4.dll | 0x758F0000 |
| \Device\HarddiskVolume1\Windows\SysWOW64\cmd.exe | 824 | 12-09-2017-08-35-46 | C:\Windows\syswow64\SspiCli.dll | 0x75080000 |
| \Device\HarddiskVolume1\Windows\SysWOW64\cmd.exe | 824 | 12-09-2017-08-35-46 | C:\Windows\syswow64\CRYPTBASE.dll | 0x75070000 |
| \Device\HarddiskVolume1\Windows\SysWOW64\cmd.exe | 824 | 12-09-2017-08-35-46 | C:\Windows\system32\IMM32.DLL | 0x770B0000 |
| \Device\HarddiskVolume1\Windows\SysWOW64\cmd.exe | 824 | 12-09-2017-08-35-46 | C:\Windows\syswow64\MSCTF.dll | 0x750E0000 |
| \Device\HarddiskVolume1\Windows\SysWOW64\cmd.exe | 824 | 12-09-2017-08-35-46 | C:\Windows\system32\apphelp.dll | 0x74DC0000 |
| \Device\HarddiskVolume1\Windows\SysWOW64\PING.EXE | 860 | 12-09-2017-08-35-46 | C:\Windows\SysWOW64\PING.EXE | |
| \Device\HarddiskVolume1\Windows\SysWOW64\PING.EXE | 860 | 12-09-2017-08-35-46 | C:\Windows\SysWOW64\ntdll.dll | 0x77510000 |
| \Device\HarddiskVolume1\Windows\SysWOW64\PING.EXE | 860 | 12-09-2017-08-35-46 | C:\Windows\syswow64\kernel32.dll | 0x76A10000 |
| \Device\HarddiskVolume1\Windows\SysWOW64\PING.EXE | 860 | 12-09-2017-08-35-46 | C:\Windows\syswow64\KERNELBASE.dll | 0x75470000 |
| \Device\HarddiskVolume1\Windows\SysWOW64\PING.EXE | 860 | 12-09-2017-08-35-46 | C:\Windows\syswow64\ADVAPI32.dll | 0x751B0000 |
| \Device\HarddiskVolume1\Windows\SysWOW64\PING.EXE | 860 | 12-09-2017-08-35-46 | C:\Windows\syswow64\msvcrt.dll | 0x755B0000 |
| \Device\HarddiskVolume1\Windows\SysWOW64\PING.EXE | 860 | 12-09-2017-08-35-46 | C:\Windows\SysWOW64\sechost.dll | 0x75450000 |
| \Device\HarddiskVolume1\Windows\SysWOW64\PING.EXE | 860 | 12-09-2017-08-35-46 | C:\Windows\syswow64\RPCRT4.dll | 0x758F0000 |
| \Device\HarddiskVolume1\Windows\SysWOW64\PING.EXE | 860 | 12-09-2017-08-35-46 | C:\Windows\syswow64\SspiCli.dll | 0x75080000 |
| \Device\HarddiskVolume1\Windows\SysWOW64\PING.EXE | 860 | 12-09-2017-08-35-46 | C:\Windows\syswow64\CRYPTBASE.dll | 0x75070000 |
| \Device\HarddiskVolume1\Windows\SysWOW64\PING.EXE | 860 | 12-09-2017-08-35-46 | C:\Windows\system32\IPHLPAPI.DLL | 0x74980000 |
| \Device\HarddiskVolume1\Windows\SysWOW64\PING.EXE | 860 | 12-09-2017-08-35-46 | C:\Windows\syswow64\NSI.dll | 0x76DF0000 |
| \Device\HarddiskVolume1\Windows\SysWOW64\PING.EXE | 860 | 12-09-2017-08-35-46 | C:\Windows\system32\WINNSI.DLL | 0x74970000 |
| \Device\HarddiskVolume1\Windows\SysWOW64\PING.EXE | 860 | 12-09-2017-08-35-46 | C:\Windows\syswow64\USER32.dll | 0x76BA0000 |
| \Device\HarddiskVolume1\Windows\SysWOW64\PING.EXE | 860 | 12-09-2017-08-35-46 | C:\Windows\syswow64\GDI32.dll | 0x76B10000 |
| \Device\HarddiskVolume1\Windows\SysWOW64\PING.EXE | 860 | 12-09-2017-08-35-46 | C:\Windows\syswow64\LPK.dll | 0x774E0000 |
| \Device\HarddiskVolume1\Windows\SysWOW64\PING.EXE | 860 | 12-09-2017-08-35-46 | C:\Windows\syswow64\USP10.dll | 0x75800000 |
| \Device\HarddiskVolume1\Windows\SysWOW64\PING.EXE | 860 | 12-09-2017-08-35-46 | C:\Windows\syswow64\WS2_32.dll | 0x752E0000 |
| \Device\HarddiskVolume1\Windows\SysWOW64\PING.EXE | 860 | 12-09-2017-08-35-46 | C:\Windows\system32\IMM32.DLL | 0x770B0000 |
| \Device\HarddiskVolume1\Windows\SysWOW64\PING.EXE | 860 | 12-09-2017-08-35-46 | C:\Windows\syswow64\MSCTF.dll | 0x750E0000 |
| \Device\HarddiskVolume1\Windows\SysWOW64\PING.EXE | 860 | 12-09-2017-08-35-46 | C:\Windows\system32\mswsock.dll | 0x73630000 |
| \Device\HarddiskVolume1\Windows\SysWOW64\PING.EXE | 860 | 12-09-2017-08-35-46 | C:\Windows\System32\wshtcpip.dll | 0x73600000 |
| \Device\HarddiskVolume1\Windows\SysWOW64\PING.EXE | 2588 | 12-09-2017-08-35-50 | C:\Windows\SysWOW64\PING.EXE | |
| \Device\HarddiskVolume1\Windows\SysWOW64\PING.EXE | 2588 | 12-09-2017-08-35-50 | C:\Windows\SysWOW64\ntdll.dll | 0x77510000 |
| \Device\HarddiskVolume1\Windows\SysWOW64\PING.EXE | 2588 | 12-09-2017-08-35-50 | C:\Windows\syswow64\kernel32.dll | 0x76A10000 |
| \Device\HarddiskVolume1\Windows\SysWOW64\PING.EXE | 2588 | 12-09-2017-08-35-50 | C:\Windows\syswow64\KERNELBASE.dll | 0x75470000 |
| \Device\HarddiskVolume1\Windows\SysWOW64\PING.EXE | 2588 | 12-09-2017-08-35-50 | C:\Windows\syswow64\ADVAPI32.dll | 0x751B0000 |
| \Device\HarddiskVolume1\Windows\SysWOW64\PING.EXE | 2588 | 12-09-2017-08-35-50 | C:\Windows\syswow64\msvcrt.dll | 0x755B0000 |
| \Device\HarddiskVolume1\Windows\SysWOW64\PING.EXE | 2588 | 12-09-2017-08-35-50 | C:\Windows\SysWOW64\sechost.dll | 0x75450000 |
| \Device\HarddiskVolume1\Windows\SysWOW64\PING.EXE | 2588 | 12-09-2017-08-35-50 | C:\Windows\syswow64\RPCRT4.dll | 0x758F0000 |
| \Device\HarddiskVolume1\Windows\SysWOW64\PING.EXE | 2588 | 12-09-2017-08-35-50 | C:\Windows\syswow64\SspiCli.dll | 0x75080000 |
| \Device\HarddiskVolume1\Windows\SysWOW64\PING.EXE | 2588 | 12-09-2017-08-35-50 | C:\Windows\syswow64\CRYPTBASE.dll | 0x75070000 |
| \Device\HarddiskVolume1\Windows\SysWOW64\PING.EXE | 2588 | 12-09-2017-08-35-50 | C:\Windows\system32\IPHLPAPI.DLL | 0x74980000 |
| \Device\HarddiskVolume1\Windows\SysWOW64\PING.EXE | 2588 | 12-09-2017-08-35-50 | C:\Windows\syswow64\NSI.dll | 0x76DF0000 |
| \Device\HarddiskVolume1\Windows\SysWOW64\PING.EXE | 2588 | 12-09-2017-08-35-50 | C:\Windows\system32\WINNSI.DLL | 0x74970000 |
| \Device\HarddiskVolume1\Windows\SysWOW64\PING.EXE | 2588 | 12-09-2017-08-35-50 | C:\Windows\syswow64\USER32.dll | 0x76BA0000 |
| \Device\HarddiskVolume1\Windows\SysWOW64\PING.EXE | 2588 | 12-09-2017-08-35-50 | C:\Windows\syswow64\GDI32.dll | 0x76B10000 |
| \Device\HarddiskVolume1\Windows\SysWOW64\PING.EXE | 2588 | 12-09-2017-08-35-50 | C:\Windows\syswow64\LPK.dll | 0x774E0000 |
| \Device\HarddiskVolume1\Windows\SysWOW64\PING.EXE | 2588 | 12-09-2017-08-35-50 | C:\Windows\syswow64\USP10.dll | 0x75800000 |
| \Device\HarddiskVolume1\Windows\SysWOW64\PING.EXE | 2588 | 12-09-2017-08-35-50 | C:\Windows\syswow64\WS2_32.dll | 0x752E0000 |
| \Device\HarddiskVolume1\Windows\SysWOW64\PING.EXE | 2588 | 12-09-2017-08-35-50 | C:\Windows\system32\IMM32.DLL | 0x770B0000 |
| \Device\HarddiskVolume1\Windows\SysWOW64\PING.EXE | 2588 | 12-09-2017-08-35-50 | C:\Windows\syswow64\MSCTF.dll | 0x750E0000 |
| \Device\HarddiskVolume1\Windows\SysWOW64\PING.EXE | 2588 | 12-09-2017-08-35-50 | C:\Windows\system32\mswsock.dll | 0x73630000 |
| \Device\HarddiskVolume1\Windows\SysWOW64\PING.EXE | 2588 | 12-09-2017-08-35-50 | C:\Windows\System32\wshtcpip.dll | 0x73600000 |
| \Device\HarddiskVolume1\Windows\SysWOW64\netsh.exe | 1408 | 12-09-2017-08-35-58 | C:\Windows\SysWOW64\netsh.exe | |
| \Device\HarddiskVolume1\Windows\SysWOW64\netsh.exe | 1408 | 12-09-2017-08-35-58 | C:\Windows\SysWOW64\ntdll.dll | 0x77510000 |
| \Device\HarddiskVolume1\Windows\SysWOW64\netsh.exe | 1408 | 12-09-2017-08-35-58 | C:\Windows\syswow64\kernel32.dll | 0x76A10000 |
| \Device\HarddiskVolume1\Windows\SysWOW64\netsh.exe | 1408 | 12-09-2017-08-35-58 | C:\Windows\syswow64\KERNELBASE.dll | 0x75470000 |
| \Device\HarddiskVolume1\Windows\SysWOW64\netsh.exe | 1408 | 12-09-2017-08-35-58 | C:\Windows\syswow64\ADVAPI32.dll | 0x751B0000 |
| \Device\HarddiskVolume1\Windows\SysWOW64\netsh.exe | 1408 | 12-09-2017-08-35-58 | C:\Windows\syswow64\msvcrt.dll | 0x755B0000 |
| \Device\HarddiskVolume1\Windows\SysWOW64\netsh.exe | 1408 | 12-09-2017-08-35-58 | C:\Windows\SysWOW64\sechost.dll | 0x75450000 |
| \Device\HarddiskVolume1\Windows\SysWOW64\netsh.exe | 1408 | 12-09-2017-08-35-58 | C:\Windows\syswow64\RPCRT4.dll | 0x758F0000 |
| \Device\HarddiskVolume1\Windows\SysWOW64\netsh.exe | 1408 | 12-09-2017-08-35-58 | C:\Windows\syswow64\SspiCli.dll | 0x75080000 |
| \Device\HarddiskVolume1\Windows\SysWOW64\netsh.exe | 1408 | 12-09-2017-08-35-58 | C:\Windows\syswow64\CRYPTBASE.dll | 0x75070000 |
| \Device\HarddiskVolume1\Windows\SysWOW64\netsh.exe | 1408 | 12-09-2017-08-35-58 | C:\Windows\system32\credui.dll | 0x71460000 |
| \Device\HarddiskVolume1\Windows\SysWOW64\netsh.exe | 1408 | 12-09-2017-08-35-58 | C:\Windows\syswow64\USER32.dll | 0x76BA0000 |
| \Device\HarddiskVolume1\Windows\SysWOW64\netsh.exe | 1408 | 12-09-2017-08-35-58 | C:\Windows\syswow64\GDI32.dll | 0x76B10000 |
| \Device\HarddiskVolume1\Windows\SysWOW64\netsh.exe | 1408 | 12-09-2017-08-35-58 | C:\Windows\syswow64\LPK.dll | 0x774E0000 |
| \Device\HarddiskVolume1\Windows\SysWOW64\netsh.exe | 1408 | 12-09-2017-08-35-58 | C:\Windows\syswow64\USP10.dll | 0x75800000 |
| \Device\HarddiskVolume1\Windows\SysWOW64\netsh.exe | 1408 | 12-09-2017-08-35-58 | C:\Windows\system32\MPR.dll | 0x714A0000 |
| \Device\HarddiskVolume1\Windows\SysWOW64\netsh.exe | 1408 | 12-09-2017-08-35-58 | C:\Windows\syswow64\ole32.dll | 0x76F50000 |
| \Device\HarddiskVolume1\Windows\SysWOW64\netsh.exe | 1408 | 12-09-2017-08-35-58 | C:\Windows\syswow64\OLEAUT32.dll | 0x75250000 |
| \Device\HarddiskVolume1\Windows\SysWOW64\netsh.exe | 1408 | 12-09-2017-08-35-58 | C:\Windows\system32\IMM32.DLL | 0x770B0000 |
| \Device\HarddiskVolume1\Windows\SysWOW64\netsh.exe | 1408 | 12-09-2017-08-35-58 | C:\Windows\syswow64\MSCTF.dll | 0x750E0000 |
| \Device\HarddiskVolume1\Windows\SysWOW64\netsh.exe | 1408 | 12-09-2017-08-35-58 | C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll | 0x749A0000 |
| \Device\HarddiskVolume1\Windows\SysWOW64\netsh.exe | 1408 | 12-09-2017-08-35-58 | C:\Windows\syswow64\SHLWAPI.dll | 0x75A90000 |
| \Device\HarddiskVolume1\Windows\SysWOW64\netsh.exe | 1408 | 12-09-2017-08-35-58 | C:\Windows\SysWOW64\RASMONTR.DLL | 0x711A0000 |
| \Device\HarddiskVolume1\Windows\SysWOW64\netsh.exe | 1408 | 12-09-2017-08-35-58 | C:\Windows\SysWOW64\MPRAPI.dll | 0x71170000 |
| \Device\HarddiskVolume1\Windows\SysWOW64\netsh.exe | 1408 | 12-09-2017-08-35-58 | C:\Windows\SysWOW64\RASAPI32.dll | 0x74910000 |
| \Device\HarddiskVolume1\Windows\SysWOW64\netsh.exe | 1408 | 12-09-2017-08-35-58 | C:\Windows\SysWOW64\rasman.dll | 0x74CC0000 |
| \Device\HarddiskVolume1\Windows\SysWOW64\netsh.exe | 1408 | 12-09-2017-08-35-58 | C:\Windows\syswow64\WS2_32.dll | 0x752E0000 |
| \Device\HarddiskVolume1\Windows\SysWOW64\netsh.exe | 1408 | 12-09-2017-08-35-58 | C:\Windows\syswow64\NSI.dll | 0x76DF0000 |
| \Device\HarddiskVolume1\Windows\SysWOW64\netsh.exe | 1408 | 12-09-2017-08-35-58 | C:\Windows\SysWOW64\fwpuclnt.dll | 0x735B0000 |
| \Device\HarddiskVolume1\Windows\SysWOW64\netsh.exe | 1408 | 12-09-2017-08-35-58 | C:\Windows\SysWOW64\MFC42u.dll | 0x6F4B0000 |
| \Device\HarddiskVolume1\Windows\SysWOW64\netsh.exe | 1408 | 12-09-2017-08-35-58 | C:\Windows\SysWOW64\ODBC32.dll | 0x6F220000 |
| \Device\HarddiskVolume1\Windows\SysWOW64\netsh.exe | 1408 | 12-09-2017-08-35-58 | C:\Windows\SysWOW64\IPHLPAPI.DLL | 0x74980000 |
| \Device\HarddiskVolume1\Windows\SysWOW64\netsh.exe | 1408 | 12-09-2017-08-35-58 | C:\Windows\SysWOW64\WINNSI.DLL | 0x74970000 |
| \Device\HarddiskVolume1\Windows\SysWOW64\netsh.exe | 1408 | 12-09-2017-08-35-58 | C:\Windows\SysWOW64\odbcint.dll | 0x6FD80000 |
| \Device\HarddiskVolume1\Windows\SysWOW64\netsh.exe | 1408 | 12-09-2017-08-35-58 | C:\Windows\SysWOW64\NSHWFP.DLL | 0x6F170000 |
| \Device\HarddiskVolume1\Windows\SysWOW64\netsh.exe | 1408 | 12-09-2017-08-35-58 | C:\Windows\syswow64\CRYPT32.dll | 0x76E00000 |
| \Device\HarddiskVolume1\Windows\SysWOW64\netsh.exe | 1408 | 12-09-2017-08-35-58 | C:\Windows\syswow64\MSASN1.dll | 0x75420000 |
| \Device\HarddiskVolume1\Windows\SysWOW64\netsh.exe | 1408 | 12-09-2017-08-35-58 | C:\Windows\SysWOW64\slc.dll | 0x6FDC0000 |
| \Device\HarddiskVolume1\Windows\SysWOW64\netsh.exe | 1408 | 12-09-2017-08-35-58 | C:\Windows\SysWOW64\DHCPCMONITOR.DLL | 0x711E0000 |
| \Device\HarddiskVolume1\Windows\SysWOW64\netsh.exe | 1408 | 12-09-2017-08-35-58 | C:\Windows\SysWOW64\dhcpcsvc.DLL | 0x73530000 |
| \Device\HarddiskVolume1\Windows\SysWOW64\netsh.exe | 1408 | 12-09-2017-08-35-58 | C:\Windows\SysWOW64\dhcpcsvc6.DLL | 0x73520000 |
| \Device\HarddiskVolume1\Windows\SysWOW64\netsh.exe | 1408 | 12-09-2017-08-35-58 | C:\Windows\SysWOW64\DhcpQEC.dll | 0x6FDD0000 |
| \Device\HarddiskVolume1\Windows\SysWOW64\netsh.exe | 1408 | 12-09-2017-08-35-58 | C:\Windows\SysWOW64\QUtil.dll | 0x6FD60000 |
| \Device\HarddiskVolume1\Windows\SysWOW64\netsh.exe | 1408 | 12-09-2017-08-35-58 | C:\Windows\SysWOW64\wevtapi.dll | 0x6F120000 |
| \Device\HarddiskVolume1\Windows\SysWOW64\netsh.exe | 1408 | 12-09-2017-08-35-58 | C:\Windows\SysWOW64\WSHELPER.DLL | 0x6FD50000 |
| \Device\HarddiskVolume1\Users\uii\AppData\Roaming\core64\client32.exe | 2240 | 12-09-2017-08-35-59 | C:\Users\uii\AppData\Roaming\core64\client32.exe | |
| \Device\HarddiskVolume1\Users\uii\AppData\Roaming\core64\client32.exe | 2240 | 12-09-2017-08-35-59 | C:\Windows\SysWOW64\ntdll.dll | 0x77510000 |
| \Device\HarddiskVolume1\Users\uii\AppData\Roaming\core64\client32.exe | 2240 | 12-09-2017-08-35-59 | C:\Windows\syswow64\kernel32.dll | 0x76A10000 |
| \Device\HarddiskVolume1\Users\uii\AppData\Roaming\core64\client32.exe | 2240 | 12-09-2017-08-35-59 | C:\Windows\syswow64\KERNELBASE.dll | 0x75470000 |
| \Device\HarddiskVolume1\Users\uii\AppData\Roaming\core64\client32.exe | 2240 | 12-09-2017-08-35-59 | C:\Users\uii\AppData\Roaming\core64\PCICL32.dll | 0x11000000 |
| \Device\HarddiskVolume1\Users\uii\AppData\Roaming\core64\client32.exe | 2240 | 12-09-2017-08-35-59 | C:\Users\uii\AppData\Roaming\core64\SHFOLDER.dll | 0x71300000 |
| \Device\HarddiskVolume1\Users\uii\AppData\Roaming\core64\client32.exe | 2240 | 12-09-2017-08-35-59 | C:\Windows\syswow64\ADVAPI32.dll | 0x751B0000 |
| \Device\HarddiskVolume1\Users\uii\AppData\Roaming\core64\client32.exe | 2240 | 12-09-2017-08-35-59 | C:\Windows\syswow64\msvcrt.dll | 0x755B0000 |
| \Device\HarddiskVolume1\Users\uii\AppData\Roaming\core64\client32.exe | 2240 | 12-09-2017-08-35-59 | C:\Windows\SysWOW64\sechost.dll | 0x75450000 |
| \Device\HarddiskVolume1\Users\uii\AppData\Roaming\core64\client32.exe | 2240 | 12-09-2017-08-35-59 | C:\Windows\syswow64\RPCRT4.dll | 0x758F0000 |
| \Device\HarddiskVolume1\Users\uii\AppData\Roaming\core64\client32.exe | 2240 | 12-09-2017-08-35-59 | C:\Windows\syswow64\SspiCli.dll | 0x75080000 |
| \Device\HarddiskVolume1\Users\uii\AppData\Roaming\core64\client32.exe | 2240 | 12-09-2017-08-35-59 | C:\Windows\syswow64\CRYPTBASE.dll | 0x75070000 |
| \Device\HarddiskVolume1\Users\uii\AppData\Roaming\core64\client32.exe | 2240 | 12-09-2017-08-35-59 | C:\Users\uii\AppData\Roaming\core64\Pcichek.dll | 0x10180000 |
| \Device\HarddiskVolume1\Users\uii\AppData\Roaming\core64\client32.exe | 2240 | 12-09-2017-08-35-59 | C:\Windows\syswow64\USER32.dll | 0x76BA0000 |
| \Device\HarddiskVolume1\Users\uii\AppData\Roaming\core64\client32.exe | 2240 | 12-09-2017-08-35-59 | C:\Windows\syswow64\GDI32.dll | 0x76B10000 |
| \Device\HarddiskVolume1\Users\uii\AppData\Roaming\core64\client32.exe | 2240 | 12-09-2017-08-35-59 | C:\Windows\syswow64\LPK.dll | 0x774E0000 |
| \Device\HarddiskVolume1\Users\uii\AppData\Roaming\core64\client32.exe | 2240 | 12-09-2017-08-35-59 | C:\Windows\syswow64\USP10.dll | 0x75800000 |
| \Device\HarddiskVolume1\Users\uii\AppData\Roaming\core64\client32.exe | 2240 | 12-09-2017-08-35-59 | C:\Users\uii\AppData\Roaming\core64\PCICAPI.dll | 0x10700000 |
| \Device\HarddiskVolume1\Users\uii\AppData\Roaming\core64\client32.exe | 2240 | 12-09-2017-08-35-59 | C:\Windows\system32\MPR.dll | 0x714A0000 |
| \Device\HarddiskVolume1\Users\uii\AppData\Roaming\core64\client32.exe | 2240 | 12-09-2017-08-35-59 | C:\Windows\system32\WINSPOOL.DRV | 0x719D0000 |
| \Device\HarddiskVolume1\Users\uii\AppData\Roaming\core64\client32.exe | 2240 | 12-09-2017-08-35-59 | C:\Windows\syswow64\comdlg32.dll | 0x759E0000 |
| \Device\HarddiskVolume1\Users\uii\AppData\Roaming\core64\client32.exe | 2240 | 12-09-2017-08-35-59 | C:\Windows\syswow64\SHLWAPI.dll | 0x75A90000 |
| \Device\HarddiskVolume1\Users\uii\AppData\Roaming\core64\client32.exe | 2240 | 12-09-2017-08-35-59 | C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\COMCTL32.dll | 0x749A0000 |
| \Device\HarddiskVolume1\Users\uii\AppData\Roaming\core64\client32.exe | 2240 | 12-09-2017-08-35-59 | C:\Windows\syswow64\SHELL32.dll | 0x75B00000 |
| \Device\HarddiskVolume1\Users\uii\AppData\Roaming\core64\client32.exe | 2240 | 12-09-2017-08-35-59 | C:\Windows\syswow64\ole32.dll | 0x76F50000 |
| \Device\HarddiskVolume1\Users\uii\AppData\Roaming\core64\client32.exe | 2240 | 12-09-2017-08-35-59 | C:\Windows\syswow64\OLEAUT32.dll | 0x75250000 |
| \Device\HarddiskVolume1\Users\uii\AppData\Roaming\core64\client32.exe | 2240 | 12-09-2017-08-35-59 | C:\Windows\system32\VERSION.dll | 0x73510000 |
| \Device\HarddiskVolume1\Users\uii\AppData\Roaming\core64\client32.exe | 2240 | 12-09-2017-08-35-59 | C:\Windows\system32\WINMM.dll | 0x6F590000 |
| \Device\HarddiskVolume1\Users\uii\AppData\Roaming\core64\client32.exe | 2240 | 12-09-2017-08-35-59 | C:\Windows\system32\WSOCK32.dll | 0x6FDA0000 |
| \Device\HarddiskVolume1\Users\uii\AppData\Roaming\core64\client32.exe | 2240 | 12-09-2017-08-35-59 | C:\Windows\syswow64\WS2_32.dll | 0x752E0000 |
| \Device\HarddiskVolume1\Users\uii\AppData\Roaming\core64\client32.exe | 2240 | 12-09-2017-08-35-59 | C:\Windows\syswow64\NSI.dll | 0x76DF0000 |
| \Device\HarddiskVolume1\Users\uii\AppData\Roaming\core64\client32.exe | 2240 | 12-09-2017-08-35-59 | C:\Windows\syswow64\WININET.dll | 0x75320000 |
| \Device\HarddiskVolume1\Users\uii\AppData\Roaming\core64\client32.exe | 2240 | 12-09-2017-08-35-59 | C:\Windows\syswow64\Normaliz.dll | 0x75AF0000 |
| \Device\HarddiskVolume1\Users\uii\AppData\Roaming\core64\client32.exe | 2240 | 12-09-2017-08-35-59 | C:\Windows\syswow64\urlmon.dll | 0x76CB0000 |
| \Device\HarddiskVolume1\Users\uii\AppData\Roaming\core64\client32.exe | 2240 | 12-09-2017-08-35-59 | C:\Windows\syswow64\CRYPT32.dll | 0x76E00000 |
| \Device\HarddiskVolume1\Users\uii\AppData\Roaming\core64\client32.exe | 2240 | 12-09-2017-08-35-59 | C:\Windows\syswow64\MSASN1.dll | 0x75420000 |
| \Device\HarddiskVolume1\Users\uii\AppData\Roaming\core64\client32.exe | 2240 | 12-09-2017-08-35-59 | C:\Windows\syswow64\iertutil.dll | 0x76810000 |
| \Device\HarddiskVolume1\Users\uii\AppData\Roaming\core64\client32.exe | 2240 | 12-09-2017-08-35-59 | C:\Windows\system32\IMM32.DLL | 0x770B0000 |
| \Device\HarddiskVolume1\Users\uii\AppData\Roaming\core64\client32.exe | 2240 | 12-09-2017-08-35-59 | C:\Windows\syswow64\MSCTF.dll | 0x750E0000 |
| \Device\HarddiskVolume1\Users\uii\AppData\Roaming\core64\client32.exe | 2240 | 12-09-2017-08-35-59 | C:\Windows\system32\Wtsapi32.dll | 0x71160000 |
| \Device\HarddiskVolume1\Users\uii\AppData\Roaming\core64\client32.exe | 2240 | 12-09-2017-08-35-59 | C:\Users\uii\AppData\Roaming\core64\CryptPak.dll | 0x10800000 |
| \Device\HarddiskVolume1\Users\uii\AppData\Roaming\core64\client32.exe | 2240 | 12-09-2017-08-35-59 | C:\Users\uii\AppData\Roaming\core64\HTCTL32.DLL | 0x101B0000 |
| \Device\HarddiskVolume1\Users\uii\AppData\Roaming\core64\client32.exe | 2240 | 12-09-2017-08-35-59 | C:\Windows\system32\uxtheme.dll | 0x74D00000 |
| \Device\HarddiskVolume1\Users\uii\AppData\Roaming\core64\client32.exe | 2240 | 12-09-2017-08-35-59 | C:\Users\uii\AppData\Roaming\core64\pcihooks.DLL | 0x003D0000 |
| \Device\HarddiskVolume1\Users\uii\AppData\Roaming\core64\client32.exe | 2240 | 12-09-2017-08-35-59 | C:\Windows\system32\WINSTA.dll | 0x6FD60000 |
| \Device\HarddiskVolume1\Users\uii\AppData\Roaming\core64\client32.exe | 2240 | 12-09-2017-08-35-59 | C:\Windows\system32\dwmapi.dll | 0x74CE0000 |
| \Device\HarddiskVolume1\Users\uii\AppData\Roaming\core64\client32.exe | 2240 | 12-09-2017-08-35-59 | C:\Windows\syswow64\CLBCatQ.DLL | 0x76750000 |
| \Device\HarddiskVolume1\Users\uii\AppData\Roaming\core64\client32.exe | 2240 | 12-09-2017-08-35-59 | C:\Windows\system32\USERENV.dll | 0x727D0000 |
| \Device\HarddiskVolume1\Users\uii\AppData\Roaming\core64\client32.exe | 2240 | 12-09-2017-08-35-59 | C:\Windows\system32\profapi.dll | 0x74CB0000 |
| \Device\HarddiskVolume1\Users\uii\AppData\Roaming\core64\client32.exe | 2240 | 12-09-2017-08-35-59 | C:\Windows\system32\DBGHELP.DLL | 0x03C90000 |
| \Device\HarddiskVolume1\Users\uii\AppData\Roaming\core64\client32.exe | 2240 | 12-09-2017-08-35-59 | C:\Windows\system32\riched32.dll | 0x6F830000 |
| \Device\HarddiskVolume1\Users\uii\AppData\Roaming\core64\client32.exe | 2240 | 12-09-2017-08-35-59 | C:\Windows\system32\RICHED20.dll | 0x6F210000 |
| \Device\HarddiskVolume1\Users\uii\AppData\Roaming\core64\client32.exe | 2240 | 12-09-2017-08-35-59 | C:\Windows\system32\NLAapi.dll | 0x748E0000 |
| \Device\HarddiskVolume1\Users\uii\AppData\Roaming\core64\client32.exe | 2240 | 12-09-2017-08-35-59 | C:\Windows\System32\mswsock.dll | 0x73630000 |
| \Device\HarddiskVolume1\Users\uii\AppData\Roaming\core64\client32.exe | 2240 | 12-09-2017-08-35-59 | C:\Windows\system32\DNSAPI.dll | 0x74C30000 |
| \Device\HarddiskVolume1\Users\uii\AppData\Roaming\core64\client32.exe | 2240 | 12-09-2017-08-35-59 | C:\Windows\System32\winrnr.dll | 0x748C0000 |
| \Device\HarddiskVolume1\Users\uii\AppData\Roaming\core64\client32.exe | 2240 | 12-09-2017-08-35-59 | C:\Windows\system32\napinsp.dll | 0x73B70000 |
| \Device\HarddiskVolume1\Users\uii\AppData\Roaming\core64\client32.exe | 2240 | 12-09-2017-08-35-59 | C:\Windows\system32\pnrpnsp.dll | 0x73610000 |
| \Device\HarddiskVolume1\Users\uii\AppData\Roaming\core64\client32.exe | 2240 | 12-09-2017-08-35-59 | C:\Windows\system32\wshbth.dll | 0x73B60000 |
| \Device\HarddiskVolume1\Users\uii\AppData\Roaming\core64\client32.exe | 2240 | 12-09-2017-08-35-59 | C:\Windows\system32\IPHLPAPI.DLL | 0x74980000 |
| \Device\HarddiskVolume1\Users\uii\AppData\Roaming\core64\client32.exe | 2240 | 12-09-2017-08-35-59 | C:\Windows\system32\WINNSI.DLL | 0x74970000 |
| \Device\HarddiskVolume1\Users\uii\AppData\Roaming\core64\client32.exe | 2240 | 12-09-2017-08-35-59 | C:\Windows\System32\fwpuclnt.dll | 0x735B0000 |
| \Device\HarddiskVolume1\Users\uii\AppData\Roaming\core64\client32.exe | 2240 | 12-09-2017-08-35-59 | C:\Windows\system32\rasadhlp.dll | 0x748D0000 |
| \Device\HarddiskVolume1\Users\uii\AppData\Roaming\core64\client32.exe | 2240 | 12-09-2017-08-35-59 | C:\Windows\System32\wshtcpip.dll | 0x73600000 |
| \Device\HarddiskVolume1\Users\uii\AppData\Roaming\core64\client32.exe | 2240 | 12-09-2017-08-36-04 | C:\Windows\system32\dhcpcsvc.DLL | 0x73530000 |
