634ad02fba5314a9c69334923a448c452550e08427ca7edb11d2d984eb66c115 (SHA256)
urkotu.exe
Windows Exe (x86-32)
Created at 2019-01-08 09:24:00
Monitored Processes
Behavior Information - Grouped by Category
Process #1: urkotu.exe
1709
0
| Information | Value |
|---|---|
| ID | #1 |
| File Name | c:\users\ciihmnxmn6ps\desktop\urkotu.exe |
| Command Line | "C:\Users\CIiHmnxMn6Ps\Desktop\urkotu.exe" |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:01:06, Reason: Analysis Target |
| Unmonitor | End Time: 00:02:04, Reason: Self Terminated |
| Monitor Duration | 00:00:58 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x858 |
| Parent PID | 0x508 (c:\windows\explorer.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
700
0x
4F4
0x
A14
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000c70000 | 0x00c70000 | 0x00c8ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000c70000 | 0x00c70000 | 0x00c7ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000000000c80000 | 0x00c80000 | 0x00c83fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000c90000 | 0x00c90000 | 0x00c90fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000ca0000 | 0x00ca0000 | 0x00cb3fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000000cc0000 | 0x00cc0000 | 0x00cfffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000d00000 | 0x00d00000 | 0x00d03fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000d10000 | 0x00d10000 | 0x00d11fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000000d20000 | 0x00d20000 | 0x00d21fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000d30000 | 0x00d30000 | 0x00d3ffff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x00d40000 | 0x00dfdfff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000000e00000 | 0x00e00000 | 0x00e3ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000e40000 | 0x00e40000 | 0x00e7ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000e80000 | 0x00e80000 | 0x00e80fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000e90000 | 0x00e90000 | 0x00e90fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000000e90000 | 0x00e90000 | 0x00e90fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000ea0000 | 0x00ea0000 | 0x00ea1fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000eb0000 | 0x00eb0000 | 0x00eb0fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000eb0000 | 0x00eb0000 | 0x00eb3fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000000ec0000 | 0x00ec0000 | 0x00ec3fff | Private Memory | rw |
|
|
|
- |
| urkotu.exe | 0x00ed0000 | 0x01024fff | Memory Mapped File | rwx |
|
|
|
|
| private_0x0000000001030000 | 0x01030000 | 0x0142ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000001430000 | 0x01430000 | 0x015b7fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000000015c0000 | 0x015c0000 | 0x019bffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000019c0000 | 0x019c0000 | 0x01dbffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000001dc0000 | 0x01dc0000 | 0x021bffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000000021c0000 | 0x021c0000 | 0x02340fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000002350000 | 0x02350000 | 0x02353fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002360000 | 0x02360000 | 0x0236ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000002370000 | 0x02370000 | 0x0376ffff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000003770000 | 0x03770000 | 0x03770fff | Private Memory | rwx |
|
|
|
- |
| private_0x00000000037a0000 | 0x037a0000 | 0x037affff | Private Memory | rw |
|
|
|
- |
| private_0x00000000037b0000 | 0x037b0000 | 0x0382ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000003830000 | 0x03830000 | 0x0390dfff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000003830000 | 0x03830000 | 0x038e7fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000003910000 | 0x03910000 | 0x03a0ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000003a10000 | 0x03a10000 | 0x03c0ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000003c10000 | 0x03c10000 | 0x0400ffff | Private Memory | rw |
|
|
|
- |
| sortdefault.nls | 0x04010000 | 0x04346fff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000004350000 | 0x04350000 | 0x04b4ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000004b50000 | 0x04b50000 | 0x04c1bfff | Private Memory | rw |
|
|
|
- |
| private_0x0000000004b50000 | 0x04b50000 | 0x04b84fff | Private Memory | rwx |
|
|
|
- |
| wow64cpu.dll | 0x64ae0000 | 0x64ae7fff | Memory Mapped File | rwx |
|
|
|
- |
| wow64win.dll | 0x64af0000 | 0x64b62fff | Memory Mapped File | rwx |
|
|
|
- |
| wow64.dll | 0x64b70000 | 0x64bbefff | Memory Mapped File | rwx |
|
|
|
- |
| rsaenh.dll | 0x74620000 | 0x7464efff | Memory Mapped File | rwx |
|
|
|
- |
| bcrypt.dll | 0x74650000 | 0x7466afff | Memory Mapped File | rwx |
|
|
|
- |
| cryptsp.dll | 0x74670000 | 0x74682fff | Memory Mapped File | rwx |
|
|
|
- |
| devobj.dll | 0x74690000 | 0x746b0fff | Memory Mapped File | rwx |
|
|
|
- |
| winnsi.dll | 0x746c0000 | 0x746c7fff | Memory Mapped File | rwx |
|
|
|
- |
| winmmbase.dll | 0x746d0000 | 0x746f2fff | Memory Mapped File | rwx |
|
|
|
- |
| userenv.dll | 0x74700000 | 0x74718fff | Memory Mapped File | rwx |
|
|
|
- |
| iphlpapi.dll | 0x74720000 | 0x7474ffff | Memory Mapped File | rwx |
|
|
|
- |
| mpr.dll | 0x74750000 | 0x74766fff | Memory Mapped File | rwx |
|
|
|
- |
| wininet.dll | 0x74770000 | 0x74993fff | Memory Mapped File | rwx |
|
|
|
- |
| comctl32.dll | 0x749a0000 | 0x74ba8fff | Memory Mapped File | rwx |
|
|
|
- |
| winmm.dll | 0x74bb0000 | 0x74bd3fff | Memory Mapped File | rwx |
|
|
|
- |
| wsock32.dll | 0x74be0000 | 0x74be7fff | Memory Mapped File | rwx |
|
|
|
- |
| version.dll | 0x74bf0000 | 0x74bf7fff | Memory Mapped File | rwx |
|
|
|
- |
| dwmapi.dll | 0x74c00000 | 0x74c1cfff | Memory Mapped File | rwx |
|
|
|
- |
| uxtheme.dll | 0x74c20000 | 0x74c94fff | Memory Mapped File | rwx |
|
|
|
- |
| bcryptprimitives.dll | 0x74d40000 | 0x74d98fff | Memory Mapped File | rwx |
|
|
|
- |
| cryptbase.dll | 0x74da0000 | 0x74da9fff | Memory Mapped File | rwx |
|
|
|
- |
| sspicli.dll | 0x74db0000 | 0x74dcdfff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x74e70000 | 0x74fe5fff | Memory Mapped File | rwx |
|
|
|
- |
| comdlg32.dll | 0x75160000 | 0x7521dfff | Memory Mapped File | rwx |
|
|
|
- |
| cfgmgr32.dll | 0x75220000 | 0x75255fff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x75260000 | 0x7534ffff | Memory Mapped File | rwx |
|
|
|
- |
| powrprof.dll | 0x753b0000 | 0x753f3fff | Memory Mapped File | rwx |
|
|
|
- |
| imm32.dll | 0x75400000 | 0x7542afff | Memory Mapped File | rwx |
|
|
|
- |
| shell32.dll | 0x75430000 | 0x767eefff | Memory Mapped File | rwx |
|
|
|
- |
| profapi.dll | 0x76810000 | 0x7681efff | Memory Mapped File | rwx |
|
|
|
- |
| ole32.dll | 0x768b0000 | 0x76999fff | Memory Mapped File | rwx |
|
|
|
- |
| ws2_32.dll | 0x769b0000 | 0x76a0bfff | Memory Mapped File | rwx |
|
|
|
- |
| advapi32.dll | 0x76a10000 | 0x76a8afff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x76c40000 | 0x76c82fff | Memory Mapped File | rwx |
|
|
|
- |
| oleaut32.dll | 0x76c90000 | 0x76d21fff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x76d90000 | 0x76e3bfff | Memory Mapped File | rwx |
|
|
|
- |
| combase.dll | 0x76e40000 | 0x76ff9fff | Memory Mapped File | rwx |
|
|
|
- |
| gdi32.dll | 0x77000000 | 0x7714cfff | Memory Mapped File | rwx |
|
|
|
- |
| user32.dll | 0x77150000 | 0x7728ffff | Memory Mapped File | rwx |
|
|
|
- |
| shlwapi.dll | 0x77290000 | 0x772d3fff | Memory Mapped File | rwx |
|
|
|
- |
| shcore.dll | 0x77340000 | 0x773ccfff | Memory Mapped File | rwx |
|
|
|
- |
| psapi.dll | 0x773d0000 | 0x773d5fff | Memory Mapped File | rwx |
|
|
|
- |
| nsi.dll | 0x773e0000 | 0x773e6fff | Memory Mapped File | rwx |
|
|
|
- |
| windows.storage.dll | 0x773f0000 | 0x778ccfff | Memory Mapped File | rwx |
|
|
|
- |
| msctf.dll | 0x778d0000 | 0x779effff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x779f0000 | 0x77aadfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel.appcore.dll | 0x77c30000 | 0x77c3bfff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x77ca0000 | 0x77e18fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| pagefile_0x00000000fee70000 | 0xfee70000 | 0xfef6ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000000fef70000 | 0xfef70000 | 0xfef92fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000000fef93000 | 0xfef93000 | 0xfef95fff | Private Memory | rw |
|
|
|
- |
| private_0x00000000fef96000 | 0xfef96000 | 0xfef96fff | Private Memory | rw |
|
|
|
- |
| private_0x00000000fef99000 | 0xfef99000 | 0xfef9bfff | Private Memory | rw |
|
|
|
- |
| private_0x00000000fef9c000 | 0xfef9c000 | 0xfef9efff | Private Memory | rw |
|
|
|
- |
| private_0x00000000fef9f000 | 0xfef9f000 | 0xfef9ffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000fffe0000 | 0xfffe0000 | 0x7ff8ee37ffff | Private Memory | r |
|
|
|
- |
| ntdll.dll | 0x7ff8ee380000 | 0x7ff8ee541fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x00007ff8ee542000 | 0x7ff8ee542000 | 0x7ffffffeffff | Private Memory | r |
|
|
|
- |
Host Behavior
File (9)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\urkotu.exe | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\urkotu.exe | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\urkotu.exe:Zone.Identifier | type = file_attributes |
|
1 | |
| Open | STD_INPUT_HANDLE | - |
|
2 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Open | STD_ERROR_HANDLE | - |
|
1 |
Registry (3)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\Control Panel\Mouse | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\AutoIt v3\AutoIt | - |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Control Panel\Mouse | value_name = SwapMouseButtons, data = 48 |
|
1 |
Process (1)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\urkotu.exe | os_pid = 0x73c, creation_flags = CREATE_SUSPENDED, show_window = SW_HIDE |
|
1 |
Thread (3)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Context | c:\users\ciihmnxmn6ps\desktop\urkotu.exe | os_tid = 0x700 |
|
1 | |
| Set Context | c:\users\ciihmnxmn6ps\desktop\urkotu.exe | os_tid = 0x700 |
|
1 | |
| Resume | c:\users\ciihmnxmn6ps\desktop\urkotu.exe | os_tid = 0x700 |
|
1 |
Memory (10)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Allocate | C:\Users\CIiHmnxMn6Ps\Desktop\urkotu.exe | address = 0x400000, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 217088 |
|
1 | |
| Protect | C:\Users\CIiHmnxMn6Ps\Desktop\urkotu.exe | address = 0x400000, protection = PAGE_READONLY, size = 1024 |
|
1 | |
| Protect | C:\Users\CIiHmnxMn6Ps\Desktop\urkotu.exe | address = 0x401000, protection = PAGE_EXECUTE_READ, size = 3885 |
|
1 | |
| Protect | C:\Users\CIiHmnxMn6Ps\Desktop\urkotu.exe | address = 0x402000, protection = PAGE_READONLY, size = 1182 |
|
1 | |
| Protect | C:\Users\CIiHmnxMn6Ps\Desktop\urkotu.exe | address = 0x403000, protection = PAGE_READWRITE, size = 820 |
|
1 | |
| Protect | C:\Users\CIiHmnxMn6Ps\Desktop\urkotu.exe | address = 0x404000, protection = PAGE_READONLY, size = 194300 |
|
1 | |
| Protect | C:\Users\CIiHmnxMn6Ps\Desktop\urkotu.exe | address = 0x434000, protection = PAGE_READONLY, size = 232 |
|
1 | |
| Read | C:\Users\CIiHmnxMn6Ps\Desktop\urkotu.exe | address = 0xffa53008, size = 4 |
|
1 | |
| Write | C:\Users\CIiHmnxMn6Ps\Desktop\urkotu.exe | address = 0x400000, size = 217088 |
|
1 | |
| Write | C:\Users\CIiHmnxMn6Ps\Desktop\urkotu.exe | address = 0xffa53008, size = 4 |
|
1 |
Module (100)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | kernel32.dll | base_address = 0x75260000 |
|
23 | |
| Load | C:\Users\CIiHmnxMn6Ps\Desktop\urkotu.exe | base_address = 0xed0000 |
|
2 | |
| Load | Advapi32.dll | base_address = 0x76a10000 |
|
1 | |
| Load | kernel32 | base_address = 0x75260000 |
|
2 | |
| Get Handle | c:\windows\syswow64\kernel32.dll | base_address = 0x75260000 |
|
1 | |
| Get Handle | mscoree.dll | - |
|
1 | |
| Get Filename | - | process_name = c:\users\ciihmnxmn6ps\desktop\urkotu.exe, file_name_orig = C:\Users\CIiHmnxMn6Ps\Desktop\urkotu.exe, size = 260 |
|
1 | |
| Get Filename | - | process_name = c:\users\ciihmnxmn6ps\desktop\urkotu.exe, file_name_orig = C:\Users\CIiHmnxMn6Ps\Desktop\urkotu.exe, size = 32767 |
|
3 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FlsAlloc, address_out = 0x7527a330 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FlsFree, address_out = 0x7527f400 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FlsGetValue, address_out = 0x75277580 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FlsSetValue, address_out = 0x75279910 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = InitializeCriticalSectionEx, address_out = 0x75286030 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateEventExW, address_out = 0x75285f90 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateSemaphoreExW, address_out = 0x75285ff0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetThreadStackGuarantee, address_out = 0x7527a5d0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateThreadpoolTimer, address_out = 0x7527a690 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetThreadpoolTimer, address_out = 0x77cd40f0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = WaitForThreadpoolTimerCallbacks, address_out = 0x77ccd630 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CloseThreadpoolTimer, address_out = 0x77ccecf0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateThreadpoolWait, address_out = 0x75285720 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetThreadpoolWait, address_out = 0x77cce140 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CloseThreadpoolWait, address_out = 0x77cceb60 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FlushProcessWriteBuffers, address_out = 0x77d09990 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FreeLibraryWhenCallbackReturns, address_out = 0x77d05540 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetCurrentProcessorNumber, address_out = 0x77cf9dc0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetLogicalProcessorInformation, address_out = 0x7527a550 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateSymbolicLinkW, address_out = 0x752a0a40 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetDefaultDllDirectories, address_out = 0x74fa0790 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = EnumSystemLocalesEx, address_out = 0x7527f8a0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CompareStringEx, address_out = 0x7527fa30 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetDateFormatEx, address_out = 0x752a1030 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetLocaleInfoEx, address_out = 0x7527a000 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetTimeFormatEx, address_out = 0x752a14b0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetUserDefaultLocaleName, address_out = 0x7527a4f0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = IsValidLocaleName, address_out = 0x752a16f0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = LCMapStringEx, address_out = 0x75279970 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetCurrentPackageId, address_out = 0x74f23c90 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetTickCount64, address_out = 0x75278710 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetFileInformationByHandleExW, address_out = 0x0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetFileInformationByHandleW, address_out = 0x0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetNativeSystemInfo, address_out = 0x7527a410 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | address_out = 0x7527ebb0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = Wow64RevertWow64FsRedirection, address_out = 0x7527eb90 |
|
2 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = Wow64DisableWow64FsRedirection, address_out = 0x7527ebb0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateMutexW, address_out = 0x75285fe0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetLastError, address_out = 0x75272db0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FindResourceW, address_out = 0x75283a50 |
|
4 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SizeofResource, address_out = 0x75278cb0 |
|
4 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = LoadResource, address_out = 0x752778f0 |
|
4 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = LockResource, address_out = 0x75277a50 |
|
4 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptAcquireContext, address_out = 0x0 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptAcquireContextA, address_out = 0x76a30c00 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptCreateHash, address_out = 0x76a2f930 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptHashData, address_out = 0x76a2f950 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptDeriveKey, address_out = 0x76a45b70 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptDestroyHash, address_out = 0x76a2fbf0 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptDecrypt, address_out = 0x76a310f0 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptDestroyKey, address_out = 0x76a2fc10 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = VirtualAlloc, address_out = 0x75278b70 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = VirtualFree, address_out = 0x75278c70 |
|
1 |
Window (2)
| Operation | Window Name | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | AutoIt v3 | class_name = AutoIt v3, wndproc_parameter = 0 |
|
1 | |
| Create | - | class_name = edit, wndproc_parameter = 0 |
|
1 |
System (1574)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Sleep | duration = 750 milliseconds (0.750 seconds) |
|
49 | |
| Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1510 | |
| Get Time | type = System Time, time = 2019-01-08 09:25:42 (UTC) |
|
13 | |
| Get Info | type = Operating System |
|
1 | |
| Get Info | type = Hardware Information |
|
1 |
Mutex (1)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Create | mutex_name = {ergvvsvfxlybedyahvxbrbqcraka} |
|
1 |
Environment (2)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
1 | |
| Get Environment String | name = USERPROFILE, result_out = C:\Users\CIiHmnxMn6Ps |
|
1 |
Debug (1)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Check for Presence | c:\users\ciihmnxmn6ps\desktop\urkotu.exe | - |
|
1 |
Process #2: urkotu.exe
2136
0
| Information | Value |
|---|---|
| ID | #2 |
| File Name | c:\users\ciihmnxmn6ps\desktop\urkotu.exe |
| Command Line | "C:\Users\CIiHmnxMn6Ps\Desktop\urkotu.exe" |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:02:01, Reason: Child Process |
| Unmonitor | End Time: 00:02:16, Reason: Self Terminated |
| Monitor Duration | 00:00:15 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x73c |
| Parent PID | 0x858 (c:\users\ciihmnxmn6ps\desktop\urkotu.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
744
0x
40
0x
920
0x
B90
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000400000 | 0x00400000 | 0x00434fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000000e20000 | 0x00e20000 | 0x00e3ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000e20000 | 0x00e20000 | 0x00e2ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000000000e30000 | 0x00e30000 | 0x00e33fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000e40000 | 0x00e40000 | 0x00e41fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000e40000 | 0x00e40000 | 0x00e40fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000e50000 | 0x00e50000 | 0x00e63fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000000e70000 | 0x00e70000 | 0x00eaffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000eb0000 | 0x00eb0000 | 0x00eb3fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000ec0000 | 0x00ec0000 | 0x00ec1fff | Pagefile Backed Memory | r |
|
|
|
- |
| urkotu.exe | 0x00ed0000 | 0x01024fff | Memory Mapped File | rwx |
|
|
|
|
| private_0x0000000001030000 | 0x01030000 | 0x0142ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000001430000 | 0x01430000 | 0x01431fff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x01440000 | 0x014fdfff | Memory Mapped File | r |
|
|
|
- |
| imm32.dll | 0x01500000 | 0x01529fff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000001500000 | 0x01500000 | 0x01500fff | Private Memory | rw |
|
|
|
- |
| sfc.dll | 0x01510000 | 0x01512fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x0000000001520000 | 0x01520000 | 0x01520fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000001530000 | 0x01530000 | 0x0153ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000001540000 | 0x01540000 | 0x0157ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000001580000 | 0x01580000 | 0x015bffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000015c0000 | 0x015c0000 | 0x015c0fff | Private Memory | rwx |
|
|
|
- |
| private_0x00000000015c0000 | 0x015c0000 | 0x015c5fff | Private Memory | rwx |
|
|
|
- |
| private_0x00000000015d0000 | 0x015d0000 | 0x015dcfff | Private Memory | rwx |
|
|
|
- |
| private_0x00000000015e0000 | 0x015e0000 | 0x015effff | Private Memory | rw |
|
|
|
- |
| private_0x00000000015f0000 | 0x015f0000 | 0x015f3fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000001600000 | 0x01600000 | 0x01600fff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000000001610000 | 0x01610000 | 0x01610fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000001620000 | 0x01620000 | 0x0171ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000001720000 | 0x01720000 | 0x0181ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000001820000 | 0x01820000 | 0x019a7fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000000019b0000 | 0x019b0000 | 0x01b30fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000001b40000 | 0x01b40000 | 0x02f3ffff | Pagefile Backed Memory | r |
|
|
|
- |
| oleaut32.dll | 0x02f40000 | 0x02fd0fff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000002f40000 | 0x02f40000 | 0x0303ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000003040000 | 0x03040000 | 0x030fcfff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000003100000 | 0x03100000 | 0x03165fff | Private Memory | rwx |
|
|
|
- |
| sortdefault.nls | 0x03170000 | 0x034a6fff | Memory Mapped File | r |
|
|
|
- |
| private_0x00000000034b0000 | 0x034b0000 | 0x034effff | Private Memory | rw |
|
|
|
- |
| private_0x00000000034f0000 | 0x034f0000 | 0x038effff | Private Memory | rw |
|
|
|
- |
| private_0x00000000038f0000 | 0x038f0000 | 0x03a7ffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000038f0000 | 0x038f0000 | 0x038f0fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000003900000 | 0x03900000 | 0x03900fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000003910000 | 0x03910000 | 0x03910fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000003920000 | 0x03920000 | 0x03920fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000003930000 | 0x03930000 | 0x0393bfff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000003a70000 | 0x03a70000 | 0x03a7ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000003a80000 | 0x03a80000 | 0x03bdbfff | Private Memory | rw |
|
|
|
- |
| private_0x0000000003a80000 | 0x03a80000 | 0x03bdafff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000003be0000 | 0x03be0000 | 0x03da3fff | Pagefile Backed Memory | rwx |
|
|
|
- |
| private_0x0000000003be0000 | 0x03be0000 | 0x03fb8fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000003fc0000 | 0x03fc0000 | 0x04397fff | Pagefile Backed Memory | rwx |
|
|
|
- |
| wow64cpu.dll | 0x64ae0000 | 0x64ae7fff | Memory Mapped File | rwx |
|
|
|
- |
| wow64win.dll | 0x64af0000 | 0x64b62fff | Memory Mapped File | rwx |
|
|
|
- |
| wow64.dll | 0x64b70000 | 0x64bbefff | Memory Mapped File | rwx |
|
|
|
- |
| iertutil.dll | 0x74340000 | 0x74600fff | Memory Mapped File | rwx |
|
|
|
- |
| secur32.dll | 0x74610000 | 0x74619fff | Memory Mapped File | rwx |
|
|
|
- |
| tapi3.dll | 0x74690000 | 0x74767fff | Memory Mapped File | rwx |
|
|
|
- |
| samlib.dll | 0x746c0000 | 0x746d2fff | Memory Mapped File | rwx |
|
|
|
- |
| dnsapi.dll | 0x746e0000 | 0x74763fff | Memory Mapped File | rwx |
|
|
|
- |
| wininet.dll | 0x74770000 | 0x74993fff | Memory Mapped File | rwx |
|
|
|
- |
| devrtl.dll | 0x749a0000 | 0x749aefff | Memory Mapped File | rwx |
|
|
|
- |
| ntmarta.dll | 0x749b0000 | 0x749d7fff | Memory Mapped File | rwx |
|
|
|
- |
| samcli.dll | 0x749e0000 | 0x749f3fff | Memory Mapped File | rwx |
|
|
|
- |
| urlmon.dll | 0x74a00000 | 0x74b5ffff | Memory Mapped File | rwx |
|
|
|
- |
| bcrypt.dll | 0x74b60000 | 0x74b7afff | Memory Mapped File | rwx |
|
|
|
- |
| netutils.dll | 0x74b80000 | 0x74b89fff | Memory Mapped File | rwx |
|
|
|
- |
| wkscli.dll | 0x74b90000 | 0x74b9ffff | Memory Mapped File | rwx |
|
|
|
- |
| srvcli.dll | 0x74ba0000 | 0x74bbbfff | Memory Mapped File | rwx |
|
|
|
- |
| netapi32.dll | 0x74bc0000 | 0x74bd2fff | Memory Mapped File | rwx |
|
|
|
- |
| sfc_os.dll | 0x74be0000 | 0x74beefff | Memory Mapped File | rwx |
|
|
|
- |
| version.dll | 0x74bf0000 | 0x74bf7fff | Memory Mapped File | rwx |
|
|
|
- |
| uxtheme.dll | 0x74c20000 | 0x74c94fff | Memory Mapped File | rwx |
|
|
|
- |
| apphelp.dll | 0x74ca0000 | 0x74d30fff | Memory Mapped File | rwx |
|
|
|
- |
| bcryptprimitives.dll | 0x74d40000 | 0x74d98fff | Memory Mapped File | rwx |
|
|
|
- |
| cryptbase.dll | 0x74da0000 | 0x74da9fff | Memory Mapped File | rwx |
|
|
|
- |
| sspicli.dll | 0x74db0000 | 0x74dcdfff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x74e70000 | 0x74fe5fff | Memory Mapped File | rwx |
|
|
|
- |
| cfgmgr32.dll | 0x75220000 | 0x75255fff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x75260000 | 0x7534ffff | Memory Mapped File | rwx |
|
|
|
- |
| powrprof.dll | 0x753b0000 | 0x753f3fff | Memory Mapped File | rwx |
|
|
|
- |
| imm32.dll | 0x75400000 | 0x7542afff | Memory Mapped File | rwx |
|
|
|
- |
| shell32.dll | 0x75430000 | 0x767eefff | Memory Mapped File | rwx |
|
|
|
- |
| profapi.dll | 0x76810000 | 0x7681efff | Memory Mapped File | rwx |
|
|
|
- |
| ole32.dll | 0x768b0000 | 0x76999fff | Memory Mapped File | rwx |
|
|
|
- |
| ws2_32.dll | 0x769b0000 | 0x76a0bfff | Memory Mapped File | rwx |
|
|
|
- |
| advapi32.dll | 0x76a10000 | 0x76a8afff | Memory Mapped File | rwx |
|
|
|
- |
| setupapi.dll | 0x76a90000 | 0x76c34fff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x76c40000 | 0x76c82fff | Memory Mapped File | rwx |
|
|
|
- |
| msasn1.dll | 0x76d30000 | 0x76d3dfff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x76d90000 | 0x76e3bfff | Memory Mapped File | rwx |
|
|
|
- |
| combase.dll | 0x76e40000 | 0x76ff9fff | Memory Mapped File | rwx |
|
|
|
- |
| gdi32.dll | 0x77000000 | 0x7714cfff | Memory Mapped File | rwx |
|
|
|
- |
| user32.dll | 0x77150000 | 0x7728ffff | Memory Mapped File | rwx |
|
|
|
- |
| shlwapi.dll | 0x77290000 | 0x772d3fff | Memory Mapped File | rwx |
|
|
|
- |
| shcore.dll | 0x77340000 | 0x773ccfff | Memory Mapped File | rwx |
|
|
|
- |
| nsi.dll | 0x773e0000 | 0x773e6fff | Memory Mapped File | rwx |
|
|
|
- |
| windows.storage.dll | 0x773f0000 | 0x778ccfff | Memory Mapped File | rwx |
|
|
|
- |
| msctf.dll | 0x778d0000 | 0x779effff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x779f0000 | 0x77aadfff | Memory Mapped File | rwx |
|
|
|
- |
| crypt32.dll | 0x77ab0000 | 0x77c24fff | Memory Mapped File | rwx |
|
|
|
- |
| kernel.appcore.dll | 0x77c30000 | 0x77c3bfff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x77ca0000 | 0x77e18fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| sysmain.sdb | 0xff590000 | 0xff91ffff | Memory Mapped File | r |
|
|
|
- |
| private_0x00000000ff92d000 | 0xff92d000 | 0xff92ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000000ff930000 | 0xff930000 | 0xffa2ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000000ffa30000 | 0xffa30000 | 0xffa52fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000000ffa53000 | 0xffa53000 | 0xffa53fff | Private Memory | rw |
|
|
|
- |
| private_0x00000000ffa54000 | 0xffa54000 | 0xffa56fff | Private Memory | rw |
|
|
|
- |
| private_0x00000000ffa57000 | 0xffa57000 | 0xffa57fff | Private Memory | rw |
|
|
|
- |
| private_0x00000000ffa5a000 | 0xffa5a000 | 0xffa5cfff | Private Memory | rw |
|
|
|
- |
| private_0x00000000ffa5d000 | 0xffa5d000 | 0xffa5ffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000fffe0000 | 0xfffe0000 | 0x7ff8ee37ffff | Private Memory | r |
|
|
|
- |
| ntdll.dll | 0x7ff8ee380000 | 0x7ff8ee541fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x00007ff8ee542000 | 0x7ff8ee542000 | 0x7ffffffeffff | Private Memory | r |
|
|
|
- |
Injection Information
| Injection Type | Source Process | Source Os Thread ID | Information | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | #1: c:\users\ciihmnxmn6ps\desktop\urkotu.exe | 0x700 | address = 0x400000, size = 217088 |
|
1 | |
| Modify Memory | #1: c:\users\ciihmnxmn6ps\desktop\urkotu.exe | 0x700 | address = 0xffa53008, size = 4 |
|
1 | |
| Modify Control Flow | #1: c:\users\ciihmnxmn6ps\desktop\urkotu.exe | 0x700 | os_tid = 0x744, address = 0x77d0aef0 |
|
1 |
Created Files
| Filename | File Size | Hash Values | YARA Match | Actions |
|---|---|---|---|---|
| C:\ProgramData\Task Protect 2.3\kttkyovpa.txt | 0.00 KB |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 SSDeep: 3:: |
|
|
Host Behavior
File (39)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Windows\SysWOW64\tapi3.dll | desired_access = GENERIC_EXECUTE, GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Windows\SYSTEM32\ntdll.dll | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Windows\SysWOW64\explorer.exe | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\.\HGFS | desired_access = FILE_READ_DATA, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\.\VBoxGuest | desired_access = FILE_READ_DATA, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\ProgramData\Task Protect 2.3\kttkyovpa.txt | desired_access = FILE_WRITE_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | C:\ProgramData\Task Protect 2.3\ws97995e1qms.exe | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_BACKUP_SEMANTICS, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\ProgramData\Task Protect 2.3\ws97995e1qms.exe | desired_access = FILE_READ_ATTRIBUTES, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\ProgramData\Task Protect 2.3\ws97995e1qms.exe | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_BACKUP_SEMANTICS, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Windows\SysWOW64\explorer.exe | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create Directory | C:\ProgramData\Task Protect 2.3 | - |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\AppData\Roaming | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps | type = file_attributes |
|
1 | |
| Get Info | C:\ProgramData | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup | type = file_attributes |
|
1 | |
| Get Info | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures | type = file_attributes |
|
1 | |
| Get Info | C:\Program Files (x86) | type = file_attributes |
|
2 | |
| Get Info | C:\Windows\SysWOW64\explorer.exe | type = file_attributes |
|
2 | |
| Get Info | C:\Windows\SysWOW64\explorer.exe | type = size |
|
1 | |
| Get Info | C:\ProgramData\Task Protect 2.3 | type = file_attributes |
|
1 | |
| Get Info | C:\ProgramData\Task Protect 2.3 | type = file_attributes |
|
1 | |
| Get Info | C:\ProgramData\Task Protect 2.3\ws97995e1qms.exe | type = size |
|
2 | |
| Get Info | C:\ProgramData\Task Protect 2.3\ws97995e1qms.exe | type = file_attributes |
|
1 | |
| Get Info | C:\ProgramData\Task Protect 2.3\ws97995e1qms.exe | type = size |
|
1 | |
| Get Info | C:\Windows\SysWOW64\explorer.exe | type = size |
|
1 | |
| Move | C:\ProgramData\Task Protect 2.3\ws97995e1qms.exe | source_filename = C:\Users\CIiHmnxMn6Ps\Desktop\urkotu.exe, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_COPY_ALLOWED, MOVEFILE_WRITE_THROUGH |
|
1 | |
| Read | C:\Windows\SysWOW64\explorer.exe | size = 824, size_out = 824 |
|
1 | |
| Read | C:\ProgramData\Task Protect 2.3\ws97995e1qms.exe | size = 1417944, size_out = 1417944 |
|
1 | |
| Read | C:\ProgramData\Task Protect 2.3\ws97995e1qms.exe | size = 1417944, size_out = 1417944 |
|
1 | |
| Read | C:\Windows\SysWOW64\explorer.exe | size = 824, size_out = 824 |
|
1 | |
| Delete | C:\ProgramData\Task Protect 2.3\kttkyovpa.txt | - |
|
1 | |
| Delete | C:\ProgramData\Task Protect 2.3\ws97995e1qms.exe:Zone.Identifier | - |
|
1 |
Registry (1401)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create Key | HKEY_CURRENT_USER\Software\AppDataLow\Software | - |
|
1 | |
| Create Key | HKEY_CURRENT_USER\Software\AppDataLow\Software\MyMailClient | - |
|
1 | |
| Create Key | HKEY_CURRENT_USER\Software\AppDataLow\Google Updater | - |
|
1 | |
| Create Key | HKEY_CURRENT_USER\Software\AppDataLow\Software\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\11881FB1\e6577de29e95e38a02 | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ws97995e1qms.exe | - |
|
1 | |
| Create Key | HKEY_CURRENT_USER\Software\AppDataLow\Software\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\11881FB1\e6577de29e95e38a02 | - |
|
9 | |
| Open Key | HKEY_CURRENT_USER\Software\AppDataLow\Software\{1C1C1C1C-1C1C-1C1C-1C1C-1C1C1C1C1C1C}\00101CF2\fd01153281ab2 | - |
|
3 | |
| Open Key | HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\AppDataLow\Google Updater | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Win7zip | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Win7zip | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\AppDataLow\Software\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\11881FB1\e6577de29e95e38a02 | - |
|
5 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\.NET CLR Data | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\.NET CLR Networking | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\.NET CLR Networking 4.0.0.0 | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\.NET Data Provider for Oracle | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\.NET Data Provider for SqlServer | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\.NET Memory Cache 4.0 | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\.NETFramework | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\1394ohci | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\3ware | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\ACPI | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\acpiex | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\acpipagr | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AcpiPmi | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\acpitime | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AdobeARMservice | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\ADOVMPPackage | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\ADP80XX | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\adsi | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AFD | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\agp440 | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\ahcache | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AJRouter | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\ALG | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AmdK8 | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AmdPPM | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\amdsata | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\amdsbs | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\amdxata | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AppID | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AppIDSvc | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Appinfo | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AppMgmt | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AppReadiness | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AppXSvc | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\arcsas | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AsyncMac | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\atapi | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AudioEndpointBuilder | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Audiosrv | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AxInstSV | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\b06bdrv | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BasicDisplay | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BasicRender | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BattC | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\bcmfn2 | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BDESVC | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Beep | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\bowser | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BrokerInfrastructure | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Browser | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BthAvrcpTg | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BthHFEnum | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\bthhfhid | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BthHFSrv | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BTHMODEM | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BTHPORT | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\bthserv | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\buttonconverter | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\CapImg | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\cdfs | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\CDPSvc | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\cdrom | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\CertPropSvc | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\circlass | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\CLFS | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\ClickToRunSvc | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\ClipSVC | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\clr_optimization_v2.0.50727_32 | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\clr_optimization_v2.0.50727_64 | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\clr_optimization_v4.0.30319_32 | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\clr_optimization_v4.0.30319_64 | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\CmBatt | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\CNG | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\cnghwassist | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\CompositeBus | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\COMSysApp | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\condrv | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\CoreMessagingRegistrar | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\CoreUI | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\crypt32 | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\CryptSvc | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\CSC | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\CscService | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\dam | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\DCLocator | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\DcomLaunch | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\DcpSvc | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\defragsvc | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\DeviceAssociationService | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\DeviceInstall | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\DevQueryBroker | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dfsc | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dhcp | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\diagnosticshub.standardcollector.service | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\DiagTrack | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\disk | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\DmEnrollmentSvc | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\dmvsc | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\dmwappushservice | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\DoSvc | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\dot3svc | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\DPS | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\drmkaud | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\DsmSvc | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\DsSvc | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\DXGKrnl | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\e1iexpress | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Eaphost | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\ebdrv | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\EFS | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\EhStorClass | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\EhStorTcgDrv | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\embeddedmode | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\EntAppSvc | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\ErrDev | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\ESENT | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\EventLog | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\EventSystem | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\exfat | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\fastfat | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Fax | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\fcvsc | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\fdc | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\fdPHost | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FDResPub | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\fhsvc | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FileCrypt | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FileInfo | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Filetrace | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\flpydisk | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FontCache | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FontCache3.0.0.0 | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FsDepends | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Fs_Rec | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\fvevol | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\gagp30kx | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\gencounter | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\genericusbfn | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\GPIOClx0101 | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\gpsvc | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\GpuEnergyDrv | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\gupdate | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\gupdatem | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\HdAudAddService | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\HDAudBus | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\HidBatt | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\HidBth | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\hidi2c | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\hidinterrupt | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\HidIr | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\hidserv | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\HidUsb | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\HomeGroupListener | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\HomeGroupProvider | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\HpSAMD | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\HTTP | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\hwpolicy | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\hyperkbd | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\HyperVideo | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\i8042prt | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\iaLPSSi_GPIO | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\iaLPSSi_I2C | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\iaStorAV | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\iaStorV | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\ibbus | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\icssvc | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\IEEtwCollectorService | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\IKEEXT | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\inetaccs | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\intelide | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\intelpep | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\intelppm | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\IoQos | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\IpFilterDriver | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\iphlpsvc | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\IPMIDRV | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\IPNAT | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\IRENUM | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\isapnp | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\iScsiPrt | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\kbdclass | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\kbdhid | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\kdnic | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\KeyIso | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\KSecDD | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\KSecPkg | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\ksthunk | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\KtmRm | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanServer | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\ldap | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\lfsvc | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LicenseManager | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\lltdio | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\lltdsvc | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\lmhosts | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Lsa | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LSI_SAS | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LSI_SAS2i | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LSI_SAS3i | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LSI_SSS | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LSM | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\luafv | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MapsBroker | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\megasas | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\megasr | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\mlx4_bus | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MMCSS | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Modem | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\monitor | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\mouclass | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\mouhid | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\mountmgr | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MozillaMaintenance | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\mpsdrv | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MpsSvc | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MRxDAV | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\mrxsmb | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\mrxsmb10 | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\mrxsmb20 | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MsBridge | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MSDTC | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MSDTC Bridge 3.0.0.0 | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MSDTC Bridge 4.0.0.0 | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Msfs | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\msgpiowin32 | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\mshidkmdf | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\mshidumdf | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\msisadrv | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MSiSCSI | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\msiserver | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MSKSSRV | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MsLldp | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MSPCLOCK | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MSPQM | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MsRPC | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MSSCNTRS | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\mssmbios | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MSTEE | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MTConfig | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Mup | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\mvumis | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\napagent | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NativeWifiP | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NcaSvc | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NcbService | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NcdAutoSetup | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\ndfltr | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NDIS | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NdisCap | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NdisImPlatform | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NdisTapi | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Ndisuio | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NdisVirtualBus | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NdisWan | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\ndiswanlegacy | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\ndproxy | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Ndu | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetbiosSmb | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Netlogon | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Netman | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\netprofm | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetSetupSvc | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetTcpPortSharing | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\netvsc | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NETVSCVFPP | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NgcCtnrSvc | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NgcSvc | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NlaSvc | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Npfs | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\npsvctrig | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\nsi | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\nsiproxy | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NTDS | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NTFS | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Null | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\nvraid | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\nvstor | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\nv_agp | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\OneSyncSvc | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\OneSyncSvc_Session1 | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\ose64 | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\p2pimsvc | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\p2psvc | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Parport | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\partmgr | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PcaSvc | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\pci | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\pciide | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\pcmcia | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\pcw | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\pdc | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PEAUTH | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PeerDistSvc | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\percsas2i | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\percsas3i | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PerfDisk | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PerfHost | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PerfNet | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PerfOS | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PerfProc | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PimIndexMaintenanceSvc | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PimIndexMaintenanceSvc_Session1 | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\pla | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PlugPlay | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PNRPAutoReg | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PNRPsvc | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PolicyAgent | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PortProxy | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Power | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PptpMiniport | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PrintNotify | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Processor | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\ProfSvc | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Psched | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\QWAVE | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\QWAVEdrv | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RasAcd | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RasAgileVpn | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RasAuto | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Rasl2tp | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RasMan | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RasPppoe | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RasSstp | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Razerlow | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\rdbss | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RDMANDK | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\rdpbus | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RDPDR | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RDPNP | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RDPUDD | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RdpVideoMiniport | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\rdyboost | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\ReFSv1 | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RegFilter | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteRegistry | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RetailDemo | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RpcEptMapper | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RpcLocator | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RpcSs | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\rspndr | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\s3cap | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SamSs | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\sbp2port | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SCardSvr | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\ScDeviceEnum | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\scfilter | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Schedule | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SCPolicySvc | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\sdbus | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SDRSVC | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\sdstor | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\seclogon | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SENS | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SensorDataService | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SensorService | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SensrSvc | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SerCx | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SerCx2 | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Serenum | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Serial | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\sermouse | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\ServiceModelEndpoint 3.0.0.0 | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\ServiceModelOperation 3.0.0.0 | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\ServiceModelService 3.0.0.0 | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SessionEnv | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\sfloppy | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\ShellHWDetection | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SiSRaid2 | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SiSRaid4 | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\smphost | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SmsRouter | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SMSvcHost 3.0.0.0 | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SMSvcHost 4.0.0.0 | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SNMPTRAP | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\spaceport | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SpbCx | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Spooler | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\sppsvc | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\srv | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\srv2 | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\srvnet | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SSDPSRV | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SstpSvc | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\StateRepository | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\stexstor | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\stisvc | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\storahci | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\storflt | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\stornvme | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\storqosflt | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\StorSvc | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\storufs | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\storvsc | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\svsvc | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\swenum | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\swprv | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Synth3dVsc | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SysMain | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SystemEventsBroker | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\TabletInputService | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\TapiSrv | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip6 | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\TCPIP6TUNNEL | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\tcpipreg | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\TCPIPTUNNEL | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\tdx | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\terminpt | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\TermService | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Themes | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\tiledatamodelsvc | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\TimeBroker | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\TPM | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\TrkWks | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\TrustedInstaller | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\TSDDD | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\TsUsbFlt | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\TsUsbGD | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ws97995e1qms.exe | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | value_name = ProcessorNameString, data = Intel (R) Core(TM) i5-7500 CPU @ 3.40GHz, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion | value_name = ProductId, data = 00330-80107-01105-AA992, type = REG_SZ |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\AppDataLow\Software\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\11881FB1\e6577de29e95e38a02 | value_name = 9b98592ad9d1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\AppDataLow\Software\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\11881FB1\e6577de29e95e38a02 | value_name = af65e3d3b62960, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\AppDataLow\Software\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\11881FB1\e6577de29e95e38a02 | value_name = 5615404c6cc999b, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\AppDataLow\Software\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\11881FB1\e6577de29e95e38a02 | value_name = 0d12757fbbf3, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\AppDataLow\Software\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\11881FB1\e6577de29e95e38a02 | value_name = 0c5af5e4d37, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\AppDataLow\Software\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\11881FB1\e6577de29e95e38a02 | value_name = 5ffd897d923e, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\AppDataLow\Software\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\11881FB1\e6577de29e95e38a02 | value_name = 820ee8cfcabdd7fb1, type = REG_NONE |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\AppDataLow\Google Updater | value_name = LastUpdate, size = 16, type = REG_BINARY |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\AppDataLow\Software\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\11881FB1\e6577de29e95e38a02 | value_name = 66dfeeb3f4c63abca14, size = 4, type = REG_BINARY |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ws97995e1qms.exe | value_name = DisableExceptionChainValidation, size = 2, type = REG_SZ |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\AppDataLow\Software\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\11881FB1\e6577de29e95e38a02 | value_name = 9b98592ad9d1, size = 18, type = REG_BINARY |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\AppDataLow\Software\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\11881FB1\e6577de29e95e38a02 | value_name = af65e3d3b62960, size = 4, type = REG_BINARY |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\AppDataLow\Software\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\11881FB1\e6577de29e95e38a02 | value_name = 5615404c6cc999b, size = 4, type = REG_BINARY |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\AppDataLow\Software\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\11881FB1\e6577de29e95e38a02 | value_name = 0d12757fbbf3, size = 4, type = REG_BINARY |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\AppDataLow\Software\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\11881FB1\e6577de29e95e38a02 | value_name = 0c5af5e4d37, size = 4, type = REG_BINARY |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\AppDataLow\Software\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\11881FB1\e6577de29e95e38a02 | value_name = 5ffd897d923e, size = 4, type = REG_BINARY |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\AppDataLow\Software\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\11881FB1\e6577de29e95e38a02 | value_name = 820ee8cfcabdd7fb1, size = 4, type = REG_BINARY |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\AppDataLow\Software\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\11881FB1\e6577de29e95e38a02 | value_name = dca28b911c, size = 20, type = REG_BINARY |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\AppDataLow\Software\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\11881FB1\e6577de29e95e38a02 | value_name = 8014f07ffab8a0f657, size = 520, type = REG_BINARY |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | - |
|
2 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | - |
|
2 | |
| Get Key Info | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Get Key Info | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\.NET CLR Data | - |
|
1 | |
| Get Key Info | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\.NET CLR Networking | - |
|
1 | |
| Get Key Info | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\.NET CLR Networking 4.0.0.0 | - |
|
1 | |
| Get Key Info | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\.NET Data Provider for Oracle | - |
|
1 | |
| Get Key Info | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\.NET Data Provider for SqlServer | - |
|
1 | |
| Get Key Info | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\.NET Memory Cache 4.0 | - |
|
1 | |
| Get Key Info | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\.NETFramework | - |
|
1 | |
| Get Key Info | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\1394ohci | - |
|
1 | |
| Get Key Info | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\3ware | - |
|
1 | |
| Get Key Info | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\ACPI | - |
|
1 | |
| Get Key Info | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\acpiex | - |
|
1 | |
| Get Key Info | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\acpipagr | - |
|
1 | |
| Get Key Info | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AcpiPmi | - |
|
1 | |
| Get Key Info | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\acpitime | - |
|
1 | |
| Get Key Info | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AdobeARMservice | - |
|
1 | |
| Get Key Info | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\ADOVMPPackage | - |
|
1 | |
| Get Key Info | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\ADP80XX | - |
|
1 | |
| Get Key Info | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\adsi | - |
|
1 | |
| Get Key Info | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AFD | - |
|
1 | |
| Get Key Info | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\agp440 | - |
|
1 | |
| Get Key Info | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\ahcache | - |
|
1 | |
| Get Key Info | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AJRouter | - |
|
1 | |
| Get Key Info | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\ALG | - |
|
1 | |
| Get Key Info | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AmdK8 | - |
|
1 | |
| Get Key Info | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AmdPPM | - |
|
1 | |
| Get Key Info | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\amdsata | - |
|
1 | |
| Get Key Info | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\amdsbs | - |
|
1 | |
| Get Key Info | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\amdxata | - |
|
1 | |
| Get Key Info | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AppID | - |
|
1 | |
| Get Key Info | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AppIDSvc | - |
|
1 | |
| Get Key Info | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Appinfo | - |
|
1 | |
| Get Key Info | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AppMgmt | - |
|
1 | |
| Get Key Info | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AppReadiness | - |
|
1 | |
| Get Key Info | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AppXSvc | - |
|
1 | |
| Get Key Info | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\arcsas | - |
|
1 | |
| Get Key Info | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AsyncMac | - |
|
1 | |
| Get Key Info | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\atapi | - |
|
1 | |
| Get Key Info | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AudioEndpointBuilder | - |
|
1 | |
| Get Key Info | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Audiosrv | - |
|
1 | |
| Get Key Info | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AxInstSV | - |
|
1 | |
| Get Key Info | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\b06bdrv | - |
|
1 | |
| Get Key Info | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BasicDisplay | - |
|
1 | |
| Get Key Info | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BasicRender | - |
|
1 | |
| Get Key Info | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BattC | - |
|
1 | |
| Get Key Info | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\bcmfn2 | - |
|
1 | |
| Get Key Info | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BDESVC | - |
|
1 | |
| Get Key Info | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Beep | - |
|
1 | |
| Get Key Info | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE | - |
|
1 | |
| Get Key Info | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS | - |
|
1 | |
| Get Key Info | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\bowser | - |
|
1 | |
| Get Key Info | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BrokerInfrastructure | - |
|
1 | |
| Get Key Info | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Browser | - |
|
1 | |
| Get Key Info | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BthAvrcpTg | - |
|
1 | |
| Get Key Info | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BthHFEnum | - |
|
1 | |
| Get Key Info | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\bthhfhid | - |
|
1 | |
| Get Key Info | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BthHFSrv | - |
|
1 | |
| Get Key Info | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BTHMODEM | - |
|
1 | |
| Get Key Info | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BTHPORT | - |
|
1 | |
| Get Key Info | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\bthserv | - |
|
1 | |
| Get Key Info | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\buttonconverter | - |
|
1 | |
| Get Key Info | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\CapImg | - |
|
1 | |
| Get Key Info | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\cdfs | - |
|
1 | |
| Get Key Info | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\CDPSvc | - |
|
1 | |
| Get Key Info | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\cdrom | - |
|
1 | |
| Get Key Info | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\CertPropSvc | - |
|
1 | |
| Get Key Info | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\circlass | - |
|
1 | |
| Get Key Info | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\CLFS | - |
|
1 | |
| Get Key Info | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\ClickToRunSvc | - |
|
1 | |
| Get Key Info | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\ClipSVC | - |
|
1 | |
| Get Key Info | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\clr_optimization_v2.0.50727_32 | - |
|
1 | |
| Get Key Info | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\clr_optimization_v2.0.50727_64 | - |
|
1 | |
| Get Key Info | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\clr_optimization_v4.0.30319_32 | - |
|
1 | |
| Get Key Info | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\clr_optimization_v4.0.30319_64 | - |
|
1 | |
| Get Key Info | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\CmBatt | - |
|
1 | |
| Get Key Info | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\CNG | - |
|
1 | |
| Get Key Info | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\cnghwassist | - |
|
1 | |
| Get Key Info | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\CompositeBus | - |
|
1 | |
| Get Key Info | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\COMSysApp | - |
|
1 | |
| Get Key Info | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\condrv | - |
|
1 | |
| Get Key Info | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\CoreMessagingRegistrar | - |
|
1 | |
| Get Key Info | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\CoreUI | - |
|
1 | |
| Get Key Info | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\crypt32 | - |
|
1 | |
| Get Key Info | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\CryptSvc | - |
|
1 | |
| Get Key Info | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\CSC | - |
|
1 | |
| Get Key Info | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\CscService | - |
|
1 | |
| Get Key Info | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\dam | - |
|
1 | |
| Get Key Info | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\DCLocator | - |
|
1 | |
| Get Key Info | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\DcomLaunch | - |
|
1 | |
| Get Key Info | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\DcpSvc | - |
|
1 | |
| Get Key Info | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\defragsvc | - |
|
1 | |
| Get Key Info | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\DeviceAssociationService | - |
|
1 | |
| Get Key Info | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\DeviceInstall | - |
|
1 | |
| Get Key Info | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\DevQueryBroker | - |
|
1 | |
| Get Key Info | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dfsc | - |
|
1 | |
| Get Key Info | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dhcp | - |
|
1 | |
| Get Key Info | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\diagnosticshub.standardcollector.service | - |
|
1 | |
| Get Key Info | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\DiagTrack | - |
|
1 | |
| Get Key Info | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\disk | - |
|
1 | |
| Get Key Info | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\DmEnrollmentSvc | - |
|
1 | |
| Get Key Info | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\dmvsc | - |
|
1 | |
| Get Key Info | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\dmwappushservice | - |
|
1 | |
| Get Key Info | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache | - |
|
1 | |
| Get Key Info | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\DoSvc | - |
|
1 | |
| Get Key Info | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\dot3svc | - |
|
1 | |
| Get Key Info | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\DPS | - |
|
1 | |
|
For performance reasons, the remaining 335 entries are omitted.
The remaining entries can be found in glog.xml. |
|||||
Process (6)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Windows\SysWOW64\explorer.exe | os_pid = 0xbcc, creation_flags = CREATE_SUSPENDED, CREATE_DETACHED_PROCESS, CREATE_NORMAL_PRIORITY_CLASS, show_window = SW_HIDE |
|
1 | |
| Get Info | c:\users\ciihmnxmn6ps\desktop\urkotu.exe | type = PROCESS_BASIC_INFORMATION |
|
2 | |
| Open | c:\users\ciihmnxmn6ps\desktop\urkotu.exe | desired_access = PROCESS_QUERY_INFORMATION |
|
2 | |
| Resume | C:\Windows\SysWOW64\explorer.exe | - |
|
1 |
Thread (2)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Context | c:\users\ciihmnxmn6ps\desktop\urkotu.exe | os_tid = 0x744 |
|
1 | |
| Resume | c:\users\ciihmnxmn6ps\desktop\urkotu.exe | os_tid = 0x744 |
|
1 |
Memory (3)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | C:\Windows\SysWOW64\explorer.exe | address = 0xdbd000, allocation_type = MEM_RESET_UNDO, protection_out = PAGE_EXECUTE_READ, size_out = 1220608 |
|
1 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 0xd20000, size = 512 |
|
1 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 0xd20000, size = 4026368 |
|
1 |
Module (162)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | user32.dll | base_address = 0x77150000 |
|
2 | |
| Load | secur32.dll | base_address = 0x74610000 |
|
2 | |
| Load | crypt32.dll | base_address = 0x77ab0000 |
|
2 | |
| Load | advapi32.dll | base_address = 0x76a10000 |
|
2 | |
| Load | wininet.dll | base_address = 0x74770000 |
|
2 | |
| Load | shell32.dll | base_address = 0x75430000 |
|
2 | |
| Load | shlwapi.dll | base_address = 0x77290000 |
|
2 | |
| Load | ole32.dll | base_address = 0x768b0000 |
|
2 | |
| Load | version.dll | base_address = 0x74bf0000 |
|
2 | |
| Load | sfc.dll | base_address = 0x1510000 |
|
1 | |
| Load | sfc_os.dll | base_address = 0x74be0000 |
|
2 | |
| Load | ws2_32.dll | base_address = 0x769b0000 |
|
2 | |
| Load | Netapi32.dll | base_address = 0x74bc0000 |
|
2 | |
| Load | Urlmon.dll | base_address = 0x74a00000 |
|
2 | |
| Load | dnsapi.dll | base_address = 0x746e0000 |
|
1 | |
| Load | msvcrt.dll | base_address = 0x779f0000 |
|
3 | |
| Get Handle | private_0x0000000000400000 | base_address = 0x400000 |
|
1 | |
| Get Handle | c:\windows\syswow64\ntdll.dll | base_address = 0x77ca0000 |
|
19 | |
| Get Handle | c:\windows\syswow64\kernel32.dll | base_address = 0x75260000 |
|
7 | |
| Get Handle | c:\windows\syswow64\user32.dll | base_address = 0x77150000 |
|
2 | |
| Get Handle | c:\windows\syswow64\advapi32.dll | base_address = 0x76a10000 |
|
2 | |
| Get Handle | c:\windows\syswow64\urlmon.dll | base_address = 0x74a00000 |
|
2 | |
| Get Handle | c:\windows\syswow64\netapi32.dll | base_address = 0x74bc0000 |
|
1 | |
| Get Handle | c:\windows\syswow64\ole32.dll | base_address = 0x768b0000 |
|
1 | |
| Get Handle | c:\windows\syswow64\ws2_32.dll | base_address = 0x769b0000 |
|
3 | |
| Get Handle | c:\windows\syswow64\secur32.dll | base_address = 0x74610000 |
|
2 | |
| Get Handle | c:\windows\syswow64\sfc_os.dll | base_address = 0x74be0000 |
|
1 | |
| Get Handle | mscoree.dll | base_address = 0x0 |
|
2 | |
| Get Handle | avcuf32.dll | base_address = 0x0 |
|
2 | |
| Get Handle | private_0x0000000003100000 | base_address = 0x3100000 |
|
2 | |
| Get Handle | c:\windows\syswow64\wininet.dll | base_address = 0x74770000 |
|
1 | |
| Get Handle | firefox.exe | base_address = 0x0 |
|
1 | |
| Get Handle | tbb-firefox.exe | base_address = 0x0 |
|
1 | |
| Get Handle | iexplore.exe | base_address = 0x0 |
|
1 | |
| Get Handle | chrome.exe | base_address = 0x0 |
|
1 | |
| Get Handle | chrome.dll | base_address = 0x0 |
|
1 | |
| Get Handle | ssleay32.dll | base_address = 0x0 |
|
1 | |
| Get Filename | - | process_name = c:\users\ciihmnxmn6ps\desktop\urkotu.exe, file_name_orig = C:\Users\CIiHmnxMn6Ps\Desktop\urkotu.exe, size = 260 |
|
1 | |
| Get Filename | - | process_name = c:\users\ciihmnxmn6ps\desktop\urkotu.exe, file_name_orig = C:\Users\CIiHmnxMn6Ps\Desktop\urkotu.exe, size = 259 |
|
1 | |
| Get Filename | avcuf32.dll | process_name = c:\users\ciihmnxmn6ps\desktop\urkotu.exe, file_name_orig = C:\Users\CIiHmnxMn6Ps\Desktop\urkotu.exe, size = 259 |
|
1 | |
| Get Filename | c:\windows\syswow64\ntdll.dll | process_name = c:\users\ciihmnxmn6ps\desktop\urkotu.exe, file_name_orig = C:\Windows\SYSTEM32\ntdll.dll, size = 259 |
|
1 | |
| Get Filename | ssleay32.dll | process_name = c:\users\ciihmnxmn6ps\desktop\urkotu.exe, file_name_orig = C:, size = 3 |
|
1 | |
| Get Address | - | function = AddVectoredExceptionHandler, ordinal = 0, address_out = 0x142f574 |
|
1 | |
| Get Address | - | function = DeleteCriticalSection, ordinal = 0, address_out = 0x142f574 |
|
1 | |
| Get Address | - | function = EnterCriticalSection, ordinal = 0, address_out = 0x142f574 |
|
1 | |
| Get Address | - | function = ExitThread, ordinal = 0, address_out = 0x142f574 |
|
1 | |
| Get Address | - | function = HeapAlloc, ordinal = 0, address_out = 0x142f574 |
|
1 | |
| Get Address | - | function = HeapReAlloc, ordinal = 0, address_out = 0x142f574 |
|
1 | |
| Get Address | - | function = HeapSize, ordinal = 0, address_out = 0x142f574 |
|
1 | |
| Get Address | - | function = LeaveCriticalSection, ordinal = 0, address_out = 0x142f574 |
|
1 | |
| Get Address | - | function = TryEnterCriticalSection, ordinal = 0, address_out = 0x142f574 |
|
1 | |
| Get Address | - | function = GetUserNameExW, ordinal = 0, address_out = 0x142f574 |
|
1 | |
| Get Address | - | function = CLSIDFromProgID, ordinal = 0, address_out = 0x142f574 |
|
1 | |
| Get Address | - | function = CLSIDFromString, ordinal = 0, address_out = 0x142f574 |
|
1 | |
| Get Address | - | function = CoCreateGuid, ordinal = 0, address_out = 0x142f574 |
|
1 | |
| Get Address | - | function = CoCreateInstance, ordinal = 0, address_out = 0x142f574 |
|
1 | |
| Get Address | - | function = CoInitializeEx, ordinal = 0, address_out = 0x142f574 |
|
1 | |
| Get Address | - | function = CoTaskMemAlloc, ordinal = 0, address_out = 0x142f574 |
|
1 | |
| Get Address | - | function = CoTaskMemFree, ordinal = 0, address_out = 0x142f574 |
|
1 | |
| Get Address | - | function = CoTaskMemRealloc, ordinal = 0, address_out = 0x142f574 |
|
1 | |
| Get Address | - | function = CoUninitialize, ordinal = 0, address_out = 0x142f574 |
|
1 | |
| Get Address | - | function = IIDFromString, ordinal = 0, address_out = 0x142f574 |
|
1 | |
| Get Address | - | function = ProgIDFromCLSID, ordinal = 0, address_out = 0x142f574 |
|
1 | |
| Get Address | - | function = StringFromGUID2, ordinal = 0, address_out = 0x142f574 |
|
1 | |
| Get Address | - | function = NtOpenKeyEx, ordinal = 0, address_out = 0x142f53c |
|
1 | |
| Get Address | - | function = NtCreateThreadEx, ordinal = 0, address_out = 0x142f53c |
|
1 | |
| Get Address | - | function = NtRemoveProcessDebug, ordinal = 0, address_out = 0x142f53c |
|
1 | |
| Get Address | - | function = KiFastSystemCall, ordinal = 0, address_out = 0x142f53c |
|
1 | |
| Get Address | - | function = KiIntSystemCall, ordinal = 0, address_out = 0x142f53c |
|
1 | |
| Get Address | - | function = CsrGetProcessId, ordinal = 0, address_out = 0x142f53c |
|
1 | |
| Get Address | - | function = RtlQueryEnvironmentVariable, ordinal = 0, address_out = 0x142f53c |
|
1 | |
| Get Address | - | function = RtlSetEnvironmentVar, ordinal = 0, address_out = 0x142f53c |
|
1 | |
| Get Address | - | function = RtlQueryEnvironmentVariable_U, ordinal = 0, address_out = 0x142f53c |
|
1 | |
| Get Address | - | function = RtlSetEnvironmentVariable, ordinal = 0, address_out = 0x142f53c |
|
1 | |
| Get Address | - | function = DbgBreakPoint, ordinal = 0, address_out = 0x142f53c |
|
1 | |
| Get Address | - | function = DbgUiConnectToDbg, ordinal = 0, address_out = 0x142f53c |
|
1 | |
| Get Address | - | function = DbgUiGetThreadDebugObject, ordinal = 0, address_out = 0x142f53c |
|
1 | |
| Get Address | - | function = DbgUiStopDebugging, ordinal = 0, address_out = 0x142f53c |
|
1 | |
| Get Address | - | function = memset, ordinal = 0, address_out = 0x142f53c |
|
1 | |
| Get Address | - | function = memcpy, ordinal = 0, address_out = 0x142f53c |
|
1 | |
| Get Address | - | function = wcsstr, ordinal = 0, address_out = 0x142f53c |
|
1 | |
| Get Address | - | function = RtlRandomEx, ordinal = 0, address_out = 0x142f53c |
|
1 | |
| Get Address | - | function = GetProductInfo, ordinal = 0, address_out = 0x142f53c |
|
1 | |
| Get Address | - | function = GetMappedFileNameW, ordinal = 0, address_out = 0x142f53c |
|
1 | |
| Get Address | - | function = GetThreadId, ordinal = 0, address_out = 0x142f53c |
|
1 | |
| Get Address | - | function = InitializeProcThreadAttributeList, ordinal = 0, address_out = 0x142f53c |
|
1 | |
| Get Address | - | function = UpdateProcThreadAttribute, ordinal = 0, address_out = 0x142f53c |
|
1 | |
| Get Address | - | function = CreateProcessInternalW, ordinal = 0, address_out = 0x142f53c |
|
1 | |
| Get Address | - | function = ChangeWindowMessageFilter, ordinal = 0, address_out = 0x142f53c |
|
1 | |
| Get Address | - | function = CreateProcessWithTokenW, ordinal = 0, address_out = 0x142f53c |
|
1 | |
| Get Address | - | function = ObtainUserAgentString, ordinal = 0, address_out = 0x142f53c |
|
1 | |
| Get Address | - | function = URLDownloadToFileW, ordinal = 0, address_out = 0x142f53c |
|
1 | |
| Get Address | - | function = NetUserGetInfo, ordinal = 0, address_out = 0x142f53c |
|
1 | |
| Get Address | - | function = SHCreateItemFromParsingName, ordinal = 0, address_out = 0x142f53c |
|
1 | |
| Get Address | - | function = GetAddrInfoW, ordinal = 0, address_out = 0x142f53c |
|
1 | |
| Get Address | - | function = GetAddrInfoExW, ordinal = 0, address_out = 0x142f53c |
|
1 | |
| Get Address | - | function = EncryptMessage, ordinal = 0, address_out = 0x142f53c |
|
1 | |
| Get Address | - | function = SfcIsFileProtected, ordinal = 0, address_out = 0x142f53c |
|
1 | |
| Get Address | c:\windows\syswow64\ntdll.dll | function = RtlQueryElevationFlags, address_out = 0x77d04fe0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = K32GetMappedFileNameW, address_out = 0x752a18b0 |
|
1 | |
| Get Address | c:\windows\syswow64\ntdll.dll | function = wine_get_version, address_out = 0x0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = wine_get_unix_file_name, address_out = 0x0 |
|
1 | |
| Get Address | c:\windows\syswow64\ws2_32.dll | function = GetAddrInfoW, address_out = 0x769b9d90 |
|
1 | |
| Get Address | c:\windows\syswow64\ws2_32.dll | function = GetAddrInfoExW, address_out = 0x769b6210 |
|
1 | |
| Create Mapping | C:\Windows\SysWOW64\tapi3.dll | filename = C:\Windows\SysWOW64\tapi3.dll, protection = PAGE_EXECUTE_READ, SEC_IMAGE, maximum_size = 0 |
|
1 | |
| Create Mapping | C:\Windows\SYSTEM32\ntdll.dll | filename = C:\Windows\SYSTEM32\ntdll.dll, protection = PAGE_READONLY, SEC_IMAGE, maximum_size = 0 |
|
1 | |
| Create Mapping | - | protection = PAGE_EXECUTE_READWRITE, maximum_size = 21163572 |
|
1 | |
| Create Mapping | - | protection = PAGE_EXECUTE_READWRITE, maximum_size = 21164376 |
|
1 | |
| Map | C:\Windows\SysWOW64\tapi3.dll | process_name = c:\users\ciihmnxmn6ps\desktop\urkotu.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Map | C:\Windows\SYSTEM32\ntdll.dll | process_name = c:\users\ciihmnxmn6ps\desktop\urkotu.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Map | - | process_name = C:\Windows\SysWOW64\explorer.exe, protection = PAGE_EXECUTE_READWRITE, address_out = 0x5100000 |
|
1 | |
| Map | - | process_name = c:\users\ciihmnxmn6ps\desktop\urkotu.exe, protection = PAGE_EXECUTE_READWRITE, address_out = 0x3be0000 |
|
1 | |
| Map | - | process_name = C:\Windows\SysWOW64\explorer.exe, protection = PAGE_EXECUTE_READWRITE, address_out = 0xd20000 |
|
1 | |
| Map | - | process_name = c:\users\ciihmnxmn6ps\desktop\urkotu.exe, protection = PAGE_EXECUTE_READWRITE, address_out = 0x3fc0000 |
|
1 |
Keyboard (1)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Info | type = KB_LOCALE_ID, os_tid = 0, result_out = 67699721 |
|
1 |
System (34)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Sleep | duration = 3500 milliseconds (3.500 seconds) |
|
2 | |
| Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Sleep | duration = 60 milliseconds (0.060 seconds) |
|
1 | |
| Sleep | duration = 156 milliseconds (0.156 seconds) |
|
1 | |
| Sleep | duration = 20 milliseconds (0.020 seconds) |
|
2 | |
| Sleep | duration = 100 milliseconds (0.100 seconds) |
|
1 | |
| Sleep | duration = 500 milliseconds (0.500 seconds) |
|
1 | |
| Sleep | duration = 3500 milliseconds (3.500 seconds) |
|
1 | |
| Get Time | type = Ticks, time = 183750 |
|
3 | |
| Get Time | type = System Time, time = 2019-01-08 09:26:36 (UTC) |
|
2 | |
| Get Time | type = Ticks, time = 184062 |
|
1 | |
| Get Time | type = Ticks, time = 184265 |
|
1 | |
| Get Time | type = Ticks, time = 184484 |
|
1 | |
| Get Time | type = Ticks, time = 184875 |
|
1 | |
| Get Time | type = Ticks, time = 185187 |
|
2 | |
| Get Time | type = Ticks, time = 185234 |
|
1 | |
| Get Time | type = System Time, time = 2019-01-08 09:26:37 (UTC) |
|
1 | |
| Get Time | type = Local Time, time = 2019-01-08 20:26:37 (Local Time) |
|
1 | |
| Get Time | type = Ticks, time = 186250 |
|
1 | |
| Get Info | type = System Directory, result_out = C:\Windows\system32 |
|
1 | |
| Get Info | type = Hardware Information |
|
1 | |
| Get Info | type = Operating System |
|
2 | |
| Get Info | type = Windows Directory, result_out = C:\Windows |
|
3 | |
| Get Info | type = Wow64 Directory, result_out = C:\Windows\SysWOW64 |
|
2 |
Environment (1)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Set Environment String | name = __compat_layer, value = RunAsInvoker |
|
1 |
Debug (3)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Check for Presence | c:\users\ciihmnxmn6ps\desktop\urkotu.exe | - |
|
2 | |
| Hide | c:\users\ciihmnxmn6ps\desktop\urkotu.exe | - |
|
1 |
Process #3: explorer.exe
3183
1
| Information | Value |
|---|---|
| ID | #3 |
| File Name | c:\windows\syswow64\explorer.exe |
| Command Line | C:\Windows\SysWOW64\explorer.exe |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:02:10, Reason: Child Process |
| Unmonitor | End Time: 00:03:06, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:56 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xbcc |
| Parent PID | 0x73c (c:\users\ciihmnxmn6ps\desktop\urkotu.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
7A0
0x
A48
0x
A98
0x
928
0x
A9C
0x
A84
0x
A78
0x
A64
0x
9E4
0x
A08
0x
85C
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000a60000 | 0x00a60000 | 0x00a7ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000a60000 | 0x00a60000 | 0x00a6ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000000000a70000 | 0x00a70000 | 0x00a73fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000a80000 | 0x00a80000 | 0x00a81fff | Private Memory | rw |
|
|
|
- |
| explorer.exe.mui | 0x00a80000 | 0x00a87fff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x0000000000a90000 | 0x00a90000 | 0x00aa3fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000000ab0000 | 0x00ab0000 | 0x00aeffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000af0000 | 0x00af0000 | 0x00b2ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000b30000 | 0x00b30000 | 0x00b33fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000b40000 | 0x00b40000 | 0x00b42fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000000b50000 | 0x00b50000 | 0x00b51fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000b60000 | 0x00b60000 | 0x00b9ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000ba0000 | 0x00ba0000 | 0x00ba0fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000bb0000 | 0x00bb0000 | 0x00bb0fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000bc0000 | 0x00bc0000 | 0x00cbffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000cc0000 | 0x00cc0000 | 0x00cfffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000d00000 | 0x00d00000 | 0x00d03fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000d10000 | 0x00d10000 | 0x00d1ffff | Private Memory | rw |
|
|
|
- |
| explorer.exe | 0x00d20000 | 0x010f6fff | Memory Mapped File | rwx |
|
|
|
- |
| pagefile_0x0000000000d20000 | 0x00d20000 | 0x010f7fff | Pagefile Backed Memory | rwx |
|
|
|
- |
| pagefile_0x0000000001100000 | 0x01100000 | 0x050fffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x0000000005100000 | 0x05100000 | 0x052c3fff | Pagefile Backed Memory | rwx |
|
|
|
- |
| locale.nls | 0x052d0000 | 0x0538dfff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000005390000 | 0x05390000 | 0x053cffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000053d0000 | 0x053d0000 | 0x0540ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000005410000 | 0x05410000 | 0x0544ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000005450000 | 0x05450000 | 0x0548ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000005490000 | 0x05490000 | 0x05490fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000005490000 | 0x05490000 | 0x05495fff | Private Memory | rwx |
|
|
|
- |
| private_0x00000000054a0000 | 0x054a0000 | 0x054acfff | Private Memory | rwx |
|
|
|
- |
| pagefile_0x00000000054b0000 | 0x054b0000 | 0x054b0fff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x00000000054c0000 | 0x054c0000 | 0x054c0fff | Private Memory | rw |
|
|
|
- |
| private_0x00000000054d0000 | 0x054d0000 | 0x054dffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000054e0000 | 0x054e0000 | 0x0551ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000005520000 | 0x05520000 | 0x0555ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000005560000 | 0x05560000 | 0x05560fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000005570000 | 0x05570000 | 0x05570fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000005580000 | 0x05580000 | 0x05580fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000005590000 | 0x05590000 | 0x05590fff | Private Memory | rwx |
|
|
|
- |
| private_0x00000000055a0000 | 0x055a0000 | 0x055abfff | Private Memory | rwx |
|
|
|
- |
| private_0x00000000055b0000 | 0x055b0000 | 0x055effff | Private Memory | rw |
|
|
|
- |
| private_0x00000000055f0000 | 0x055f0000 | 0x055fffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000005600000 | 0x05600000 | 0x05787fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000005790000 | 0x05790000 | 0x05910fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000005920000 | 0x05920000 | 0x06d1ffff | Pagefile Backed Memory | r |
|
|
|
- |
| sortdefault.nls | 0x06d20000 | 0x07056fff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000007060000 | 0x07060000 | 0x0709ffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000070a0000 | 0x070a0000 | 0x070dffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000070e0000 | 0x070e0000 | 0x0711ffff | Private Memory | rw |
|
|
|
- |
| windowsshell.manifest | 0x07120000 | 0x07120fff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x0000000007120000 | 0x07120000 | 0x07120fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000007120000 | 0x07120000 | 0x07123fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000007130000 | 0x07130000 | 0x07131fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000007140000 | 0x07140000 | 0x071f7fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000007200000 | 0x07200000 | 0x07203fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000007210000 | 0x07210000 | 0x0721ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000007210000 | 0x07210000 | 0x07214fff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x0000000007210000 | 0x07210000 | 0x07217fff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000000007210000 | 0x07210000 | 0x07211fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000007220000 | 0x07220000 | 0x0731ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000007320000 | 0x07320000 | 0x07333fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000007320000 | 0x07320000 | 0x0735ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000007360000 | 0x07360000 | 0x0739ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000000073a0000 | 0x073a0000 | 0x07891fff | Pagefile Backed Memory | rw |
|
|
|
- |
| staticcache.dat | 0x078a0000 | 0x088dffff | Memory Mapped File | r |
|
|
|
- |
| private_0x00000000088e0000 | 0x088e0000 | 0x0891ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000008920000 | 0x08920000 | 0x0895ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000008960000 | 0x08960000 | 0x08973fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000008960000 | 0x08960000 | 0x0899ffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000089a0000 | 0x089a0000 | 0x089dffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000000089e0000 | 0x089e0000 | 0x08ba3fff | Pagefile Backed Memory | rwx |
|
|
|
- |
| wow64cpu.dll | 0x64ae0000 | 0x64ae7fff | Memory Mapped File | rwx |
|
|
|
- |
| wow64win.dll | 0x64af0000 | 0x64b62fff | Memory Mapped File | rwx |
|
|
|
- |
| wow64.dll | 0x64b70000 | 0x64bbefff | Memory Mapped File | rwx |
|
|
|
- |
| mswsock.dll | 0x73be0000 | 0x73c2dfff | Memory Mapped File | rwx |
|
|
|
- |
| comctl32.dll | 0x73c30000 | 0x73e38fff | Memory Mapped File | rwx |
|
|
|
- |
| sppc.dll | 0x73e40000 | 0x73e5cfff | Memory Mapped File | rwx |
|
|
|
- |
| dxgi.dll | 0x73e60000 | 0x73eddfff | Memory Mapped File | rwx |
|
|
|
- |
| slc.dll | 0x73ee0000 | 0x73f00fff | Memory Mapped File | rwx |
|
|
|
- |
| userenv.dll | 0x73f10000 | 0x73f28fff | Memory Mapped File | rwx |
|
|
|
- |
| dcomp.dll | 0x73f30000 | 0x73fcbfff | Memory Mapped File | rwx |
|
|
|
- |
| d3d11.dll | 0x73fd0000 | 0x741e2fff | Memory Mapped File | rwx |
|
|
|
- |
| propsys.dll | 0x741f0000 | 0x74331fff | Memory Mapped File | rwx |
|
|
|
- |
| iertutil.dll | 0x74350000 | 0x74610fff | Memory Mapped File | rwx |
|
|
|
- |
| twinapi.dll | 0x74620000 | 0x746b8fff | Memory Mapped File | rwx |
|
|
|
- |
| samlib.dll | 0x746c0000 | 0x746d2fff | Memory Mapped File | rwx |
|
|
|
- |
| ntmarta.dll | 0x746e0000 | 0x74707fff | Memory Mapped File | rwx |
|
|
|
- |
| sfc_os.dll | 0x74710000 | 0x7471efff | Memory Mapped File | rwx |
|
|
|
- |
| samcli.dll | 0x74720000 | 0x74733fff | Memory Mapped File | rwx |
|
|
|
- |
| bcrypt.dll | 0x74740000 | 0x7475afff | Memory Mapped File | rwx |
|
|
|
- |
| netutils.dll | 0x74760000 | 0x74769fff | Memory Mapped File | rwx |
|
|
|
- |
| srvcli.dll | 0x74770000 | 0x7478bfff | Memory Mapped File | rwx |
|
|
|
- |
| wkscli.dll | 0x74790000 | 0x7479ffff | Memory Mapped File | rwx |
|
|
|
- |
| netapi32.dll | 0x747a0000 | 0x747b2fff | Memory Mapped File | rwx |
|
|
|
- |
| urlmon.dll | 0x747c0000 | 0x7491ffff | Memory Mapped File | rwx |
|
|
|
- |
| dnsapi.dll | 0x74920000 | 0x749a3fff | Memory Mapped File | rwx |
|
|
|
- |
| version.dll | 0x749b0000 | 0x749b7fff | Memory Mapped File | rwx |
|
|
|
- |
| wininet.dll | 0x749c0000 | 0x74be3fff | Memory Mapped File | rwx |
|
|
|
- |
| secur32.dll | 0x74bf0000 | 0x74bf9fff | Memory Mapped File | rwx |
|
|
|
- |
| dwmapi.dll | 0x74c00000 | 0x74c1cfff | Memory Mapped File | rwx |
|
|
|
- |
| uxtheme.dll | 0x74c20000 | 0x74c94fff | Memory Mapped File | rwx |
|
|
|
- |
| apphelp.dll | 0x74ca0000 | 0x74d30fff | Memory Mapped File | rwx |
|
|
|
- |
| bcryptprimitives.dll | 0x74d40000 | 0x74d98fff | Memory Mapped File | rwx |
|
|
|
- |
| cryptbase.dll | 0x74da0000 | 0x74da9fff | Memory Mapped File | rwx |
|
|
|
- |
| sspicli.dll | 0x74db0000 | 0x74dcdfff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x74e70000 | 0x74fe5fff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x75260000 | 0x7534ffff | Memory Mapped File | rwx |
|
|
|
- |
| powrprof.dll | 0x753b0000 | 0x753f3fff | Memory Mapped File | rwx |
|
|
|
- |
| imm32.dll | 0x75400000 | 0x7542afff | Memory Mapped File | rwx |
|
|
|
- |
| shell32.dll | 0x75430000 | 0x767eefff | Memory Mapped File | rwx |
|
|
|
- |
| profapi.dll | 0x76810000 | 0x7681efff | Memory Mapped File | rwx |
|
|
|
- |
| ole32.dll | 0x768b0000 | 0x76999fff | Memory Mapped File | rwx |
|
|
|
- |
| ws2_32.dll | 0x769b0000 | 0x76a0bfff | Memory Mapped File | rwx |
|
|
|
- |
| advapi32.dll | 0x76a10000 | 0x76a8afff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x76c40000 | 0x76c82fff | Memory Mapped File | rwx |
|
|
|
- |
| oleaut32.dll | 0x76c90000 | 0x76d21fff | Memory Mapped File | rwx |
|
|
|
- |
| msasn1.dll | 0x76d30000 | 0x76d3dfff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x76d90000 | 0x76e3bfff | Memory Mapped File | rwx |
|
|
|
- |
| combase.dll | 0x76e40000 | 0x76ff9fff | Memory Mapped File | rwx |
|
|
|
- |
| gdi32.dll | 0x77000000 | 0x7714cfff | Memory Mapped File | rwx |
|
|
|
- |
| user32.dll | 0x77150000 | 0x7728ffff | Memory Mapped File | rwx |
|
|
|
- |
| shlwapi.dll | 0x77290000 | 0x772d3fff | Memory Mapped File | rwx |
|
|
|
- |
| shcore.dll | 0x77340000 | 0x773ccfff | Memory Mapped File | rwx |
|
|
|
- |
| nsi.dll | 0x773e0000 | 0x773e6fff | Memory Mapped File | rwx |
|
|
|
- |
| windows.storage.dll | 0x773f0000 | 0x778ccfff | Memory Mapped File | rwx |
|
|
|
- |
| msctf.dll | 0x778d0000 | 0x779effff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x779f0000 | 0x77aadfff | Memory Mapped File | rwx |
|
|
|
- |
| crypt32.dll | 0x77ab0000 | 0x77c24fff | Memory Mapped File | rwx |
|
|
|
- |
| kernel.appcore.dll | 0x77c30000 | 0x77c3bfff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x77ca0000 | 0x77e18fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x000000007ee0b000 | 0x7ee0b000 | 0x7ee0dfff | Private Memory | rw |
|
|
|
- |
| private_0x000000007ee0e000 | 0x7ee0e000 | 0x7ee10fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007ee11000 | 0x7ee11000 | 0x7ee13fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007ee14000 | 0x7ee14000 | 0x7ee16fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007ee17000 | 0x7ee17000 | 0x7ee19fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007ee1a000 | 0x7ee1a000 | 0x7ee1cfff | Private Memory | rw |
|
|
|
- |
| private_0x000000007ee1d000 | 0x7ee1d000 | 0x7ee1ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000007ee20000 | 0x7ee20000 | 0x7ef1ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000007ef20000 | 0x7ef20000 | 0x7ef42fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000007ef45000 | 0x7ef45000 | 0x7ef47fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007ef48000 | 0x7ef48000 | 0x7ef4afff | Private Memory | rw |
|
|
|
- |
| private_0x000000007ef4b000 | 0x7ef4b000 | 0x7ef4dfff | Private Memory | rw |
|
|
|
- |
| private_0x000000007ef4e000 | 0x7ef4e000 | 0x7ef4efff | Private Memory | rw |
|
|
|
- |
| private_0x000000007ef4f000 | 0x7ef4f000 | 0x7ef4ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x000000007fff0000 | 0x7fff0000 | 0x7df8ee37ffff | Private Memory | r |
|
|
|
- |
| pagefile_0x00007df8ee380000 | 0x7df8ee380000 | 0x7ff8ee37ffff | Pagefile Backed Memory | - |
|
|
|
- |
| ntdll.dll | 0x7ff8ee380000 | 0x7ff8ee541fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x00007ff8ee542000 | 0x7ff8ee542000 | 0x7ffffffeffff | Private Memory | r |
|
|
|
- |
Injection Information
| Injection Type | Source Process | Source Os Thread ID | Information | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | #2: c:\users\ciihmnxmn6ps\desktop\urkotu.exe | 0x744 | address = 0x5100000, size = 1851392 |
|
1 | |
| Modify Memory | #2: c:\users\ciihmnxmn6ps\desktop\urkotu.exe | 0x744 | address = 0xd20000, size = 4030464 |
|
1 |
Host Behavior
File (40)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Windows\SYSTEM32\ntdll.dll | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Windows\SysWOW64\explorer.exe | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\.\HGFS | desired_access = FILE_READ_DATA, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\.\VBoxGuest | desired_access = FILE_READ_DATA, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIIHMN~1\AppData\Local\Temp\11981D41.txt | desired_access = FILE_READ_DATA, FILE_READ_ATTRIBUTES, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\ProgramData\Task Protect 2.3\ws97995e1qms.exe | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_BACKUP_SEMANTICS, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\ProgramData\Task Protect 2.3\ws97995e1qms.exe | desired_access = DELETE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\AppData\Roaming | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps | type = file_attributes |
|
1 | |
| Get Info | C:\ProgramData | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup | type = file_attributes |
|
1 | |
| Get Info | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures | type = file_attributes |
|
1 | |
| Get Info | C:\Program Files (x86) | type = file_attributes |
|
2 | |
| Get Info | C:\Windows\SysWOW64\explorer.exe | type = file_attributes |
|
1 | |
| Get Info | C:\Windows\SysWOW64\explorer.exe | type = size |
|
1 | |
| Get Info | C:\Windows\system32\drivers\vboxvideo.sys | type = file_attributes |
|
1 | |
| Get Info | C:\Windows\system32\drivers\vboxguest.sys | type = file_attributes |
|
1 | |
| Get Info | C:\Windows\system32\drivers\vmhgfs.sys | type = file_attributes |
|
1 | |
| Get Info | C:\Windows\system32\drivers\prl_boot.sys | type = file_attributes |
|
1 | |
| Get Info | C:\ProgramData\Task Protect 2.3\ws97995e1qms.exe | type = file_attributes |
|
5 | |
| Get Info | C:\ComboFix | type = file_attributes |
|
1 | |
| Get Info | C:\LinhaDefensiva | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIIHMN~1\AppData\Local\Temp\HouseCall | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\jagexcache | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\.minecraft | type = file_attributes |
|
1 | |
| Get Info | C:\Program Files (x86)\League of Legends | type = file_attributes |
|
1 | |
| Get Info | C:\ProgramData\Task Protect 2.3\ws97995e1qms.exe.manifest | type = file_attributes |
|
1 | |
| Get Info | C:\ProgramData\Task Protect 2.3\ws97995e1qms.exe.config | type = file_attributes |
|
1 | |
| Get Info | C:\ProgramData\Task Protect 2.3\ws97995e1qms.exe | type = size |
|
1 | |
| Read | C:\Windows\SysWOW64\explorer.exe | size = 824, size_out = 824 |
|
1 | |
| Delete | C:\ProgramData\Task Protect 2.3\ws97995e1qms.exe:Zone.Identifier | - |
|
1 |
Registry (1565)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create Key | HKEY_CURRENT_USER\Software\AppDataLow\Software | - |
|
1 | |
| Create Key | HKEY_CURRENT_USER\Software\AppDataLow\Software\MyMailClient | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile | - |
|
1 | |
| Create Key | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce | - |
|
1 | |
| Create Key | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rstrui.exe | - |
|
1 | |
| Create Key | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 | - |
|
1 | |
| Create Key | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 | - |
|
1 | |
| Create Key | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 | - |
|
1 | |
| Create Key | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 | - |
|
1 | |
| Create Key | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main | - |
|
2 | |
| Create Key | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce | - |
|
1 | |
| Create Key | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | - |
|
1 | |
| Create Key | HKEY_CURRENT_USER\Software\AppDataLow\Software\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\11881FB1 | - |
|
1 | |
| Create Key | HKEY_CURRENT_USER\Software\AppDataLow\Software\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\11881FB1\322f798102854 | - |
|
2 | |
| Create Key | HKEY_CURRENT_USER\Software\AppDataLow\Software\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\11881FB1\e6577de29e95e38a02 | - |
|
1 | |
| Create Key | HKEY_CURRENT_USER\Software\AppDataLow\Software\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\11881FB1 | - |
|
1 | |
| Create Key | HKEY_CURRENT_USER\Software\AppDataLow\Software\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\11881FB1\117ce5fb8f9407ebb4 | - |
|
1 | |
| Create Key | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce | - |
|
2 | |
| Create Key | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | - |
|
2 | |
| Open Key | HKEY_CURRENT_USER\Software\AppDataLow\Software\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\11881FB1\e6577de29e95e38a02 | - |
|
3 | |
| Open Key | HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\AppDataLow\Software\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\11881FB1\e6577de29e95e38a02 | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\BIOS | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\.NET CLR Data | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\.NET CLR Networking | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\.NET CLR Networking 4.0.0.0 | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\.NET Data Provider for Oracle | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\.NET Data Provider for SqlServer | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\.NET Memory Cache 4.0 | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\.NETFramework | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\1394ohci | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\3ware | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\ACPI | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\acpiex | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\acpipagr | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AcpiPmi | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\acpitime | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AdobeARMservice | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\ADOVMPPackage | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\ADP80XX | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\adsi | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AFD | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\agp440 | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\ahcache | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AJRouter | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\ALG | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AmdK8 | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AmdPPM | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\amdsata | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\amdsbs | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\amdxata | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AppID | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AppIDSvc | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Appinfo | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AppMgmt | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AppReadiness | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AppXSvc | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\arcsas | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AsyncMac | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\atapi | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AudioEndpointBuilder | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Audiosrv | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AxInstSV | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\b06bdrv | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BasicDisplay | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BasicRender | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BattC | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\bcmfn2 | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BDESVC | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Beep | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\bowser | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BrokerInfrastructure | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Browser | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BthAvrcpTg | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BthHFEnum | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\bthhfhid | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BthHFSrv | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BTHMODEM | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BTHPORT | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\bthserv | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\buttonconverter | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\CapImg | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\cdfs | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\CDPSvc | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\cdrom | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\CertPropSvc | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\circlass | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\CLFS | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\ClickToRunSvc | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\ClipSVC | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\clr_optimization_v2.0.50727_32 | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\clr_optimization_v2.0.50727_64 | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\clr_optimization_v4.0.30319_32 | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\clr_optimization_v4.0.30319_64 | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\CmBatt | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\CNG | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\cnghwassist | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\CompositeBus | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\COMSysApp | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\condrv | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\CoreMessagingRegistrar | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\CoreUI | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\crypt32 | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\CryptSvc | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\CSC | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\CscService | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\dam | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\DCLocator | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\DcomLaunch | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\DcpSvc | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\defragsvc | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\DeviceAssociationService | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\DeviceInstall | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\DevQueryBroker | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dfsc | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dhcp | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\diagnosticshub.standardcollector.service | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\DiagTrack | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\disk | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\DmEnrollmentSvc | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\dmvsc | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\dmwappushservice | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\DoSvc | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\dot3svc | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\DPS | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\drmkaud | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\DsmSvc | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\DsSvc | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\DXGKrnl | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\e1iexpress | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Eaphost | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\ebdrv | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\EFS | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\EhStorClass | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\EhStorTcgDrv | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\embeddedmode | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\EntAppSvc | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\ErrDev | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\ESENT | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\EventLog | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\EventSystem | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\exfat | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\fastfat | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Fax | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\fcvsc | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\fdc | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\fdPHost | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FDResPub | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\fhsvc | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FileCrypt | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FileInfo | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Filetrace | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\flpydisk | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FontCache | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FontCache3.0.0.0 | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FsDepends | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Fs_Rec | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\fvevol | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\gagp30kx | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\gencounter | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\genericusbfn | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\GPIOClx0101 | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\gpsvc | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\GpuEnergyDrv | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\gupdate | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\gupdatem | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\HdAudAddService | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\HDAudBus | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\HidBatt | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\HidBth | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\hidi2c | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\hidinterrupt | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\HidIr | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\hidserv | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\HidUsb | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\HomeGroupListener | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\HomeGroupProvider | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\HpSAMD | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\HTTP | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\hwpolicy | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\hyperkbd | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\HyperVideo | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\i8042prt | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\iaLPSSi_GPIO | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\iaLPSSi_I2C | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\iaStorAV | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\iaStorV | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\ibbus | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\icssvc | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\IEEtwCollectorService | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\IKEEXT | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\inetaccs | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\intelide | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\intelpep | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\intelppm | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\IoQos | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\IpFilterDriver | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\iphlpsvc | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\IPMIDRV | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\IPNAT | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\IRENUM | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\isapnp | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\iScsiPrt | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\kbdclass | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\kbdhid | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\kdnic | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\KeyIso | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\KSecDD | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\KSecPkg | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\ksthunk | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\KtmRm | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanServer | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\ldap | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\lfsvc | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LicenseManager | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\lltdio | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\lltdsvc | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\lmhosts | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Lsa | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LSI_SAS | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LSI_SAS2i | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LSI_SAS3i | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LSI_SSS | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LSM | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\luafv | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MapsBroker | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\megasas | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\megasr | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\mlx4_bus | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MMCSS | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Modem | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\monitor | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\mouclass | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\mouhid | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\mountmgr | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MozillaMaintenance | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\mpsdrv | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MpsSvc | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MRxDAV | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\mrxsmb | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\mrxsmb10 | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\mrxsmb20 | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MsBridge | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MSDTC | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MSDTC Bridge 3.0.0.0 | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MSDTC Bridge 4.0.0.0 | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Msfs | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\msgpiowin32 | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\mshidkmdf | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\mshidumdf | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\msisadrv | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MSiSCSI | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\msiserver | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MSKSSRV | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MsLldp | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MSPCLOCK | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MSPQM | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MsRPC | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MSSCNTRS | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\mssmbios | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MSTEE | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MTConfig | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Mup | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\mvumis | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\napagent | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NativeWifiP | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NcaSvc | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NcbService | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NcdAutoSetup | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\ndfltr | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NDIS | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NdisCap | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NdisImPlatform | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NdisTapi | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Ndisuio | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NdisVirtualBus | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NdisWan | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\ndiswanlegacy | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\ndproxy | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Ndu | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetbiosSmb | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Netlogon | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Netman | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\netprofm | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetSetupSvc | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetTcpPortSharing | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\netvsc | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NETVSCVFPP | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NgcCtnrSvc | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NgcSvc | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NlaSvc | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Npfs | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\npsvctrig | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\nsi | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\nsiproxy | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NTDS | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NTFS | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Null | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\nvraid | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\nvstor | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\nv_agp | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\OneSyncSvc | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\OneSyncSvc_Session1 | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\ose64 | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\p2pimsvc | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\p2psvc | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Parport | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\partmgr | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PcaSvc | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\pci | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\pciide | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\pcmcia | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\pcw | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\pdc | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PEAUTH | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PeerDistSvc | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\percsas2i | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\percsas3i | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PerfDisk | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PerfHost | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PerfNet | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PerfOS | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PerfProc | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PimIndexMaintenanceSvc | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PimIndexMaintenanceSvc_Session1 | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\pla | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PlugPlay | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PNRPAutoReg | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PNRPsvc | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PolicyAgent | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PortProxy | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Power | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PptpMiniport | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PrintNotify | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Processor | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\ProfSvc | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Psched | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\QWAVE | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\QWAVEdrv | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RasAcd | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RasAgileVpn | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RasAuto | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Rasl2tp | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RasMan | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RasPppoe | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RasSstp | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Razerlow | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\rdbss | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RDMANDK | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\rdpbus | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RDPDR | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RDPNP | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RDPUDD | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RdpVideoMiniport | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\rdyboost | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\ReFSv1 | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RegFilter | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteRegistry | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RetailDemo | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RpcEptMapper | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RpcLocator | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RpcSs | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\rspndr | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\s3cap | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SamSs | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\sbp2port | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SCardSvr | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\ScDeviceEnum | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\scfilter | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Schedule | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SCPolicySvc | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\sdbus | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SDRSVC | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\sdstor | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\seclogon | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SENS | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SensorDataService | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SensorService | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SensrSvc | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SerCx | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SerCx2 | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Serenum | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Serial | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\sermouse | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\ServiceModelEndpoint 3.0.0.0 | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\ServiceModelOperation 3.0.0.0 | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\ServiceModelService 3.0.0.0 | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SessionEnv | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\sfloppy | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\ShellHWDetection | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SiSRaid2 | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SiSRaid4 | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\smphost | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SmsRouter | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SMSvcHost 3.0.0.0 | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SMSvcHost 4.0.0.0 | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SNMPTRAP | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\spaceport | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SpbCx | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Spooler | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\sppsvc | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\srv | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\srv2 | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\srvnet | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SSDPSRV | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SstpSvc | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\StateRepository | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\stexstor | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\stisvc | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\storahci | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\storflt | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\stornvme | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\storqosflt | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\StorSvc | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\storufs | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\storvsc | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\svsvc | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\swenum | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\swprv | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Synth3dVsc | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SysMain | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SystemEventsBroker | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\TabletInputService | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\TapiSrv | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip6 | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\TCPIP6TUNNEL | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\tcpipreg | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\TCPIPTUNNEL | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\tdx | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\terminpt | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\TermService | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Themes | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\tiledatamodelsvc | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\TimeBroker | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\TPM | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\TrkWks | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\TrustedInstaller | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\TSDDD | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\TsUsbFlt | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\TsUsbGD | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\tunnel | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\uagp35 | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\UASPStor | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\UcmCx0101 | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\UcmUcsi | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Ucx01000 | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\UdeCx | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\udfs | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\UEFI | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Ufx01000 | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\UfxChipidea | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\ufxsynopsys | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\UGatherer | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\UGTHRSVC | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\UI0Detect | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\uliagpkx | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\umbus | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\UmPass | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\UmRdpService | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\UnistoreSvc | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\UnistoreSvc_Session1 | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\upnphost | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\UrsChipidea | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\UrsCx01000 | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\AppDataLow\Software\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\11881FB1\e6577de29e95e38a02 | - |
|
3 | |
| Open Key | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | - |
|
1 | |
| Open Key | HKEY_CLASSES_ROOT\HTTP\shell\open\command | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP | - |
|
1 | |
| Open Key | HKEY_CLASSES_ROOT\jarfile\shell\open\command | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Valve\Steam | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Terminal Server Client\Default | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\dg_ssudbus | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Apple Mobile Device | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\AdwCleaner | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Safer Networking Limited\Spybot - Search & Destroy 2 | - |
|
2 | |
| Open Key | HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\TrendMicro\HijackThis | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RapportMgmtService | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Classes\origin | - |
|
2 | |
| Open Key | HKEY_CURRENT_USER\SOFTWARE\Blizzard Entertainment | - |
|
2 | |
| Open Key | HKEY_CURRENT_USER\Software\Skype | - |
|
2 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\VisualStudio | - |
|
2 | |
| Open Key | HKEY_CURRENT_USER\Software\VMware, Inc. | - |
|
2 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\AppDataLow\Software\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\11881FB1\5559d2db9daca3e4ef7 | - |
|
3 | |
| Open Key | HKEY_CURRENT_USER\Software\AppDataLow\Software\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\11881FB1 | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\AppDataLow\Software\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\11881FB1\e6577de29e95e38a02 | - |
|
2 | |
| Open Key | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\InstalledApps | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NAV | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NIS | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\N360 | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\InstalledApps | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\AppDataLow\Software\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\11881FB1\e6577de29e95e38a02 | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\AppDataLow\Software\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\11881FB1\e6577de29e95e38a02 | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ws97995e1qms.exe | - |
|
2 | |
| Open Key | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce | - |
|
2 | |
| Open Key | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | - |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\AppDataLow\Software\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\11881FB1\e6577de29e95e38a02 | value_name = eb57aba56f848, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\AppDataLow\Software\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\11881FB1\e6577de29e95e38a02 | value_name = 053351c4408b7c813, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\AppDataLow\Software\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\11881FB1\e6577de29e95e38a02 | value_name = 7f9ca0f406c3b226, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | value_name = ProcessorNameString, data = Intel (R) Core(TM) i5-7500 CPU @ 3.40GHz, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion | value_name = ProductId, data = 00330-80107-01105-AA992, type = REG_SZ |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\AppDataLow\Software\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\11881FB1\e6577de29e95e38a02 | value_name = cb7bbbee06636e5, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\AppDataLow\Software\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\11881FB1\e6577de29e95e38a02 | value_name = 02693813c9e94ded, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\BIOS | value_name = SystemManufacturer, data = "ECS", type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System | value_name = SystemBiosVersion, data = 11727880, type = REG_MULTI_SZ |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\AppDataLow\Software\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\11881FB1\e6577de29e95e38a02 | value_name = cb7bbbee06636e5, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\AppDataLow\Software\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\11881FB1\e6577de29e95e38a02 | value_name = ee74df3587, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\AppDataLow\Software\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\11881FB1\e6577de29e95e38a02 | value_name = 41f5ddd483f58, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce | value_name = Task Protect 2.3, data = C:\ProgramData\Task Protect 2.3\ws97995e1qms.exe, type = REG_SZ |
|
1 | |
| Read Value | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | value_name = Task Protect 2.3, data = "C:\ProgramData\Task Protect 2.3\ws97995e1qms.exe", type = REG_SZ |
|
1 | |
| Read Value | HKEY_CLASSES_ROOT\HTTP\shell\open\command | data = "C:\Program Files\Internet Explorer\iexplore.exe" %1, type = REG_SZ |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main | value_name = Isolation, data = PMIL, type = REG_SZ |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\AppDataLow\Software\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\11881FB1\e6577de29e95e38a02 | value_name = d6a1c812c2, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce | value_name = Task Protect 2.3, data = C:\ProgramData\Task Protect 2.3\ws97995e1qms.exe, type = REG_SZ |
|
1 | |
| Read Value | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | value_name = Task Protect 2.3, data = "C:\ProgramData\Task Protect 2.3\ws97995e1qms.exe", type = REG_SZ |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\AppDataLow\Software\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\11881FB1\e6577de29e95e38a02 | value_name = d4241b38e93732569, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\AppDataLow\Software\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\11881FB1\e6577de29e95e38a02 | value_name = af65e3d3b62960, type = REG_BINARY |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\AppDataLow\Software\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\11881FB1\e6577de29e95e38a02 | value_name = 511df58c43fc0, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ws97995e1qms.exe | value_name = Debugger, data = 0, type = REG_NONE |
|
2 | |
| Read Value | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce | value_name = Task Protect 2.3, data = C:\ProgramData\Task Protect 2.3\ws97995e1qms.exe, type = REG_SZ |
|
2 | |
| Read Value | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | value_name = Task Protect 2.3, data = "C:\ProgramData\Task Protect 2.3\ws97995e1qms.exe", type = REG_SZ |
|
2 | |
| Write Value | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile | value_name = EnableFirewall, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile | value_name = EnableFirewall, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce | value_name = Task Protect 2.3, data = C:\ProgramData\Task Protect 2.3\ws97995e1qms.exe, size = 98, type = REG_SZ |
|
1 | |
| Write Value | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | value_name = Task Protect 2.3, data = "C:\ProgramData\Task Protect 2.3\ws97995e1qms.exe", size = 102, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rstrui.exe | value_name = Debugger, data = plybkq.exe, size = 22, type = REG_SZ |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 | value_name = 2500, data = 3, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 | value_name = 2500, data = 3, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 | value_name = 2500, data = 3, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 | value_name = 2500, data = 3, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main | value_name = Isolation, data = PMIL, size = 10, type = REG_SZ |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main | value_name = NoProtectedModeBanner, data = 1, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce | value_name = Task Protect 2.3, data = C:\ProgramData\Task Protect 2.3\ws97995e1qms.exe, size = 98, type = REG_SZ |
|
1 | |
| Write Value | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | value_name = Task Protect 2.3, data = "C:\ProgramData\Task Protect 2.3\ws97995e1qms.exe", size = 102, type = REG_SZ |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\AppDataLow\Software\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\11881FB1\322f798102854 | value_name = d14736f3a3af25, size = 16, type = REG_BINARY |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\AppDataLow\Software\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\11881FB1\e6577de29e95e38a02 | value_name = d4241b38e93732569, size = 4, type = REG_BINARY |
|
1 | |
| Write Value | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce | value_name = Task Protect 2.3, data = C:\ProgramData\Task Protect 2.3\ws97995e1qms.exe, size = 98, type = REG_SZ |
|
2 | |
| Write Value | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | value_name = Task Protect 2.3, data = "C:\ProgramData\Task Protect 2.3\ws97995e1qms.exe", size = 102, type = REG_SZ |
|
2 | |
| Delete Key | HKEY_CURRENT_USER\Software\AppDataLow\Software\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\11881FB1\CW1 | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP | - |
|
1 | |
|
For performance reasons, the remaining 484 entries are omitted.
The remaining entries can be found in glog.xml. |
|||||
Process (216)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | c:\windows\syswow64\explorer.exe | type = PROCESS_BASIC_INFORMATION |
|
2 | |
| Get Info | c:\users\ciihmnxmn6ps\desktop\urkotu.exe | type = PROCESS_IMAGE_FILE_NAME_WIN_32 |
|
1 | |
| Get Info | c:\users\ciihmnxmn6ps\desktop\urkotu.exe | type = PROCESS_IMAGE_FILE_NAME_WIN_32 |
|
1 | |
| Get Info | c:\windows\system32\dwm.exe | type = PROCESS_WOW64_INFORMATION |
|
1 | |
| Get Info | c:\windows\system32\sihost.exe | type = PROCESS_WOW64_INFORMATION |
|
1 | |
| Get Info | c:\windows\system32\taskhostw.exe | type = PROCESS_WOW64_INFORMATION |
|
1 | |
| Get Info | c:\windows\explorer.exe | type = PROCESS_WOW64_INFORMATION |
|
1 | |
| Get Info | c:\windows\system32\runtimebroker.exe | type = PROCESS_WOW64_INFORMATION |
|
1 | |
| Get Info | c:\windows\systemapps\shellexperiencehost_cw5n1h2txyewy\shellexperiencehost.exe | type = PROCESS_WOW64_INFORMATION |
|
1 | |
| Get Info | c:\windows\systemapps\microsoft.windows.cortana_cw5n1h2txyewy\searchui.exe | type = PROCESS_WOW64_INFORMATION |
|
1 | |
| Get Info | c:\program files\windows portable devices\uni.exe | type = PROCESS_WOW64_INFORMATION |
|
1 | |
| Get Info | c:\program files\windows portable devices\uni.exe | type = PROCESS_HANDLE_COUNT |
|
1 | |
| Get Info | c:\program files\windows portable devices\uni.exe | type = PROCESS_TIMES |
|
1 | |
| Get Info | c:\program files\windows portable devices\uni.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\windows portable devices\uni.exe | type = PROCESS_IMAGE_FILE_NAME_WIN_32 |
|
1 | |
| Get Info | c:\windows\explorer.exe | type = PROCESS_IMAGE_FILE_NAME_WIN_32 |
|
5 | |
| Get Info | c:\program files\internet explorer\ten.exe | type = PROCESS_WOW64_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\ten.exe | type = PROCESS_HANDLE_COUNT |
|
1 | |
| Get Info | c:\program files\internet explorer\ten.exe | type = PROCESS_TIMES |
|
1 | |
| Get Info | c:\program files\internet explorer\ten.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\ten.exe | type = PROCESS_IMAGE_FILE_NAME_WIN_32 |
|
1 | |
| Get Info | c:\windows\explorer.exe | type = PROCESS_IMAGE_FILE_NAME_WIN_32 |
|
7 | |
| Get Info | c:\program files (x86)\windows multimedia platform\gp-blank.exe | type = PROCESS_WOW64_INFORMATION |
|
1 | |
| Get Info | c:\program files (x86)\windows multimedia platform\gp-blank.exe | type = PROCESS_HANDLE_COUNT |
|
1 | |
| Get Info | c:\program files (x86)\windows multimedia platform\gp-blank.exe | type = PROCESS_TIMES |
|
1 | |
| Get Info | c:\program files (x86)\windows multimedia platform\gp-blank.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files (x86)\windows multimedia platform\gp-blank.exe | type = PROCESS_IMAGE_FILE_NAME_WIN_32 |
|
1 | |
| Get Info | c:\windows\explorer.exe | type = PROCESS_IMAGE_FILE_NAME_WIN_32 |
|
6 | |
| Get Info | c:\program files (x86)\common files\engagement cologne.exe | type = PROCESS_WOW64_INFORMATION |
|
1 | |
| Get Info | c:\program files (x86)\common files\engagement cologne.exe | type = PROCESS_HANDLE_COUNT |
|
1 | |
| Get Info | c:\program files (x86)\common files\engagement cologne.exe | type = PROCESS_TIMES |
|
1 | |
| Get Info | c:\program files (x86)\common files\engagement cologne.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files (x86)\common files\engagement cologne.exe | type = PROCESS_IMAGE_FILE_NAME_WIN_32 |
|
1 | |
| Get Info | c:\program files (x86)\internet explorer\cambridge.exe | type = PROCESS_WOW64_INFORMATION |
|
1 | |
| Get Info | c:\program files (x86)\internet explorer\cambridge.exe | type = PROCESS_HANDLE_COUNT |
|
1 | |
| Get Info | c:\program files (x86)\internet explorer\cambridge.exe | type = PROCESS_TIMES |
|
1 | |
| Get Info | c:\program files (x86)\internet explorer\cambridge.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files (x86)\internet explorer\cambridge.exe | type = PROCESS_IMAGE_FILE_NAME_WIN_32 |
|
1 | |
| Get Info | c:\program files\msbuild\amateur-dishes.exe | type = PROCESS_WOW64_INFORMATION |
|
1 | |
| Get Info | c:\program files\msbuild\amateur-dishes.exe | type = PROCESS_HANDLE_COUNT |
|
1 | |
| Get Info | c:\program files\msbuild\amateur-dishes.exe | type = PROCESS_TIMES |
|
1 | |
| Get Info | c:\program files\msbuild\amateur-dishes.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\msbuild\amateur-dishes.exe | type = PROCESS_IMAGE_FILE_NAME_WIN_32 |
|
1 | |
| Get Info | c:\windows\system32\backgroundtaskhost.exe | type = PROCESS_WOW64_INFORMATION |
|
1 | |
| Get Info | c:\program files (x86)\reference assemblies\science old.exe | type = PROCESS_WOW64_INFORMATION |
|
1 | |
| Get Info | c:\program files (x86)\reference assemblies\science old.exe | type = PROCESS_HANDLE_COUNT |
|
1 | |
| Get Info | c:\program files (x86)\reference assemblies\science old.exe | type = PROCESS_TIMES |
|
1 | |
| Get Info | c:\program files (x86)\reference assemblies\science old.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files (x86)\reference assemblies\science old.exe | type = PROCESS_IMAGE_FILE_NAME_WIN_32 |
|
1 | |
| Get Info | c:\program files (x86)\windowspowershell\handling investing experimental.exe | type = PROCESS_WOW64_INFORMATION |
|
1 | |
| Get Info | c:\program files (x86)\windowspowershell\handling investing experimental.exe | type = PROCESS_HANDLE_COUNT |
|
1 | |
| Get Info | c:\program files (x86)\windowspowershell\handling investing experimental.exe | type = PROCESS_TIMES |
|
1 | |
| Get Info | c:\program files (x86)\windowspowershell\handling investing experimental.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files (x86)\windowspowershell\handling investing experimental.exe | type = PROCESS_IMAGE_FILE_NAME_WIN_32 |
|
1 | |
| Get Info | c:\program files (x86)\internet explorer\pdf_incoming_tracked.exe | type = PROCESS_WOW64_INFORMATION |
|
1 | |
| Get Info | c:\program files (x86)\internet explorer\pdf_incoming_tracked.exe | type = PROCESS_HANDLE_COUNT |
|
1 | |
| Get Info | c:\program files (x86)\internet explorer\pdf_incoming_tracked.exe | type = PROCESS_TIMES |
|
1 | |
| Get Info | c:\program files (x86)\internet explorer\pdf_incoming_tracked.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files (x86)\internet explorer\pdf_incoming_tracked.exe | type = PROCESS_IMAGE_FILE_NAME_WIN_32 |
|
1 | |
| Get Info | c:\program files (x86)\common files\rangestremendous.exe | type = PROCESS_WOW64_INFORMATION |
|
1 | |
| Get Info | c:\program files (x86)\common files\rangestremendous.exe | type = PROCESS_HANDLE_COUNT |
|
1 | |
| Get Info | c:\program files (x86)\common files\rangestremendous.exe | type = PROCESS_TIMES |
|
1 | |
| Get Info | c:\program files (x86)\common files\rangestremendous.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files (x86)\common files\rangestremendous.exe | type = PROCESS_IMAGE_FILE_NAME_WIN_32 |
|
1 | |
| Get Info | c:\program files (x86)\common files\uncertainty_furnishings_tramadol.exe | type = PROCESS_WOW64_INFORMATION |
|
1 | |
| Get Info | c:\program files (x86)\common files\uncertainty_furnishings_tramadol.exe | type = PROCESS_HANDLE_COUNT |
|
1 | |
| Get Info | c:\program files (x86)\common files\uncertainty_furnishings_tramadol.exe | type = PROCESS_TIMES |
|
1 | |
| Get Info | c:\program files (x86)\common files\uncertainty_furnishings_tramadol.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files (x86)\common files\uncertainty_furnishings_tramadol.exe | type = PROCESS_IMAGE_FILE_NAME_WIN_32 |
|
1 | |
| Get Info | c:\program files\windows sidebar\batteries_dirty.exe | type = PROCESS_WOW64_INFORMATION |
|
1 | |
| Get Info | c:\program files\windows sidebar\batteries_dirty.exe | type = PROCESS_HANDLE_COUNT |
|
1 | |
| Get Info | c:\program files\windows sidebar\batteries_dirty.exe | type = PROCESS_TIMES |
|
1 | |
| Get Info | c:\program files\windows sidebar\batteries_dirty.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\windows sidebar\batteries_dirty.exe | type = PROCESS_IMAGE_FILE_NAME_WIN_32 |
|
1 | |
| Get Info | c:\program files\windows portable devices\disorder.exe | type = PROCESS_WOW64_INFORMATION |
|
1 | |
| Get Info | c:\program files\windows portable devices\disorder.exe | type = PROCESS_HANDLE_COUNT |
|
1 | |
| Get Info | c:\program files\windows portable devices\disorder.exe | type = PROCESS_TIMES |
|
1 | |
| Get Info | c:\program files\windows portable devices\disorder.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\windows portable devices\disorder.exe | type = PROCESS_IMAGE_FILE_NAME_WIN_32 |
|
1 | |
| Get Info | c:\program files (x86)\mozilla maintenance service\solo.exe | type = PROCESS_WOW64_INFORMATION |
|
1 | |
| Get Info | c:\program files (x86)\mozilla maintenance service\solo.exe | type = PROCESS_HANDLE_COUNT |
|
1 | |
| Get Info | c:\program files (x86)\mozilla maintenance service\solo.exe | type = PROCESS_TIMES |
|
1 | |
| Get Info | c:\program files (x86)\mozilla maintenance service\solo.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files (x86)\mozilla maintenance service\solo.exe | type = PROCESS_IMAGE_FILE_NAME_WIN_32 |
|
1 | |
| Get Info | c:\program files\java\likes skiing.exe | type = PROCESS_WOW64_INFORMATION |
|
1 | |
| Get Info | c:\program files\java\likes skiing.exe | type = PROCESS_HANDLE_COUNT |
|
1 | |
| Get Info | c:\program files\java\likes skiing.exe | type = PROCESS_TIMES |
|
1 | |
| Get Info | c:\program files\java\likes skiing.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\java\likes skiing.exe | type = PROCESS_IMAGE_FILE_NAME_WIN_32 |
|
1 | |
| Get Info | c:\program files\windows sidebar\touringcontinuedrussia.exe | type = PROCESS_WOW64_INFORMATION |
|
1 | |
| Get Info | c:\program files\windows sidebar\touringcontinuedrussia.exe | type = PROCESS_HANDLE_COUNT |
|
1 | |
| Get Info | c:\program files\windows sidebar\touringcontinuedrussia.exe | type = PROCESS_TIMES |
|
1 | |
| Get Info | c:\program files\windows sidebar\touringcontinuedrussia.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\windows sidebar\touringcontinuedrussia.exe | type = PROCESS_IMAGE_FILE_NAME_WIN_32 |
|
1 | |
| Get Info | c:\program files\common files\matching.exe | type = PROCESS_WOW64_INFORMATION |
|
1 | |
| Get Info | c:\program files\common files\matching.exe | type = PROCESS_HANDLE_COUNT |
|
1 | |
| Get Info | c:\program files\common files\matching.exe | type = PROCESS_TIMES |
|
1 | |
| Get Info | c:\program files\common files\matching.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\common files\matching.exe | type = PROCESS_IMAGE_FILE_NAME_WIN_32 |
|
1 | |
| Get Info | c:\program files\uninstall information\readingsunto.exe | type = PROCESS_WOW64_INFORMATION |
|
1 | |
| Get Info | c:\program files\uninstall information\readingsunto.exe | type = PROCESS_HANDLE_COUNT |
|
1 | |
| Get Info | c:\program files\uninstall information\readingsunto.exe | type = PROCESS_TIMES |
|
1 | |
| Get Info | c:\program files\uninstall information\readingsunto.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\uninstall information\readingsunto.exe | type = PROCESS_IMAGE_FILE_NAME_WIN_32 |
|
1 | |
| Get Info | c:\windows\explorer.exe | type = PROCESS_IMAGE_FILE_NAME_WIN_32 |
|
1 | |
| Get Info | c:\program files (x86)\microsoft.net\colininstallations.exe | type = PROCESS_WOW64_INFORMATION |
|
1 | |
| Get Info | c:\program files (x86)\microsoft.net\colininstallations.exe | type = PROCESS_HANDLE_COUNT |
|
1 | |
| Get Info | c:\program files (x86)\microsoft.net\colininstallations.exe | type = PROCESS_TIMES |
|
1 | |
| Get Info | c:\program files (x86)\microsoft.net\colininstallations.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files (x86)\microsoft.net\colininstallations.exe | type = PROCESS_IMAGE_FILE_NAME_WIN_32 |
|
1 | |
| Get Info | c:\windows\system32\taskhostw.exe | type = PROCESS_WOW64_INFORMATION |
|
1 | |
| Open | c:\users\ciihmnxmn6ps\desktop\urkotu.exe | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\users\ciihmnxmn6ps\desktop\urkotu.exe | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\smss.exe | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\csrss.exe | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\wininit.exe | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\wininit.exe | desired_access = PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_DUP_HANDLE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\wininit.exe | desired_access = WRITE_DAC |
|
1 | |
| Open | c:\windows\system32\csrss.exe | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\winlogon.exe | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\services.exe | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\lsass.exe | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\dwm.exe | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\dwm.exe | desired_access = PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_DUP_HANDLE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\sihost.exe | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\sihost.exe | desired_access = PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_DUP_HANDLE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\taskhostw.exe | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\taskhostw.exe | desired_access = PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_DUP_HANDLE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\explorer.exe | desired_access = PROCESS_QUERY_INFORMATION |
|
7 | |
| Open | c:\windows\explorer.exe | desired_access = PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_DUP_HANDLE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\runtimebroker.exe | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\runtimebroker.exe | desired_access = PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_DUP_HANDLE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\systemapps\shellexperiencehost_cw5n1h2txyewy\shellexperiencehost.exe | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\systemapps\shellexperiencehost_cw5n1h2txyewy\shellexperiencehost.exe | desired_access = PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_DUP_HANDLE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\systemapps\microsoft.windows.cortana_cw5n1h2txyewy\searchui.exe | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\systemapps\microsoft.windows.cortana_cw5n1h2txyewy\searchui.exe | desired_access = PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_DUP_HANDLE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\windows portable devices\uni.exe | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\windows portable devices\uni.exe | desired_access = PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_DUP_HANDLE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\explorer.exe | desired_access = PROCESS_QUERY_INFORMATION |
|
5 | |
| Open | c:\program files\internet explorer\ten.exe | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\internet explorer\ten.exe | desired_access = PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_DUP_HANDLE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\explorer.exe | desired_access = PROCESS_QUERY_INFORMATION |
|
7 | |
| Open | c:\program files (x86)\windows multimedia platform\gp-blank.exe | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files (x86)\windows multimedia platform\gp-blank.exe | desired_access = PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_DUP_HANDLE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files (x86)\common files\engagement cologne.exe | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files (x86)\common files\engagement cologne.exe | desired_access = PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_DUP_HANDLE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files (x86)\internet explorer\cambridge.exe | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files (x86)\internet explorer\cambridge.exe | desired_access = PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_DUP_HANDLE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\msbuild\amateur-dishes.exe | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\msbuild\amateur-dishes.exe | desired_access = PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_DUP_HANDLE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\backgroundtaskhost.exe | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\backgroundtaskhost.exe | desired_access = PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_DUP_HANDLE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files (x86)\reference assemblies\science old.exe | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files (x86)\reference assemblies\science old.exe | desired_access = PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_DUP_HANDLE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files (x86)\windowspowershell\handling investing experimental.exe | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files (x86)\windowspowershell\handling investing experimental.exe | desired_access = PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_DUP_HANDLE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files (x86)\internet explorer\pdf_incoming_tracked.exe | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files (x86)\internet explorer\pdf_incoming_tracked.exe | desired_access = PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_DUP_HANDLE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files (x86)\common files\rangestremendous.exe | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files (x86)\common files\rangestremendous.exe | desired_access = PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_DUP_HANDLE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files (x86)\common files\uncertainty_furnishings_tramadol.exe | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files (x86)\common files\uncertainty_furnishings_tramadol.exe | desired_access = PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_DUP_HANDLE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\windows sidebar\batteries_dirty.exe | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\windows sidebar\batteries_dirty.exe | desired_access = PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_DUP_HANDLE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\windows portable devices\disorder.exe | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\windows portable devices\disorder.exe | desired_access = PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_DUP_HANDLE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files (x86)\mozilla maintenance service\solo.exe | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files (x86)\mozilla maintenance service\solo.exe | desired_access = PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_DUP_HANDLE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\java\likes skiing.exe | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\java\likes skiing.exe | desired_access = PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_DUP_HANDLE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\windows sidebar\touringcontinuedrussia.exe | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\windows sidebar\touringcontinuedrussia.exe | desired_access = PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_DUP_HANDLE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\common files\matching.exe | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\common files\matching.exe | desired_access = PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_DUP_HANDLE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\uninstall information\readingsunto.exe | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\uninstall information\readingsunto.exe | desired_access = PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_DUP_HANDLE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\explorer.exe | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files (x86)\microsoft.net\colininstallations.exe | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files (x86)\microsoft.net\colininstallations.exe | desired_access = PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_DUP_HANDLE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\taskhostw.exe | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\taskhostw.exe | desired_access = PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_DUP_HANDLE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\taskhostw.exe | desired_access = WRITE_DAC |
|
1 | |
| Open | c:\windows\system32\taskhostw.exe | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\taskhostw.exe | desired_access = PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_DUP_HANDLE, PROCESS_QUERY_INFORMATION |
|
1 |
Memory (114)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Protect | c:\program files\windows portable devices\uni.exe | address = 0x77cdc700, protection = PAGE_EXECUTE_READWRITE, size = 144043932 |
|
1 | |
| Protect | c:\program files\windows portable devices\uni.exe | address = 0x26220c7, protection = PAGE_EXECUTE_READWRITE, size = 144043932 |
|
1 | |
| Protect | c:\program files\internet explorer\ten.exe | address = 0x77cdc700, protection = PAGE_EXECUTE_READWRITE, size = 144043932 |
|
1 | |
| Protect | c:\program files\internet explorer\ten.exe | address = 0x21420c7, protection = PAGE_EXECUTE_READWRITE, size = 144043932 |
|
1 | |
| Protect | c:\program files (x86)\windows multimedia platform\gp-blank.exe | address = 0x77cdc700, protection = PAGE_EXECUTE_READWRITE, size = 144043932 |
|
1 | |
| Protect | c:\program files (x86)\windows multimedia platform\gp-blank.exe | address = 0x2f120c7, protection = PAGE_EXECUTE_READWRITE, size = 144043932 |
|
1 | |
| Protect | c:\program files (x86)\common files\engagement cologne.exe | address = 0x77cdc700, protection = PAGE_EXECUTE_READWRITE, size = 144043932 |
|
1 | |
| Protect | c:\program files (x86)\common files\engagement cologne.exe | address = 0x28220c7, protection = PAGE_EXECUTE_READWRITE, size = 144043932 |
|
1 | |
| Protect | c:\program files (x86)\internet explorer\cambridge.exe | address = 0x77cdc700, protection = PAGE_EXECUTE_READWRITE, size = 144043932 |
|
1 | |
| Protect | c:\program files (x86)\internet explorer\cambridge.exe | address = 0x29c20c7, protection = PAGE_EXECUTE_READWRITE, size = 144043932 |
|
1 | |
| Protect | c:\program files\msbuild\amateur-dishes.exe | address = 0x77cdc700, protection = PAGE_EXECUTE_READWRITE, size = 144043932 |
|
1 | |
| Protect | c:\program files\msbuild\amateur-dishes.exe | address = 0x2fa20c7, protection = PAGE_EXECUTE_READWRITE, size = 144043932 |
|
1 | |
| Protect | c:\program files (x86)\reference assemblies\science old.exe | address = 0x77cdc700, protection = PAGE_EXECUTE_READWRITE, size = 144043932 |
|
1 | |
| Protect | c:\program files (x86)\reference assemblies\science old.exe | address = 0x2f820c7, protection = PAGE_EXECUTE_READWRITE, size = 144043932 |
|
1 | |
| Protect | c:\program files (x86)\windowspowershell\handling investing experimental.exe | address = 0x77cdc700, protection = PAGE_EXECUTE_READWRITE, size = 144043932 |
|
1 | |
| Protect | c:\program files (x86)\windowspowershell\handling investing experimental.exe | address = 0x22220c7, protection = PAGE_EXECUTE_READWRITE, size = 144043932 |
|
1 | |
| Protect | c:\program files (x86)\internet explorer\pdf_incoming_tracked.exe | address = 0x77cdc700, protection = PAGE_EXECUTE_READWRITE, size = 144043932 |
|
1 | |
| Protect | c:\program files (x86)\internet explorer\pdf_incoming_tracked.exe | address = 0x2de20c7, protection = PAGE_EXECUTE_READWRITE, size = 144043932 |
|
1 | |
| Protect | c:\program files (x86)\common files\rangestremendous.exe | address = 0x77cdc700, protection = PAGE_EXECUTE_READWRITE, size = 144043932 |
|
1 | |
| Protect | c:\program files (x86)\common files\rangestremendous.exe | address = 0x2f420c7, protection = PAGE_EXECUTE_READWRITE, size = 144043932 |
|
1 | |
| Protect | c:\program files (x86)\common files\uncertainty_furnishings_tramadol.exe | address = 0x77cdc700, protection = PAGE_EXECUTE_READWRITE, size = 144043932 |
|
1 | |
| Protect | c:\program files (x86)\common files\uncertainty_furnishings_tramadol.exe | address = 0x27420c7, protection = PAGE_EXECUTE_READWRITE, size = 144043932 |
|
1 | |
| Protect | c:\program files\windows sidebar\batteries_dirty.exe | address = 0x77cdc700, protection = PAGE_EXECUTE_READWRITE, size = 144043932 |
|
1 | |
| Protect | c:\program files\windows sidebar\batteries_dirty.exe | address = 0x23420c7, protection = PAGE_EXECUTE_READWRITE, size = 144043932 |
|
1 | |
| Protect | c:\program files\windows portable devices\disorder.exe | address = 0x77cdc700, protection = PAGE_EXECUTE_READWRITE, size = 144043932 |
|
1 | |
| Protect | c:\program files\windows portable devices\disorder.exe | address = 0x25a20c7, protection = PAGE_EXECUTE_READWRITE, size = 144043932 |
|
1 | |
| Protect | c:\program files (x86)\mozilla maintenance service\solo.exe | address = 0x77cdc700, protection = PAGE_EXECUTE_READWRITE, size = 144043932 |
|
1 | |
| Protect | c:\program files (x86)\mozilla maintenance service\solo.exe | address = 0x20c20c7, protection = PAGE_EXECUTE_READWRITE, size = 144043932 |
|
1 | |
| Protect | c:\program files\java\likes skiing.exe | address = 0x77cdc700, protection = PAGE_EXECUTE_READWRITE, size = 144043932 |
|
1 | |
| Protect | c:\program files\java\likes skiing.exe | address = 0x29820c7, protection = PAGE_EXECUTE_READWRITE, size = 144043932 |
|
1 | |
| Protect | c:\program files\windows sidebar\touringcontinuedrussia.exe | address = 0x77cdc700, protection = PAGE_EXECUTE_READWRITE, size = 144043932 |
|
1 | |
| Protect | c:\program files\windows sidebar\touringcontinuedrussia.exe | address = 0x30820c7, protection = PAGE_EXECUTE_READWRITE, size = 144043932 |
|
1 | |
| Protect | c:\program files\common files\matching.exe | address = 0x77cdc700, protection = PAGE_EXECUTE_READWRITE, size = 144043932 |
|
1 | |
| Protect | c:\program files\common files\matching.exe | address = 0x2ca20c7, protection = PAGE_EXECUTE_READWRITE, size = 144043932 |
|
1 | |
| Protect | c:\program files\uninstall information\readingsunto.exe | address = 0x77cdc700, protection = PAGE_EXECUTE_READWRITE, size = 144043932 |
|
1 | |
| Protect | c:\program files\uninstall information\readingsunto.exe | address = 0x28a20c7, protection = PAGE_EXECUTE_READWRITE, size = 144043932 |
|
1 | |
| Protect | c:\program files (x86)\microsoft.net\colininstallations.exe | address = 0x77cdc700, protection = PAGE_EXECUTE_READWRITE, size = 144043932 |
|
1 | |
| Protect | c:\program files (x86)\microsoft.net\colininstallations.exe | address = 0x28c20c7, protection = PAGE_EXECUTE_READWRITE, size = 144043932 |
|
1 | |
| Read | c:\program files\windows portable devices\uni.exe | address = 0x7f43f008, size = 4 |
|
1 | |
| Read | c:\program files\windows portable devices\uni.exe | address = 0x1040000, size = 824 |
|
1 | |
| Read | c:\program files\internet explorer\ten.exe | address = 0x7e3ff008, size = 4 |
|
1 | |
| Read | c:\program files\internet explorer\ten.exe | address = 0xa60000, size = 824 |
|
1 | |
| Read | c:\program files (x86)\windows multimedia platform\gp-blank.exe | address = 0x7eb84008, size = 4 |
|
1 | |
| Read | c:\program files (x86)\windows multimedia platform\gp-blank.exe | address = 0x1050000, size = 824 |
|
1 | |
| Read | c:\program files (x86)\common files\engagement cologne.exe | address = 0x7f364008, size = 4 |
|
1 | |
| Read | c:\program files (x86)\common files\engagement cologne.exe | address = 0x940000, size = 824 |
|
1 | |
| Read | c:\program files (x86)\internet explorer\cambridge.exe | address = 0x7f1ea008, size = 4 |
|
1 | |
| Read | c:\program files (x86)\internet explorer\cambridge.exe | address = 0x8d0000, size = 824 |
|
1 | |
| Read | c:\program files\msbuild\amateur-dishes.exe | address = 0x7e6c9008, size = 4 |
|
1 | |
| Read | c:\program files\msbuild\amateur-dishes.exe | address = 0x250000, size = 824 |
|
1 | |
| Read | c:\program files (x86)\reference assemblies\science old.exe | address = 0x7f774008, size = 4 |
|
1 | |
| Read | c:\program files (x86)\reference assemblies\science old.exe | address = 0x230000, size = 824 |
|
1 | |
| Read | c:\program files (x86)\windowspowershell\handling investing experimental.exe | address = 0x7f9a3008, size = 4 |
|
1 | |
| Read | c:\program files (x86)\windowspowershell\handling investing experimental.exe | address = 0x3f0000, size = 824 |
|
1 | |
| Read | c:\program files (x86)\internet explorer\pdf_incoming_tracked.exe | address = 0x7e8bc008, size = 4 |
|
1 | |
| Read | c:\program files (x86)\internet explorer\pdf_incoming_tracked.exe | address = 0x13e0000, size = 824 |
|
1 | |
| Read | c:\program files (x86)\common files\rangestremendous.exe | address = 0x7ec87008, size = 4 |
|
1 | |
| Read | c:\program files (x86)\common files\rangestremendous.exe | address = 0xe80000, size = 824 |
|
1 | |
| Read | c:\program files (x86)\common files\uncertainty_furnishings_tramadol.exe | address = 0x7ee5f008, size = 4 |
|
1 | |
| Read | c:\program files (x86)\common files\uncertainty_furnishings_tramadol.exe | address = 0xa60000, size = 824 |
|
1 | |
| Read | c:\program files\windows sidebar\batteries_dirty.exe | address = 0x7e7c5008, size = 4 |
|
1 | |
| Read | c:\program files\windows sidebar\batteries_dirty.exe | address = 0xc60000, size = 824 |
|
1 | |
| Read | c:\program files\windows portable devices\disorder.exe | address = 0x7f73b008, size = 4 |
|
1 | |
| Read | c:\program files\windows portable devices\disorder.exe | address = 0x1b0000, size = 824 |
|
1 | |
| Read | c:\program files (x86)\mozilla maintenance service\solo.exe | address = 0x7f64a008, size = 4 |
|
1 | |
| Read | c:\program files (x86)\mozilla maintenance service\solo.exe | address = 0x80000, size = 824 |
|
1 | |
| Read | c:\program files\java\likes skiing.exe | address = 0x7f554008, size = 4 |
|
1 | |
| Read | c:\program files\java\likes skiing.exe | address = 0x13a0000, size = 824 |
|
1 | |
| Read | c:\program files\windows sidebar\touringcontinuedrussia.exe | address = 0x7ed9f008, size = 4 |
|
1 | |
| Read | c:\program files\windows sidebar\touringcontinuedrussia.exe | address = 0x12b0000, size = 824 |
|
1 | |
| Read | c:\program files\common files\matching.exe | address = 0x7edd8008, size = 4 |
|
1 | |
| Read | c:\program files\common files\matching.exe | address = 0x850000, size = 824 |
|
1 | |
| Read | c:\program files\uninstall information\readingsunto.exe | address = 0x7eec7008, size = 4 |
|
1 | |
| Read | c:\program files\uninstall information\readingsunto.exe | address = 0x360000, size = 824 |
|
1 | |
| Read | c:\program files (x86)\microsoft.net\colininstallations.exe | address = 0x7ef65008, size = 4 |
|
1 | |
| Read | c:\program files (x86)\microsoft.net\colininstallations.exe | address = 0xfe0000, size = 824 |
|
1 | |
| Write | c:\program files\windows portable devices\uni.exe | address = 0x26220c7, size = 58 |
|
1 | |
| Write | c:\program files\windows portable devices\uni.exe | address = 0x77cdc700, size = 6 |
|
1 | |
| Write | c:\program files\internet explorer\ten.exe | address = 0x21420c7, size = 58 |
|
1 | |
| Write | c:\program files\internet explorer\ten.exe | address = 0x77cdc700, size = 6 |
|
1 | |
| Write | c:\program files (x86)\windows multimedia platform\gp-blank.exe | address = 0x2f120c7, size = 58 |
|
1 | |
| Write | c:\program files (x86)\windows multimedia platform\gp-blank.exe | address = 0x77cdc700, size = 6 |
|
1 | |
| Write | c:\program files (x86)\common files\engagement cologne.exe | address = 0x28220c7, size = 58 |
|
1 | |
| Write | c:\program files (x86)\common files\engagement cologne.exe | address = 0x77cdc700, size = 6 |
|
1 | |
| Write | c:\program files (x86)\internet explorer\cambridge.exe | address = 0x29c20c7, size = 58 |
|
1 | |
| Write | c:\program files (x86)\internet explorer\cambridge.exe | address = 0x77cdc700, size = 6 |
|
1 | |
| Write | c:\program files\msbuild\amateur-dishes.exe | address = 0x2fa20c7, size = 58 |
|
1 | |
| Write | c:\program files\msbuild\amateur-dishes.exe | address = 0x77cdc700, size = 6 |
|
1 | |
| Write | c:\program files (x86)\reference assemblies\science old.exe | address = 0x2f820c7, size = 58 |
|
1 | |
| Write | c:\program files (x86)\reference assemblies\science old.exe | address = 0x77cdc700, size = 6 |
|
1 | |
| Write | c:\program files (x86)\windowspowershell\handling investing experimental.exe | address = 0x22220c7, size = 58 |
|
1 | |
| Write | c:\program files (x86)\windowspowershell\handling investing experimental.exe | address = 0x77cdc700, size = 6 |
|
1 | |
| Write | c:\program files (x86)\internet explorer\pdf_incoming_tracked.exe | address = 0x2de20c7, size = 58 |
|
1 | |
| Write | c:\program files (x86)\internet explorer\pdf_incoming_tracked.exe | address = 0x77cdc700, size = 6 |
|
1 | |
| Write | c:\program files (x86)\common files\rangestremendous.exe | address = 0x2f420c7, size = 58 |
|
1 | |
| Write | c:\program files (x86)\common files\rangestremendous.exe | address = 0x77cdc700, size = 6 |
|
1 | |
| Write | c:\program files (x86)\common files\uncertainty_furnishings_tramadol.exe | address = 0x27420c7, size = 58 |
|
1 | |
| Write | c:\program files (x86)\common files\uncertainty_furnishings_tramadol.exe | address = 0x77cdc700, size = 6 |
|
1 | |
| Write | c:\program files\windows sidebar\batteries_dirty.exe | address = 0x23420c7, size = 58 |
|
1 | |
| Write | c:\program files\windows sidebar\batteries_dirty.exe | address = 0x77cdc700, size = 6 |
|
1 | |
| Write | c:\program files\windows portable devices\disorder.exe | address = 0x25a20c7, size = 58 |
|
1 | |
| Write | c:\program files\windows portable devices\disorder.exe | address = 0x77cdc700, size = 6 |
|
1 | |
| Write | c:\program files (x86)\mozilla maintenance service\solo.exe | address = 0x20c20c7, size = 58 |
|
1 | |
| Write | c:\program files (x86)\mozilla maintenance service\solo.exe | address = 0x77cdc700, size = 6 |
|
1 | |
| Write | c:\program files\java\likes skiing.exe | address = 0x29820c7, size = 58 |
|
1 | |
| Write | c:\program files\java\likes skiing.exe | address = 0x77cdc700, size = 6 |
|
1 | |
| Write | c:\program files\windows sidebar\touringcontinuedrussia.exe | address = 0x30820c7, size = 58 |
|
1 | |
| Write | c:\program files\windows sidebar\touringcontinuedrussia.exe | address = 0x77cdc700, size = 6 |
|
1 | |
| Write | c:\program files\common files\matching.exe | address = 0x2ca20c7, size = 58 |
|
1 | |
| Write | c:\program files\common files\matching.exe | address = 0x77cdc700, size = 6 |
|
1 | |
| Write | c:\program files\uninstall information\readingsunto.exe | address = 0x28a20c7, size = 58 |
|
1 | |
| Write | c:\program files\uninstall information\readingsunto.exe | address = 0x77cdc700, size = 6 |
|
1 | |
| Write | c:\program files (x86)\microsoft.net\colininstallations.exe | address = 0x28c20c7, size = 58 |
|
1 | |
| Write | c:\program files (x86)\microsoft.net\colininstallations.exe | address = 0x77cdc700, size = 6 |
|
1 |
Module (196)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | secur32.dll | base_address = 0x74bf0000 |
|
1 | |
| Load | crypt32.dll | base_address = 0x77ab0000 |
|
1 | |
| Load | user32.dll | base_address = 0x77150000 |
|
1 | |
| Load | advapi32.dll | base_address = 0x76a10000 |
|
1 | |
| Load | wininet.dll | base_address = 0x749c0000 |
|
1 | |
| Load | shell32.dll | base_address = 0x75430000 |
|
1 | |
| Load | shlwapi.dll | base_address = 0x77290000 |
|
1 | |
| Load | ole32.dll | base_address = 0x768b0000 |
|
1 | |
| Load | version.dll | base_address = 0x749b0000 |
|
1 | |
| Load | dnsapi.dll | base_address = 0x74920000 |
|
1 | |
| Load | ws2_32.dll | base_address = 0x769b0000 |
|
1 | |
| Load | Urlmon.dll | base_address = 0x747c0000 |
|
1 | |
| Load | Netapi32.dll | base_address = 0x747a0000 |
|
1 | |
| Load | sfc_os.dll | base_address = 0x74710000 |
|
1 | |
| Load | msvcrt.dll | base_address = 0x779f0000 |
|
3 | |
| Get Handle | c:\windows\syswow64\ntdll.dll | base_address = 0x77ca0000 |
|
19 | |
| Get Handle | c:\windows\syswow64\kernel32.dll | base_address = 0x75260000 |
|
7 | |
| Get Handle | c:\windows\syswow64\user32.dll | base_address = 0x77150000 |
|
2 | |
| Get Handle | c:\windows\syswow64\advapi32.dll | base_address = 0x76a10000 |
|
2 | |
| Get Handle | c:\windows\syswow64\urlmon.dll | base_address = 0x747c0000 |
|
2 | |
| Get Handle | c:\windows\syswow64\netapi32.dll | base_address = 0x747a0000 |
|
1 | |
| Get Handle | c:\windows\syswow64\ole32.dll | base_address = 0x768b0000 |
|
1 | |
| Get Handle | c:\windows\syswow64\ws2_32.dll | base_address = 0x769b0000 |
|
3 | |
| Get Handle | c:\windows\syswow64\secur32.dll | base_address = 0x74bf0000 |
|
2 | |
| Get Handle | c:\windows\syswow64\sfc_os.dll | base_address = 0x74710000 |
|
1 | |
| Get Handle | mscoree.dll | base_address = 0x0 |
|
2 | |
| Get Handle | avcuf32.dll | base_address = 0x0 |
|
2 | |
| Get Handle | c:\windows\syswow64\wininet.dll | base_address = 0x749c0000 |
|
1 | |
| Get Handle | firefox.exe | base_address = 0x0 |
|
1 | |
| Get Handle | tbb-firefox.exe | base_address = 0x0 |
|
1 | |
| Get Handle | iexplore.exe | base_address = 0x0 |
|
1 | |
| Get Handle | chrome.exe | base_address = 0x0 |
|
1 | |
| Get Handle | chrome.dll | base_address = 0x0 |
|
1 | |
| Get Handle | ssleay32.dll | base_address = 0x0 |
|
1 | |
| Get Handle | c:\windows\syswow64\explorer.exe | base_address = 0xd20000 |
|
3 | |
| Get Filename | - | process_name = c:\windows\syswow64\explorer.exe, file_name_orig = C:\Windows\SysWOW64\explorer.exe, size = 259 |
|
1 | |
| Get Filename | avcuf32.dll | process_name = c:\windows\syswow64\explorer.exe, file_name_orig = C:\Windows\SysWOW64\explorer.exe, size = 259 |
|
1 | |
| Get Filename | c:\windows\syswow64\ntdll.dll | process_name = c:\windows\syswow64\explorer.exe, file_name_orig = C:\Windows\SYSTEM32\ntdll.dll, size = 259 |
|
1 | |
| Get Filename | c:\windows\syswow64\explorer.exe | process_name = c:\windows\syswow64\explorer.exe, file_name_orig = C:\Windows\SysWOW64\explorer.exe, size = 259 |
|
1 | |
| Get Address | - | function = AddVectoredExceptionHandler, ordinal = 0, address_out = 0xb2f314 |
|
1 | |
| Get Address | - | function = DeleteCriticalSection, ordinal = 0, address_out = 0xb2f314 |
|
1 | |
| Get Address | - | function = EnterCriticalSection, ordinal = 0, address_out = 0xb2f314 |
|
1 | |
| Get Address | - | function = ExitThread, ordinal = 0, address_out = 0xb2f314 |
|
1 | |
| Get Address | - | function = HeapAlloc, ordinal = 0, address_out = 0xb2f314 |
|
1 | |
| Get Address | - | function = HeapReAlloc, ordinal = 0, address_out = 0xb2f314 |
|
1 | |
| Get Address | - | function = HeapSize, ordinal = 0, address_out = 0xb2f314 |
|
1 | |
| Get Address | - | function = LeaveCriticalSection, ordinal = 0, address_out = 0xb2f314 |
|
1 | |
| Get Address | - | function = TryEnterCriticalSection, ordinal = 0, address_out = 0xb2f314 |
|
1 | |
| Get Address | - | function = GetUserNameExW, ordinal = 0, address_out = 0xb2f314 |
|
1 | |
| Get Address | - | function = CLSIDFromProgID, ordinal = 0, address_out = 0xb2f314 |
|
1 | |
| Get Address | - | function = CLSIDFromString, ordinal = 0, address_out = 0xb2f314 |
|
1 | |
| Get Address | - | function = CoCreateGuid, ordinal = 0, address_out = 0xb2f314 |
|
1 | |
| Get Address | - | function = CoCreateInstance, ordinal = 0, address_out = 0xb2f314 |
|
1 | |
| Get Address | - | function = CoInitializeEx, ordinal = 0, address_out = 0xb2f314 |
|
1 | |
| Get Address | - | function = CoTaskMemAlloc, ordinal = 0, address_out = 0xb2f314 |
|
1 | |
| Get Address | - | function = CoTaskMemFree, ordinal = 0, address_out = 0xb2f314 |
|
1 | |
| Get Address | - | function = CoTaskMemRealloc, ordinal = 0, address_out = 0xb2f314 |
|
1 | |
| Get Address | - | function = CoUninitialize, ordinal = 0, address_out = 0xb2f314 |
|
1 | |
| Get Address | - | function = IIDFromString, ordinal = 0, address_out = 0xb2f314 |
|
1 | |
| Get Address | - | function = ProgIDFromCLSID, ordinal = 0, address_out = 0xb2f314 |
|
1 | |
| Get Address | - | function = StringFromGUID2, ordinal = 0, address_out = 0xb2f314 |
|
1 | |
| Get Address | - | function = NtOpenKeyEx, ordinal = 0, address_out = 0xb2f2dc |
|
1 | |
| Get Address | - | function = NtCreateThreadEx, ordinal = 0, address_out = 0xb2f2dc |
|
1 | |
| Get Address | - | function = NtRemoveProcessDebug, ordinal = 0, address_out = 0xb2f2dc |
|
1 | |
| Get Address | - | function = KiFastSystemCall, ordinal = 0, address_out = 0xb2f2dc |
|
1 | |
| Get Address | - | function = KiIntSystemCall, ordinal = 0, address_out = 0xb2f2dc |
|
1 | |
| Get Address | - | function = CsrGetProcessId, ordinal = 0, address_out = 0xb2f2dc |
|
1 | |
| Get Address | - | function = RtlQueryEnvironmentVariable, ordinal = 0, address_out = 0xb2f2dc |
|
1 | |
| Get Address | - | function = RtlSetEnvironmentVar, ordinal = 0, address_out = 0xb2f2dc |
|
1 | |
| Get Address | - | function = RtlQueryEnvironmentVariable_U, ordinal = 0, address_out = 0xb2f2dc |
|
1 | |
| Get Address | - | function = RtlSetEnvironmentVariable, ordinal = 0, address_out = 0xb2f2dc |
|
1 | |
| Get Address | - | function = DbgBreakPoint, ordinal = 0, address_out = 0xb2f2dc |
|
1 | |
| Get Address | - | function = DbgUiConnectToDbg, ordinal = 0, address_out = 0xb2f2dc |
|
1 | |
| Get Address | - | function = DbgUiGetThreadDebugObject, ordinal = 0, address_out = 0xb2f2dc |
|
1 | |
| Get Address | - | function = DbgUiStopDebugging, ordinal = 0, address_out = 0xb2f2dc |
|
1 | |
| Get Address | - | function = memset, ordinal = 0, address_out = 0xb2f2dc |
|
1 | |
| Get Address | - | function = memcpy, ordinal = 0, address_out = 0xb2f2dc |
|
1 | |
| Get Address | - | function = wcsstr, ordinal = 0, address_out = 0xb2f2dc |
|
1 | |
| Get Address | - | function = RtlRandomEx, ordinal = 0, address_out = 0xb2f2dc |
|
1 | |
| Get Address | - | function = GetProductInfo, ordinal = 0, address_out = 0xb2f2dc |
|
1 | |
| Get Address | - | function = GetMappedFileNameW, ordinal = 0, address_out = 0xb2f2dc |
|
1 | |
| Get Address | - | function = GetThreadId, ordinal = 0, address_out = 0xb2f2dc |
|
1 | |
| Get Address | - | function = InitializeProcThreadAttributeList, ordinal = 0, address_out = 0xb2f2dc |
|
1 | |
| Get Address | - | function = UpdateProcThreadAttribute, ordinal = 0, address_out = 0xb2f2dc |
|
1 | |
| Get Address | - | function = CreateProcessInternalW, ordinal = 0, address_out = 0xb2f2dc |
|
1 | |
| Get Address | - | function = ChangeWindowMessageFilter, ordinal = 0, address_out = 0xb2f2dc |
|
1 | |
| Get Address | - | function = CreateProcessWithTokenW, ordinal = 0, address_out = 0xb2f2dc |
|
1 | |
| Get Address | - | function = ObtainUserAgentString, ordinal = 0, address_out = 0xb2f2dc |
|
1 | |
| Get Address | - | function = URLDownloadToFileW, ordinal = 0, address_out = 0xb2f2dc |
|
1 | |
| Get Address | - | function = NetUserGetInfo, ordinal = 0, address_out = 0xb2f2dc |
|
1 | |
| Get Address | - | function = SHCreateItemFromParsingName, ordinal = 0, address_out = 0xb2f2dc |
|
1 | |
| Get Address | - | function = GetAddrInfoW, ordinal = 0, address_out = 0xb2f2dc |
|
1 | |
| Get Address | - | function = GetAddrInfoExW, ordinal = 0, address_out = 0xb2f2dc |
|
1 | |
| Get Address | - | function = EncryptMessage, ordinal = 0, address_out = 0xb2f2dc |
|
1 | |
| Get Address | - | function = SfcIsFileProtected, ordinal = 0, address_out = 0xb2f2dc |
|
1 | |
| Get Address | c:\windows\syswow64\ntdll.dll | function = RtlQueryElevationFlags, address_out = 0x77d04fe0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = K32GetMappedFileNameW, address_out = 0x752a18b0 |
|
1 | |
| Get Address | c:\windows\syswow64\ntdll.dll | function = wine_get_version, address_out = 0x0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = wine_get_unix_file_name, address_out = 0x0 |
|
1 | |
| Get Address | c:\windows\syswow64\ws2_32.dll | function = GetAddrInfoW, address_out = 0x769b9d90 |
|
1 | |
| Get Address | c:\windows\syswow64\ws2_32.dll | function = GetAddrInfoExW, address_out = 0x769b6210 |
|
1 | |
| Create Mapping | C:\Windows\SYSTEM32\ntdll.dll | filename = C:\Windows\SYSTEM32\ntdll.dll, protection = PAGE_READONLY, SEC_IMAGE, maximum_size = 0 |
|
1 | |
| Create Mapping | - | protection = PAGE_EXECUTE_READWRITE, maximum_size = 144044020 |
|
5 | |
| Create Mapping | - | protection = PAGE_EXECUTE_READWRITE, maximum_size = 144044020 |
|
7 | |
| Create Mapping | - | protection = PAGE_EXECUTE_READWRITE, maximum_size = 144044020 |
|
6 | |
| Create Mapping | - | protection = PAGE_EXECUTE_READWRITE, maximum_size = 144044020 |
|
1 | |
| Map | C:\Windows\SYSTEM32\ntdll.dll | process_name = c:\windows\syswow64\explorer.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Map | - | process_name = c:\program files\windows portable devices\uni.exe, protection = PAGE_EXECUTE_READWRITE, address_out = 0x2460000 |
|
1 | |
| Map | - | process_name = c:\windows\syswow64\explorer.exe, protection = PAGE_EXECUTE_READWRITE, address_out = 0x89e0000 |
|
5 | |
| Map | - | process_name = c:\program files\internet explorer\ten.exe, protection = PAGE_EXECUTE_READWRITE, address_out = 0x1f80000 |
|
1 | |
| Map | - | process_name = c:\windows\syswow64\explorer.exe, protection = PAGE_EXECUTE_READWRITE, address_out = 0x89e0000 |
|
7 | |
| Map | - | process_name = c:\program files (x86)\windows multimedia platform\gp-blank.exe, protection = PAGE_EXECUTE_READWRITE, address_out = 0x2d50000 |
|
1 | |
| Map | - | process_name = c:\windows\syswow64\explorer.exe, protection = PAGE_EXECUTE_READWRITE, address_out = 0x89e0000 |
|
6 | |
| Map | - | process_name = c:\program files (x86)\common files\engagement cologne.exe, protection = PAGE_EXECUTE_READWRITE, address_out = 0x2660000 |
|
1 | |
| Map | - | process_name = c:\program files (x86)\internet explorer\cambridge.exe, protection = PAGE_EXECUTE_READWRITE, address_out = 0x2800000 |
|
1 | |
| Map | - | process_name = c:\program files\msbuild\amateur-dishes.exe, protection = PAGE_EXECUTE_READWRITE, address_out = 0x2de0000 |
|
1 | |
| Map | - | process_name = c:\program files (x86)\reference assemblies\science old.exe, protection = PAGE_EXECUTE_READWRITE, address_out = 0x2dc0000 |
|
1 | |
| Map | - | process_name = c:\program files (x86)\windowspowershell\handling investing experimental.exe, protection = PAGE_EXECUTE_READWRITE, address_out = 0x2060000 |
|
1 | |
| Map | - | process_name = c:\program files (x86)\internet explorer\pdf_incoming_tracked.exe, protection = PAGE_EXECUTE_READWRITE, address_out = 0x2c20000 |
|
1 | |
| Map | - | process_name = c:\program files (x86)\common files\rangestremendous.exe, protection = PAGE_EXECUTE_READWRITE, address_out = 0x2d80000 |
|
1 | |
| Map | - | process_name = c:\program files (x86)\common files\uncertainty_furnishings_tramadol.exe, protection = PAGE_EXECUTE_READWRITE, address_out = 0x2580000 |
|
1 | |
| Map | - | process_name = c:\program files\windows sidebar\batteries_dirty.exe, protection = PAGE_EXECUTE_READWRITE, address_out = 0x2180000 |
|
1 | |
| Map | - | process_name = c:\program files\windows portable devices\disorder.exe, protection = PAGE_EXECUTE_READWRITE, address_out = 0x23e0000 |
|
1 | |
| Map | - | process_name = c:\program files (x86)\mozilla maintenance service\solo.exe, protection = PAGE_EXECUTE_READWRITE, address_out = 0x1f00000 |
|
1 | |
| Map | - | process_name = c:\program files\java\likes skiing.exe, protection = PAGE_EXECUTE_READWRITE, address_out = 0x27c0000 |
|
1 | |
| Map | - | process_name = c:\program files\windows sidebar\touringcontinuedrussia.exe, protection = PAGE_EXECUTE_READWRITE, address_out = 0x2ec0000 |
|
1 | |
| Map | - | process_name = c:\program files\common files\matching.exe, protection = PAGE_EXECUTE_READWRITE, address_out = 0x2ae0000 |
|
1 | |
| Map | - | process_name = c:\program files\uninstall information\readingsunto.exe, protection = PAGE_EXECUTE_READWRITE, address_out = 0x26e0000 |
|
1 | |
| Map | - | process_name = c:\windows\syswow64\explorer.exe, protection = PAGE_EXECUTE_READWRITE, address_out = 0x89e0000 |
|
1 | |
| Map | - | process_name = c:\program files (x86)\microsoft.net\colininstallations.exe, protection = PAGE_EXECUTE_READWRITE, address_out = 0x2700000 |
|
1 |
Service (4)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Info | service_name = SSDPSRV |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Set Config | service_name = SSDPSRV |
|
1 |
Window (3)
| Operation | Window Name | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | 11980343D2CA4DEF | class_name = tooltips_class32, wndproc_parameter = 0 |
|
1 | |
| Set Attribute | 11980343D2CA4DEF | class_name = tooltips_class32, index = 18446744073709551612, new_long = 85210312 |
|
1 | |
| Set Attribute | 11980343D2CA4DEF | class_name = tooltips_class32, index = 18446744073709551595, new_long = 295222415 |
|
1 |
Keyboard (1)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Info | type = KB_LOCALE_ID, os_tid = 0, result_out = 67699721 |
|
1 |
System (365)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Computer Name | result_out = LHNIWSJ, type = ComputerNameNetBIOS |
|
1 | |
| Sleep | duration = 3500 milliseconds (3.500 seconds) |
|
3 | |
| Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Sleep | duration = 60 milliseconds (0.060 seconds) |
|
1 | |
| Sleep | duration = 328 milliseconds (0.328 seconds) |
|
1 | |
| Sleep | duration = 4000 milliseconds (4.000 seconds) |
|
1 | |
| Sleep | duration = 250 milliseconds (0.250 seconds) |
|
1 | |
| Sleep | duration = 50 milliseconds (0.050 seconds) |
|
1 | |
| Sleep | duration = 800 milliseconds (0.800 seconds) |
|
1 | |
| Sleep | duration = 3000 milliseconds (3.000 seconds) |
|
1 | |
| Sleep | duration = 100 milliseconds (0.100 seconds) |
|
1 | |
| Sleep | duration = 2000 milliseconds (2.000 seconds) |
|
9 | |
| Sleep | duration = 2500 milliseconds (2.500 seconds) |
|
1 | |
| Sleep | duration = 150 milliseconds (0.150 seconds) |
|
5 | |
| Sleep | duration = 20 milliseconds (0.020 seconds) |
|
2 | |
| Sleep | duration = 2200 milliseconds (2.200 seconds) |
|
1 | |
| Sleep | duration = 3500 milliseconds (3.500 seconds) |
|
1 | |
| Get Time | type = Ticks, time = 193578 |
|
3 | |
| Get Time | type = System Time, time = 2019-01-08 09:26:46 (UTC) |
|
2 | |
| Get Time | type = Ticks, time = 193796 |
|
1 | |
| Get Time | type = Ticks, time = 193812 |
|
1 | |
| Get Time | type = Ticks, time = 194171 |
|
1 | |
| Get Time | type = Ticks, time = 194531 |
|
2 | |
| Get Time | type = Ticks, time = 194546 |
|
3 | |
| Get Time | type = Ticks, time = 194578 |
|
7 | |
| Get Time | type = Ticks, time = 194609 |
|
2 | |
| Get Time | type = Ticks, time = 195906 |
|
3 | |
| Get Time | type = Ticks, time = 198171 |
|
3 | |
| Get Time | type = Ticks, time = 198187 |
|
3 | |
| Get Time | type = Ticks, time = 200953 |
|
2 | |
| Get Time | type = Ticks, time = 201218 |
|
3 | |
| Get Time | type = Ticks, time = 210953 |
|
1 | |
| Get Info | type = System Directory, result_out = C:\Windows\system32 |
|
2 | |
| Get Info | type = Hardware Information |
|
1 | |
| Get Info | type = Operating System |
|
2 | |
| Get Info | type = Wow64 Directory, result_out = C:\Windows\SysWOW64 |
|
1 | |
| Get Info | type = Windows Directory, result_out = C:\Windows |
|
290 |
Environment (1)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Set Environment String | name = __restart |
|
1 |
Debug (9)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Check for Presence | c:\windows\syswow64\explorer.exe | - |
|
2 | |
| Hide | c:\windows\syswow64\explorer.exe | - |
|
1 | |
| Hide | c:\windows\syswow64\explorer.exe | - |
|
1 | |
| Hide | c:\windows\syswow64\explorer.exe | - |
|
1 | |
| Hide | c:\windows\syswow64\explorer.exe | - |
|
1 | |
| Hide | c:\windows\syswow64\explorer.exe | - |
|
1 | |
| Hide | c:\windows\syswow64\explorer.exe | - |
|
1 | |
| Hide | c:\windows\syswow64\explorer.exe | - |
|
1 |
Network Behavior
DNS (1)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Resolve Name | host = google.com |
|
1 |
Process #4: uni.exe
0
0
| Information | Value |
|---|---|
| ID | #4 |
| File Name | c:\program files\windows portable devices\uni.exe |
| Command Line | "C:\Program Files\Windows Portable Devices\uni.exe" |
| Initial Working Directory | C:\Program Files\Windows Portable Devices\ |
| Monitor | Start Time: 00:02:21, Reason: Injection |
| Unmonitor | End Time: 00:03:06, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:45 |
| Remark | No high level activity detected in monitored regions |
| Remark | This is a randomly generated process started by the VMRay Analyzer prior to the sample analysis. |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xaf0 |
| Parent PID | 0x508 (c:\windows\explorer.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
AD0
0x
B18
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| pagefile_0x0000000000520000 | 0x00520000 | 0x0052ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000000000530000 | 0x00530000 | 0x00533fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000540000 | 0x00540000 | 0x00540fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000550000 | 0x00550000 | 0x00563fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000000570000 | 0x00570000 | 0x005affff | Private Memory | rw |
|
|
|
- |
| private_0x00000000005b0000 | 0x005b0000 | 0x006affff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000000006b0000 | 0x006b0000 | 0x006b3fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000000006c0000 | 0x006c0000 | 0x006c0fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000000006d0000 | 0x006d0000 | 0x006d1fff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x006e0000 | 0x0079dfff | Memory Mapped File | r |
|
|
|
- |
| private_0x00000000007e0000 | 0x007e0000 | 0x007e0fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000000007f0000 | 0x007f0000 | 0x007f3fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000000810000 | 0x00810000 | 0x0081ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000920000 | 0x00920000 | 0x009d7fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000000a00000 | 0x00a00000 | 0x00afffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000b00000 | 0x00b00000 | 0x00c87fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000c90000 | 0x00c90000 | 0x00e10fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000000e20000 | 0x00e20000 | 0x00e2ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000e30000 | 0x00e30000 | 0x00e6ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000e70000 | 0x00e70000 | 0x00f6ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000fc0000 | 0x00fc0000 | 0x00fcffff | Private Memory | rw |
|
|
|
- |
| uni.exe | 0x01040000 | 0x01056fff | Memory Mapped File | rwx |
|
|
|
- |
| pagefile_0x0000000001060000 | 0x01060000 | 0x0245ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000002460000 | 0x02460000 | 0x02623fff | Pagefile Backed Memory | rwx |
|
|
|
- |
| wow64cpu.dll | 0x64ae0000 | 0x64ae7fff | Memory Mapped File | rwx |
|
|
|
- |
| wow64win.dll | 0x64af0000 | 0x64b62fff | Memory Mapped File | rwx |
|
|
|
- |
| wow64.dll | 0x64b70000 | 0x64bbefff | Memory Mapped File | rwx |
|
|
|
- |
| dwmapi.dll | 0x74c00000 | 0x74c1cfff | Memory Mapped File | rwx |
|
|
|
- |
| uxtheme.dll | 0x74c20000 | 0x74c94fff | Memory Mapped File | rwx |
|
|
|
- |
| apphelp.dll | 0x74ca0000 | 0x74d30fff | Memory Mapped File | rwx |
|
|
|
- |
| bcryptprimitives.dll | 0x74d40000 | 0x74d98fff | Memory Mapped File | rwx |
|
|
|
- |
| cryptbase.dll | 0x74da0000 | 0x74da9fff | Memory Mapped File | rwx |
|
|
|
- |
| sspicli.dll | 0x74db0000 | 0x74dcdfff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x74e70000 | 0x74fe5fff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x75260000 | 0x7534ffff | Memory Mapped File | rwx |
|
|
|
- |
| imm32.dll | 0x75400000 | 0x7542afff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x76c40000 | 0x76c82fff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x76d90000 | 0x76e3bfff | Memory Mapped File | rwx |
|
|
|
- |
| combase.dll | 0x76e40000 | 0x76ff9fff | Memory Mapped File | rwx |
|
|
|
- |
| gdi32.dll | 0x77000000 | 0x7714cfff | Memory Mapped File | rwx |
|
|
|
- |
| user32.dll | 0x77150000 | 0x7728ffff | Memory Mapped File | rwx |
|
|
|
- |
| msctf.dll | 0x778d0000 | 0x779effff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x779f0000 | 0x77aadfff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x77ca0000 | 0x77e18fff | Memory Mapped File | rwx |
|
|
|
- |
| pagefile_0x000000007f310000 | 0x7f310000 | 0x7f40ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000007f410000 | 0x7f410000 | 0x7f432fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000007f435000 | 0x7f435000 | 0x7f437fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007f43b000 | 0x7f43b000 | 0x7f43dfff | Private Memory | rw |
|
|
|
- |
| private_0x000000007f43e000 | 0x7f43e000 | 0x7f43efff | Private Memory | rw |
|
|
|
- |
| private_0x000000007f43f000 | 0x7f43f000 | 0x7f43ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x000000007fff0000 | 0x7fff0000 | 0x7ff8ee37ffff | Private Memory | r |
|
|
|
- |
| ntdll.dll | 0x7ff8ee380000 | 0x7ff8ee541fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x00007ff8ee542000 | 0x7ff8ee542000 | 0x7ffffffeffff | Private Memory | r |
|
|
|
- |
Injection Information
| Injection Type | Source Process | Source Os Thread ID | Information | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | #3: c:\windows\syswow64\explorer.exe | 0x9e4 | address = 0x2460000, size = 1851392 |
|
1 | |
| Modify Memory | #3: c:\windows\syswow64\explorer.exe | 0x9e4 | address = 0x26220c7, size = 58 |
|
1 | |
| Modify Memory | #3: c:\windows\syswow64\explorer.exe | 0x9e4 | address = 0x77cdc700, size = 6 |
|
1 |
Process #5: ten.exe
0
0
| Information | Value |
|---|---|
| ID | #5 |
| File Name | c:\program files\internet explorer\ten.exe |
| Command Line | "C:\Program Files\Internet Explorer\ten.exe" |
| Initial Working Directory | C:\Program Files\Internet Explorer\ |
| Monitor | Start Time: 00:02:21, Reason: Injection |
| Unmonitor | End Time: 00:03:06, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:45 |
| Remark | No high level activity detected in monitored regions |
| Remark | This is a randomly generated process started by the VMRay Analyzer prior to the sample analysis. |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x5cc |
| Parent PID | 0x508 (c:\windows\explorer.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
A74
0x
8C4
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| pagefile_0x0000000000050000 | 0x00050000 | 0x0005ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000000000060000 | 0x00060000 | 0x00063fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000070000 | 0x00070000 | 0x00070fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000080000 | 0x00080000 | 0x00093fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000000000a0000 | 0x000a0000 | 0x000dffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000000e0000 | 0x000e0000 | 0x001dffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000000001e0000 | 0x001e0000 | 0x001e3fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000000001f0000 | 0x001f0000 | 0x001f0fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000000200000 | 0x00200000 | 0x00201fff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x00210000 | 0x002cdfff | Memory Mapped File | r |
|
|
|
- |
| private_0x00000000002d0000 | 0x002d0000 | 0x002d0fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000000002e0000 | 0x002e0000 | 0x002e3fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000000300000 | 0x00300000 | 0x0030ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000460000 | 0x00460000 | 0x0055ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000560000 | 0x00560000 | 0x006e7fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000000006f0000 | 0x006f0000 | 0x007a7fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000000007b0000 | 0x007b0000 | 0x007bffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000007c0000 | 0x007c0000 | 0x007fffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000830000 | 0x00830000 | 0x0083ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000840000 | 0x00840000 | 0x009c0fff | Pagefile Backed Memory | r |
|
|
|
- |
| ten.exe | 0x00a60000 | 0x00a76fff | Memory Mapped File | rwx |
|
|
|
- |
| pagefile_0x0000000000a80000 | 0x00a80000 | 0x01e7ffff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000001e80000 | 0x01e80000 | 0x01f7ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000001f80000 | 0x01f80000 | 0x02143fff | Pagefile Backed Memory | rwx |
|
|
|
- |
| wow64cpu.dll | 0x64ae0000 | 0x64ae7fff | Memory Mapped File | rwx |
|
|
|
- |
| wow64win.dll | 0x64af0000 | 0x64b62fff | Memory Mapped File | rwx |
|
|
|
- |
| wow64.dll | 0x64b70000 | 0x64bbefff | Memory Mapped File | rwx |
|
|
|
- |
| dwmapi.dll | 0x74c00000 | 0x74c1cfff | Memory Mapped File | rwx |
|
|
|
- |
| uxtheme.dll | 0x74c20000 | 0x74c94fff | Memory Mapped File | rwx |
|
|
|
- |
| apphelp.dll | 0x74ca0000 | 0x74d30fff | Memory Mapped File | rwx |
|
|
|
- |
| bcryptprimitives.dll | 0x74d40000 | 0x74d98fff | Memory Mapped File | rwx |
|
|
|
- |
| cryptbase.dll | 0x74da0000 | 0x74da9fff | Memory Mapped File | rwx |
|
|
|
- |
| sspicli.dll | 0x74db0000 | 0x74dcdfff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x74e70000 | 0x74fe5fff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x75260000 | 0x7534ffff | Memory Mapped File | rwx |
|
|
|
- |
| imm32.dll | 0x75400000 | 0x7542afff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x76c40000 | 0x76c82fff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x76d90000 | 0x76e3bfff | Memory Mapped File | rwx |
|
|
|
- |
| combase.dll | 0x76e40000 | 0x76ff9fff | Memory Mapped File | rwx |
|
|
|
- |
| gdi32.dll | 0x77000000 | 0x7714cfff | Memory Mapped File | rwx |
|
|
|
- |
| user32.dll | 0x77150000 | 0x7728ffff | Memory Mapped File | rwx |
|
|
|
- |
| msctf.dll | 0x778d0000 | 0x779effff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x779f0000 | 0x77aadfff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x77ca0000 | 0x77e18fff | Memory Mapped File | rwx |
|
|
|
- |
| pagefile_0x000000007e2d0000 | 0x7e2d0000 | 0x7e3cffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000007e3d0000 | 0x7e3d0000 | 0x7e3f2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000007e3f3000 | 0x7e3f3000 | 0x7e3f3fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007e3f6000 | 0x7e3f6000 | 0x7e3f8fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007e3fc000 | 0x7e3fc000 | 0x7e3fefff | Private Memory | rw |
|
|
|
- |
| private_0x000000007e3ff000 | 0x7e3ff000 | 0x7e3fffff | Private Memory | rw |
|
|
|
- |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x000000007fff0000 | 0x7fff0000 | 0x7ff8ee37ffff | Private Memory | r |
|
|
|
- |
| ntdll.dll | 0x7ff8ee380000 | 0x7ff8ee541fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x00007ff8ee542000 | 0x7ff8ee542000 | 0x7ffffffeffff | Private Memory | r |
|
|
|
- |
Injection Information
| Injection Type | Source Process | Source Os Thread ID | Information | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | #3: c:\windows\syswow64\explorer.exe | 0x9e4 | address = 0x1f80000, size = 1851392 |
|
1 | |
| Modify Memory | #3: c:\windows\syswow64\explorer.exe | 0x9e4 | address = 0x21420c7, size = 58 |
|
1 | |
| Modify Memory | #3: c:\windows\syswow64\explorer.exe | 0x9e4 | address = 0x77cdc700, size = 6 |
|
1 |
Process #6: gp-blank.exe
0
0
| Information | Value |
|---|---|
| ID | #6 |
| File Name | c:\program files (x86)\windows multimedia platform\gp-blank.exe |
| Command Line | "C:\Program Files (x86)\Windows Multimedia Platform\gp-blank.exe" |
| Initial Working Directory | C:\Program Files (x86)\Windows Multimedia Platform\ |
| Monitor | Start Time: 00:02:22, Reason: Injection |
| Unmonitor | End Time: 00:03:06, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:44 |
| Remark | No high level activity detected in monitored regions |
| Remark | This is a randomly generated process started by the VMRay Analyzer prior to the sample analysis. |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x968 |
| Parent PID | 0x508 (c:\windows\explorer.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
A58
0x
734
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| pagefile_0x0000000000d40000 | 0x00d40000 | 0x00d4ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000000000d50000 | 0x00d50000 | 0x00d53fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000d60000 | 0x00d60000 | 0x00d60fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000d70000 | 0x00d70000 | 0x00d83fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000000d90000 | 0x00d90000 | 0x00dcffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000dd0000 | 0x00dd0000 | 0x00ecffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000ed0000 | 0x00ed0000 | 0x00ed3fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000ee0000 | 0x00ee0000 | 0x00ee0fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000000ef0000 | 0x00ef0000 | 0x00ef1fff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x00f00000 | 0x00fbdfff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000001000000 | 0x01000000 | 0x01000fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000001010000 | 0x01010000 | 0x01013fff | Pagefile Backed Memory | r |
|
|
|
- |
| gp-blank.exe | 0x01050000 | 0x01066fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x0000000001070000 | 0x01070000 | 0x010affff | Private Memory | rw |
|
|
|
- |
| private_0x0000000001120000 | 0x01120000 | 0x0121ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000001250000 | 0x01250000 | 0x0125ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000001360000 | 0x01360000 | 0x014e7fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000000014f0000 | 0x014f0000 | 0x015a7fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000001600000 | 0x01600000 | 0x0160ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000001610000 | 0x01610000 | 0x01790fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000000017a0000 | 0x017a0000 | 0x02b9ffff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000002ba0000 | 0x02ba0000 | 0x02c9ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002d40000 | 0x02d40000 | 0x02d4ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000002d50000 | 0x02d50000 | 0x02f13fff | Pagefile Backed Memory | rwx |
|
|
|
- |
| wow64cpu.dll | 0x64ae0000 | 0x64ae7fff | Memory Mapped File | rwx |
|
|
|
- |
| wow64win.dll | 0x64af0000 | 0x64b62fff | Memory Mapped File | rwx |
|
|
|
- |
| wow64.dll | 0x64b70000 | 0x64bbefff | Memory Mapped File | rwx |
|
|
|
- |
| dwmapi.dll | 0x74c00000 | 0x74c1cfff | Memory Mapped File | rwx |
|
|
|
- |
| uxtheme.dll | 0x74c20000 | 0x74c94fff | Memory Mapped File | rwx |
|
|
|
- |
| apphelp.dll | 0x74ca0000 | 0x74d30fff | Memory Mapped File | rwx |
|
|
|
- |
| bcryptprimitives.dll | 0x74d40000 | 0x74d98fff | Memory Mapped File | rwx |
|
|
|
- |
| cryptbase.dll | 0x74da0000 | 0x74da9fff | Memory Mapped File | rwx |
|
|
|
- |
| sspicli.dll | 0x74db0000 | 0x74dcdfff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x74e70000 | 0x74fe5fff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x75260000 | 0x7534ffff | Memory Mapped File | rwx |
|
|
|
- |
| imm32.dll | 0x75400000 | 0x7542afff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x76c40000 | 0x76c82fff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x76d90000 | 0x76e3bfff | Memory Mapped File | rwx |
|
|
|
- |
| combase.dll | 0x76e40000 | 0x76ff9fff | Memory Mapped File | rwx |
|
|
|
- |
| gdi32.dll | 0x77000000 | 0x7714cfff | Memory Mapped File | rwx |
|
|
|
- |
| user32.dll | 0x77150000 | 0x7728ffff | Memory Mapped File | rwx |
|
|
|
- |
| msctf.dll | 0x778d0000 | 0x779effff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x779f0000 | 0x77aadfff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x77ca0000 | 0x77e18fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x000000007ea5d000 | 0x7ea5d000 | 0x7ea5ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000007ea60000 | 0x7ea60000 | 0x7eb5ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000007eb60000 | 0x7eb60000 | 0x7eb82fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000007eb84000 | 0x7eb84000 | 0x7eb84fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007eb8a000 | 0x7eb8a000 | 0x7eb8afff | Private Memory | rw |
|
|
|
- |
| private_0x000000007eb8d000 | 0x7eb8d000 | 0x7eb8ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x000000007fff0000 | 0x7fff0000 | 0x7ff8ee37ffff | Private Memory | r |
|
|
|
- |
| ntdll.dll | 0x7ff8ee380000 | 0x7ff8ee541fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x00007ff8ee542000 | 0x7ff8ee542000 | 0x7ffffffeffff | Private Memory | r |
|
|
|
- |
Injection Information
| Injection Type | Source Process | Source Os Thread ID | Information | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | #3: c:\windows\syswow64\explorer.exe | 0x9e4 | address = 0x2d50000, size = 1851392 |
|
1 | |
| Modify Memory | #3: c:\windows\syswow64\explorer.exe | 0x9e4 | address = 0x2f120c7, size = 58 |
|
1 | |
| Modify Memory | #3: c:\windows\syswow64\explorer.exe | 0x9e4 | address = 0x77cdc700, size = 6 |
|
1 |
Process #7: engagement cologne.exe
0
0
| Information | Value |
|---|---|
| ID | #7 |
| File Name | c:\program files (x86)\common files\engagement cologne.exe |
| Command Line | "C:\Program Files (x86)\Common Files\engagement cologne.exe" |
| Initial Working Directory | C:\Program Files (x86)\Common Files\ |
| Monitor | Start Time: 00:02:22, Reason: Injection |
| Unmonitor | End Time: 00:03:06, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:44 |
| Remark | No high level activity detected in monitored regions |
| Remark | This is a randomly generated process started by the VMRay Analyzer prior to the sample analysis. |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x8d8 |
| Parent PID | 0x508 (c:\windows\explorer.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
4FC
0x
8D0
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| pagefile_0x0000000000770000 | 0x00770000 | 0x0077ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000000000780000 | 0x00780000 | 0x00783fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000790000 | 0x00790000 | 0x00790fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000000007a0000 | 0x007a0000 | 0x007b3fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000000007c0000 | 0x007c0000 | 0x007fffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000800000 | 0x00800000 | 0x008fffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000900000 | 0x00900000 | 0x00903fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000910000 | 0x00910000 | 0x00910fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000000920000 | 0x00920000 | 0x00921fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000930000 | 0x00930000 | 0x00930fff | Private Memory | rw |
|
|
|
- |
| engagement cologne.exe | 0x00940000 | 0x00956fff | Memory Mapped File | rwx |
|
|
|
- |
| pagefile_0x00000000009a0000 | 0x009a0000 | 0x009a3fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000000009c0000 | 0x009c0000 | 0x009cffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000009e0000 | 0x009e0000 | 0x009effff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x009f0000 | 0x00aadfff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x0000000000ab0000 | 0x00ab0000 | 0x00b67fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000000b70000 | 0x00b70000 | 0x00c6ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000d70000 | 0x00d70000 | 0x00ef7fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000000f00000 | 0x00f00000 | 0x00f3ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000fc0000 | 0x00fc0000 | 0x00fcffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000fd0000 | 0x00fd0000 | 0x01150fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000001160000 | 0x01160000 | 0x0255ffff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000002560000 | 0x02560000 | 0x0265ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000002660000 | 0x02660000 | 0x02823fff | Pagefile Backed Memory | rwx |
|
|
|
- |
| wow64cpu.dll | 0x64ae0000 | 0x64ae7fff | Memory Mapped File | rwx |
|
|
|
- |
| wow64win.dll | 0x64af0000 | 0x64b62fff | Memory Mapped File | rwx |
|
|
|
- |
| wow64.dll | 0x64b70000 | 0x64bbefff | Memory Mapped File | rwx |
|
|
|
- |
| dwmapi.dll | 0x74c00000 | 0x74c1cfff | Memory Mapped File | rwx |
|
|
|
- |
| uxtheme.dll | 0x74c20000 | 0x74c94fff | Memory Mapped File | rwx |
|
|
|
- |
| apphelp.dll | 0x74ca0000 | 0x74d30fff | Memory Mapped File | rwx |
|
|
|
- |
| bcryptprimitives.dll | 0x74d40000 | 0x74d98fff | Memory Mapped File | rwx |
|
|
|
- |
| cryptbase.dll | 0x74da0000 | 0x74da9fff | Memory Mapped File | rwx |
|
|
|
- |
| sspicli.dll | 0x74db0000 | 0x74dcdfff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x74e70000 | 0x74fe5fff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x75260000 | 0x7534ffff | Memory Mapped File | rwx |
|
|
|
- |
| imm32.dll | 0x75400000 | 0x7542afff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x76c40000 | 0x76c82fff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x76d90000 | 0x76e3bfff | Memory Mapped File | rwx |
|
|
|
- |
| combase.dll | 0x76e40000 | 0x76ff9fff | Memory Mapped File | rwx |
|
|
|
- |
| gdi32.dll | 0x77000000 | 0x7714cfff | Memory Mapped File | rwx |
|
|
|
- |
| user32.dll | 0x77150000 | 0x7728ffff | Memory Mapped File | rwx |
|
|
|
- |
| msctf.dll | 0x778d0000 | 0x779effff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x779f0000 | 0x77aadfff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x77ca0000 | 0x77e18fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x000000007f23d000 | 0x7f23d000 | 0x7f23ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000007f240000 | 0x7f240000 | 0x7f33ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000007f340000 | 0x7f340000 | 0x7f362fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000007f364000 | 0x7f364000 | 0x7f364fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007f367000 | 0x7f367000 | 0x7f367fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007f36d000 | 0x7f36d000 | 0x7f36ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x000000007fff0000 | 0x7fff0000 | 0x7ff8ee37ffff | Private Memory | r |
|
|
|
- |
| ntdll.dll | 0x7ff8ee380000 | 0x7ff8ee541fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x00007ff8ee542000 | 0x7ff8ee542000 | 0x7ffffffeffff | Private Memory | r |
|
|
|
- |
Injection Information
| Injection Type | Source Process | Source Os Thread ID | Information | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | #3: c:\windows\syswow64\explorer.exe | 0x9e4 | address = 0x2660000, size = 1851392 |
|
1 | |
| Modify Memory | #3: c:\windows\syswow64\explorer.exe | 0x9e4 | address = 0x28220c7, size = 58 |
|
1 | |
| Modify Memory | #3: c:\windows\syswow64\explorer.exe | 0x9e4 | address = 0x77cdc700, size = 6 |
|
1 |
Process #8: cambridge.exe
0
0
| Information | Value |
|---|---|
| ID | #8 |
| File Name | c:\program files (x86)\internet explorer\cambridge.exe |
| Command Line | "C:\Program Files (x86)\Internet Explorer\cambridge.exe" |
| Initial Working Directory | C:\Program Files (x86)\Internet Explorer\ |
| Monitor | Start Time: 00:02:22, Reason: Injection |
| Unmonitor | End Time: 00:03:06, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:44 |
| Remark | No high level activity detected in monitored regions |
| Remark | This is a randomly generated process started by the VMRay Analyzer prior to the sample analysis. |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x714 |
| Parent PID | 0x508 (c:\windows\explorer.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
7DC
0x
8E4
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| pagefile_0x0000000000880000 | 0x00880000 | 0x0088ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000000000890000 | 0x00890000 | 0x00893fff | Private Memory | rw |
|
|
|
- |
| private_0x00000000008a0000 | 0x008a0000 | 0x008a0fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000000008b0000 | 0x008b0000 | 0x008c3fff | Pagefile Backed Memory | r |
|
|
|
- |
| cambridge.exe | 0x008d0000 | 0x008e6fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x00000000008f0000 | 0x008f0000 | 0x0092ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000930000 | 0x00930000 | 0x00a2ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000a30000 | 0x00a30000 | 0x00a33fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000a40000 | 0x00a40000 | 0x00a40fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000000a50000 | 0x00a50000 | 0x00a51fff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x00a60000 | 0x00b1dfff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000000b20000 | 0x00b20000 | 0x00b20fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000b30000 | 0x00b30000 | 0x00b33fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000000b50000 | 0x00b50000 | 0x00b5ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000cd0000 | 0x00cd0000 | 0x00dcffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000dd0000 | 0x00dd0000 | 0x00f57fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000f60000 | 0x00f60000 | 0x01017fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000001020000 | 0x01020000 | 0x0105ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000001060000 | 0x01060000 | 0x0106ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000001070000 | 0x01070000 | 0x011f0fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000001200000 | 0x01200000 | 0x025fffff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000002600000 | 0x02600000 | 0x026fffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000027f0000 | 0x027f0000 | 0x027fffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000002800000 | 0x02800000 | 0x029c3fff | Pagefile Backed Memory | rwx |
|
|
|
- |
| wow64cpu.dll | 0x64ae0000 | 0x64ae7fff | Memory Mapped File | rwx |
|
|
|
- |
| wow64win.dll | 0x64af0000 | 0x64b62fff | Memory Mapped File | rwx |
|
|
|
- |
| wow64.dll | 0x64b70000 | 0x64bbefff | Memory Mapped File | rwx |
|
|
|
- |
| dwmapi.dll | 0x74c00000 | 0x74c1cfff | Memory Mapped File | rwx |
|
|
|
- |
| uxtheme.dll | 0x74c20000 | 0x74c94fff | Memory Mapped File | rwx |
|
|
|
- |
| apphelp.dll | 0x74ca0000 | 0x74d30fff | Memory Mapped File | rwx |
|
|
|
- |
| bcryptprimitives.dll | 0x74d40000 | 0x74d98fff | Memory Mapped File | rwx |
|
|
|
- |
| cryptbase.dll | 0x74da0000 | 0x74da9fff | Memory Mapped File | rwx |
|
|
|
- |
| sspicli.dll | 0x74db0000 | 0x74dcdfff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x74e70000 | 0x74fe5fff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x75260000 | 0x7534ffff | Memory Mapped File | rwx |
|
|
|
- |
| imm32.dll | 0x75400000 | 0x7542afff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x76c40000 | 0x76c82fff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x76d90000 | 0x76e3bfff | Memory Mapped File | rwx |
|
|
|
- |
| combase.dll | 0x76e40000 | 0x76ff9fff | Memory Mapped File | rwx |
|
|
|
- |
| gdi32.dll | 0x77000000 | 0x7714cfff | Memory Mapped File | rwx |
|
|
|
- |
| user32.dll | 0x77150000 | 0x7728ffff | Memory Mapped File | rwx |
|
|
|
- |
| msctf.dll | 0x778d0000 | 0x779effff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x779f0000 | 0x77aadfff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x77ca0000 | 0x77e18fff | Memory Mapped File | rwx |
|
|
|
- |
| pagefile_0x000000007f0c0000 | 0x7f0c0000 | 0x7f1bffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000007f1c0000 | 0x7f1c0000 | 0x7f1e2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000007f1e4000 | 0x7f1e4000 | 0x7f1e6fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007f1ea000 | 0x7f1ea000 | 0x7f1eafff | Private Memory | rw |
|
|
|
- |
| private_0x000000007f1ec000 | 0x7f1ec000 | 0x7f1eefff | Private Memory | rw |
|
|
|
- |
| private_0x000000007f1ef000 | 0x7f1ef000 | 0x7f1effff | Private Memory | rw |
|
|
|
- |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x000000007fff0000 | 0x7fff0000 | 0x7ff8ee37ffff | Private Memory | r |
|
|
|
- |
| ntdll.dll | 0x7ff8ee380000 | 0x7ff8ee541fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x00007ff8ee542000 | 0x7ff8ee542000 | 0x7ffffffeffff | Private Memory | r |
|
|
|
- |
Injection Information
| Injection Type | Source Process | Source Os Thread ID | Information | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | #3: c:\windows\syswow64\explorer.exe | 0x9e4 | address = 0x2800000, size = 1851392 |
|
1 | |
| Modify Memory | #3: c:\windows\syswow64\explorer.exe | 0x9e4 | address = 0x29c20c7, size = 58 |
|
1 | |
| Modify Memory | #3: c:\windows\syswow64\explorer.exe | 0x9e4 | address = 0x77cdc700, size = 6 |
|
1 |
Process #9: amateur-dishes.exe
0
0
| Information | Value |
|---|---|
| ID | #9 |
| File Name | c:\program files\msbuild\amateur-dishes.exe |
| Command Line | "C:\Program Files\MSBuild\amateur-dishes.exe" |
| Initial Working Directory | C:\Program Files\MSBuild\ |
| Monitor | Start Time: 00:02:22, Reason: Injection |
| Unmonitor | End Time: 00:03:06, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:44 |
| Remark | No high level activity detected in monitored regions |
| Remark | This is a randomly generated process started by the VMRay Analyzer prior to the sample analysis. |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x1a8 |
| Parent PID | 0x508 (c:\windows\explorer.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
5C0
0x
1B8
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| amateur-dishes.exe | 0x00250000 | 0x00266fff | Memory Mapped File | rwx |
|
|
|
- |
| pagefile_0x0000000000f30000 | 0x00f30000 | 0x00f3ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000000000f40000 | 0x00f40000 | 0x00f43fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000f50000 | 0x00f50000 | 0x00f50fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000f60000 | 0x00f60000 | 0x00f73fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000000f80000 | 0x00f80000 | 0x00fbffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000fc0000 | 0x00fc0000 | 0x010bffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000000010c0000 | 0x010c0000 | 0x010c3fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000000010d0000 | 0x010d0000 | 0x010d0fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000000010e0000 | 0x010e0000 | 0x010e1fff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x010f0000 | 0x011adfff | Memory Mapped File | r |
|
|
|
- |
| private_0x00000000011b0000 | 0x011b0000 | 0x011bffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000001200000 | 0x01200000 | 0x01200fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000001210000 | 0x01210000 | 0x01213fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000001220000 | 0x01220000 | 0x0125ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000001260000 | 0x01260000 | 0x0126ffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000012c0000 | 0x012c0000 | 0x013bffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000000014c0000 | 0x014c0000 | 0x01647fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000001650000 | 0x01650000 | 0x017d0fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000000017e0000 | 0x017e0000 | 0x02bdffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000002be0000 | 0x02be0000 | 0x02c97fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000002ca0000 | 0x02ca0000 | 0x02d9ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002dd0000 | 0x02dd0000 | 0x02ddffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000002de0000 | 0x02de0000 | 0x02fa3fff | Pagefile Backed Memory | rwx |
|
|
|
- |
| wow64cpu.dll | 0x64ae0000 | 0x64ae7fff | Memory Mapped File | rwx |
|
|
|
- |
| wow64win.dll | 0x64af0000 | 0x64b62fff | Memory Mapped File | rwx |
|
|
|
- |
| wow64.dll | 0x64b70000 | 0x64bbefff | Memory Mapped File | rwx |
|
|
|
- |
| dwmapi.dll | 0x74c00000 | 0x74c1cfff | Memory Mapped File | rwx |
|
|
|
- |
| uxtheme.dll | 0x74c20000 | 0x74c94fff | Memory Mapped File | rwx |
|
|
|
- |
| apphelp.dll | 0x74ca0000 | 0x74d30fff | Memory Mapped File | rwx |
|
|
|
- |
| bcryptprimitives.dll | 0x74d40000 | 0x74d98fff | Memory Mapped File | rwx |
|
|
|
- |
| cryptbase.dll | 0x74da0000 | 0x74da9fff | Memory Mapped File | rwx |
|
|
|
- |
| sspicli.dll | 0x74db0000 | 0x74dcdfff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x74e70000 | 0x74fe5fff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x75260000 | 0x7534ffff | Memory Mapped File | rwx |
|
|
|
- |
| imm32.dll | 0x75400000 | 0x7542afff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x76c40000 | 0x76c82fff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x76d90000 | 0x76e3bfff | Memory Mapped File | rwx |
|
|
|
- |
| combase.dll | 0x76e40000 | 0x76ff9fff | Memory Mapped File | rwx |
|
|
|
- |
| gdi32.dll | 0x77000000 | 0x7714cfff | Memory Mapped File | rwx |
|
|
|
- |
| user32.dll | 0x77150000 | 0x7728ffff | Memory Mapped File | rwx |
|
|
|
- |
| msctf.dll | 0x778d0000 | 0x779effff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x779f0000 | 0x77aadfff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x77ca0000 | 0x77e18fff | Memory Mapped File | rwx |
|
|
|
- |
| pagefile_0x000000007e5a0000 | 0x7e5a0000 | 0x7e69ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000007e6a0000 | 0x7e6a0000 | 0x7e6c2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000007e6c4000 | 0x7e6c4000 | 0x7e6c4fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007e6c6000 | 0x7e6c6000 | 0x7e6c8fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007e6c9000 | 0x7e6c9000 | 0x7e6c9fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007e6cd000 | 0x7e6cd000 | 0x7e6cffff | Private Memory | rw |
|
|
|
- |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x000000007fff0000 | 0x7fff0000 | 0x7ff8ee37ffff | Private Memory | r |
|
|
|
- |
| ntdll.dll | 0x7ff8ee380000 | 0x7ff8ee541fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x00007ff8ee542000 | 0x7ff8ee542000 | 0x7ffffffeffff | Private Memory | r |
|
|
|
- |
Injection Information
| Injection Type | Source Process | Source Os Thread ID | Information | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | #3: c:\windows\syswow64\explorer.exe | 0x9e4 | address = 0x2de0000, size = 1851392 |
|
1 | |
| Modify Memory | #3: c:\windows\syswow64\explorer.exe | 0x9e4 | address = 0x2fa20c7, size = 58 |
|
1 | |
| Modify Memory | #3: c:\windows\syswow64\explorer.exe | 0x9e4 | address = 0x77cdc700, size = 6 |
|
1 |
Process #10: science old.exe
0
0
| Information | Value |
|---|---|
| ID | #10 |
| File Name | c:\program files (x86)\reference assemblies\science old.exe |
| Command Line | "C:\Program Files (x86)\Reference Assemblies\science old.exe" |
| Initial Working Directory | C:\Program Files (x86)\Reference Assemblies\ |
| Monitor | Start Time: 00:02:22, Reason: Injection |
| Unmonitor | End Time: 00:03:06, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:44 |
| Remark | No high level activity detected in monitored regions |
| Remark | This is a randomly generated process started by the VMRay Analyzer prior to the sample analysis. |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x2b8 |
| Parent PID | 0x508 (c:\windows\explorer.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
BF4
0x
408
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| science old.exe | 0x00230000 | 0x00246fff | Memory Mapped File | rwx |
|
|
|
- |
| pagefile_0x0000000000e00000 | 0x00e00000 | 0x00e0ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000000000e10000 | 0x00e10000 | 0x00e13fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000e20000 | 0x00e20000 | 0x00e20fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000e30000 | 0x00e30000 | 0x00e43fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000000e50000 | 0x00e50000 | 0x00e8ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000e90000 | 0x00e90000 | 0x00f8ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000f90000 | 0x00f90000 | 0x00f93fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000fa0000 | 0x00fa0000 | 0x00fa0fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000000fb0000 | 0x00fb0000 | 0x00fb1fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000fc0000 | 0x00fc0000 | 0x00fc0fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000fd0000 | 0x00fd0000 | 0x00fd3fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000000fe0000 | 0x00fe0000 | 0x010dffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000001120000 | 0x01120000 | 0x0115ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000001180000 | 0x01180000 | 0x0118ffff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x01190000 | 0x0124dfff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x0000000001350000 | 0x01350000 | 0x014d7fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000001580000 | 0x01580000 | 0x0158ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000001590000 | 0x01590000 | 0x01710fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000001720000 | 0x01720000 | 0x02b1ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000002b20000 | 0x02b20000 | 0x02bd7fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000002cb0000 | 0x02cb0000 | 0x02cbffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002cc0000 | 0x02cc0000 | 0x02dbffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000002dc0000 | 0x02dc0000 | 0x02f83fff | Pagefile Backed Memory | rwx |
|
|
|
- |
| wow64cpu.dll | 0x64ae0000 | 0x64ae7fff | Memory Mapped File | rwx |
|
|
|
- |
| wow64win.dll | 0x64af0000 | 0x64b62fff | Memory Mapped File | rwx |
|
|
|
- |
| wow64.dll | 0x64b70000 | 0x64bbefff | Memory Mapped File | rwx |
|
|
|
- |
| dwmapi.dll | 0x74c00000 | 0x74c1cfff | Memory Mapped File | rwx |
|
|
|
- |
| uxtheme.dll | 0x74c20000 | 0x74c94fff | Memory Mapped File | rwx |
|
|
|
- |
| apphelp.dll | 0x74ca0000 | 0x74d30fff | Memory Mapped File | rwx |
|
|
|
- |
| bcryptprimitives.dll | 0x74d40000 | 0x74d98fff | Memory Mapped File | rwx |
|
|
|
- |
| cryptbase.dll | 0x74da0000 | 0x74da9fff | Memory Mapped File | rwx |
|
|
|
- |
| sspicli.dll | 0x74db0000 | 0x74dcdfff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x74e70000 | 0x74fe5fff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x75260000 | 0x7534ffff | Memory Mapped File | rwx |
|
|
|
- |
| imm32.dll | 0x75400000 | 0x7542afff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x76c40000 | 0x76c82fff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x76d90000 | 0x76e3bfff | Memory Mapped File | rwx |
|
|
|
- |
| combase.dll | 0x76e40000 | 0x76ff9fff | Memory Mapped File | rwx |
|
|
|
- |
| gdi32.dll | 0x77000000 | 0x7714cfff | Memory Mapped File | rwx |
|
|
|
- |
| user32.dll | 0x77150000 | 0x7728ffff | Memory Mapped File | rwx |
|
|
|
- |
| msctf.dll | 0x778d0000 | 0x779effff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x779f0000 | 0x77aadfff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x77ca0000 | 0x77e18fff | Memory Mapped File | rwx |
|
|
|
- |
| pagefile_0x000000007f650000 | 0x7f650000 | 0x7f74ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000007f750000 | 0x7f750000 | 0x7f772fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000007f774000 | 0x7f774000 | 0x7f774fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007f776000 | 0x7f776000 | 0x7f778fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007f77c000 | 0x7f77c000 | 0x7f77efff | Private Memory | rw |
|
|
|
- |
| private_0x000000007f77f000 | 0x7f77f000 | 0x7f77ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x000000007fff0000 | 0x7fff0000 | 0x7ff8ee37ffff | Private Memory | r |
|
|
|
- |
| ntdll.dll | 0x7ff8ee380000 | 0x7ff8ee541fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x00007ff8ee542000 | 0x7ff8ee542000 | 0x7ffffffeffff | Private Memory | r |
|
|
|
- |
Injection Information
| Injection Type | Source Process | Source Os Thread ID | Information | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | #3: c:\windows\syswow64\explorer.exe | 0x9e4 | address = 0x2dc0000, size = 1851392 |
|
1 | |
| Modify Memory | #3: c:\windows\syswow64\explorer.exe | 0x9e4 | address = 0x2f820c7, size = 58 |
|
1 | |
| Modify Memory | #3: c:\windows\syswow64\explorer.exe | 0x9e4 | address = 0x77cdc700, size = 6 |
|
1 |
Process #11: handling investing experimental.exe
0
0
| Information | Value |
|---|---|
| ID | #11 |
| File Name | c:\program files (x86)\windowspowershell\handling investing experimental.exe |
| Command Line | "C:\Program Files (x86)\WindowsPowerShell\handling investing experimental.exe" |
| Initial Working Directory | C:\Program Files (x86)\WindowsPowerShell\ |
| Monitor | Start Time: 00:02:22, Reason: Injection |
| Unmonitor | End Time: 00:03:06, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:44 |
| Remark | No high level activity detected in monitored regions |
| Remark | This is a randomly generated process started by the VMRay Analyzer prior to the sample analysis. |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x608 |
| Parent PID | 0x508 (c:\windows\explorer.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
16C
0x
784
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| pagefile_0x0000000000120000 | 0x00120000 | 0x0012ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000000000130000 | 0x00130000 | 0x00133fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000140000 | 0x00140000 | 0x00140fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000150000 | 0x00150000 | 0x00163fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000000170000 | 0x00170000 | 0x001affff | Private Memory | rw |
|
|
|
- |
| private_0x00000000001b0000 | 0x001b0000 | 0x002affff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000000002b0000 | 0x002b0000 | 0x002b3fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000000002c0000 | 0x002c0000 | 0x002c0fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000000002d0000 | 0x002d0000 | 0x002d1fff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x002e0000 | 0x0039dfff | Memory Mapped File | r |
|
|
|
- |
| private_0x00000000003a0000 | 0x003a0000 | 0x003affff | Private Memory | rw |
|
|
|
- |
| handling investing experimental.exe | 0x003f0000 | 0x00406fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x0000000000510000 | 0x00510000 | 0x00510fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000520000 | 0x00520000 | 0x00523fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000000530000 | 0x00530000 | 0x0056ffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000005a0000 | 0x005a0000 | 0x005affff | Private Memory | rw |
|
|
|
- |
| private_0x00000000005b0000 | 0x005b0000 | 0x006affff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000000006b0000 | 0x006b0000 | 0x00837fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000840000 | 0x00840000 | 0x009c0fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000000009d0000 | 0x009d0000 | 0x01dcffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000001dd0000 | 0x01dd0000 | 0x01e87fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000001f50000 | 0x01f50000 | 0x01f5ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000001f60000 | 0x01f60000 | 0x0205ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000002060000 | 0x02060000 | 0x02223fff | Pagefile Backed Memory | rwx |
|
|
|
- |
| wow64cpu.dll | 0x64ae0000 | 0x64ae7fff | Memory Mapped File | rwx |
|
|
|
- |
| wow64win.dll | 0x64af0000 | 0x64b62fff | Memory Mapped File | rwx |
|
|
|
- |
| wow64.dll | 0x64b70000 | 0x64bbefff | Memory Mapped File | rwx |
|
|
|
- |
| dwmapi.dll | 0x74c00000 | 0x74c1cfff | Memory Mapped File | rwx |
|
|
|
- |
| uxtheme.dll | 0x74c20000 | 0x74c94fff | Memory Mapped File | rwx |
|
|
|
- |
| apphelp.dll | 0x74ca0000 | 0x74d30fff | Memory Mapped File | rwx |
|
|
|
- |
| bcryptprimitives.dll | 0x74d40000 | 0x74d98fff | Memory Mapped File | rwx |
|
|
|
- |
| cryptbase.dll | 0x74da0000 | 0x74da9fff | Memory Mapped File | rwx |
|
|
|
- |
| sspicli.dll | 0x74db0000 | 0x74dcdfff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x74e70000 | 0x74fe5fff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x75260000 | 0x7534ffff | Memory Mapped File | rwx |
|
|
|
- |
| imm32.dll | 0x75400000 | 0x7542afff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x76c40000 | 0x76c82fff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x76d90000 | 0x76e3bfff | Memory Mapped File | rwx |
|
|
|
- |
| combase.dll | 0x76e40000 | 0x76ff9fff | Memory Mapped File | rwx |
|
|
|
- |
| gdi32.dll | 0x77000000 | 0x7714cfff | Memory Mapped File | rwx |
|
|
|
- |
| user32.dll | 0x77150000 | 0x7728ffff | Memory Mapped File | rwx |
|
|
|
- |
| msctf.dll | 0x778d0000 | 0x779effff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x779f0000 | 0x77aadfff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x77ca0000 | 0x77e18fff | Memory Mapped File | rwx |
|
|
|
- |
| pagefile_0x000000007f880000 | 0x7f880000 | 0x7f97ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000007f980000 | 0x7f980000 | 0x7f9a2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000007f9a3000 | 0x7f9a3000 | 0x7f9a3fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007f9a5000 | 0x7f9a5000 | 0x7f9a7fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007f9a8000 | 0x7f9a8000 | 0x7f9a8fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007f9ad000 | 0x7f9ad000 | 0x7f9affff | Private Memory | rw |
|
|
|
- |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x000000007fff0000 | 0x7fff0000 | 0x7ff8ee37ffff | Private Memory | r |
|
|
|
- |
| ntdll.dll | 0x7ff8ee380000 | 0x7ff8ee541fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x00007ff8ee542000 | 0x7ff8ee542000 | 0x7ffffffeffff | Private Memory | r |
|
|
|
- |
Injection Information
| Injection Type | Source Process | Source Os Thread ID | Information | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | #3: c:\windows\syswow64\explorer.exe | 0x9e4 | address = 0x2060000, size = 1851392 |
|
1 | |
| Modify Memory | #3: c:\windows\syswow64\explorer.exe | 0x9e4 | address = 0x22220c7, size = 58 |
|
1 | |
| Modify Memory | #3: c:\windows\syswow64\explorer.exe | 0x9e4 | address = 0x77cdc700, size = 6 |
|
1 |
Process #12: pdf_incoming_tracked.exe
0
0
| Information | Value |
|---|---|
| ID | #12 |
| File Name | c:\program files (x86)\internet explorer\pdf_incoming_tracked.exe |
| Command Line | "C:\Program Files (x86)\Internet Explorer\pdf_incoming_tracked.exe" |
| Initial Working Directory | C:\Program Files (x86)\Internet Explorer\ |
| Monitor | Start Time: 00:02:22, Reason: Injection |
| Unmonitor | End Time: 00:03:06, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:44 |
| Remark | No high level activity detected in monitored regions |
| Remark | This is a randomly generated process started by the VMRay Analyzer prior to the sample analysis. |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x134 |
| Parent PID | 0x508 (c:\windows\explorer.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
98C
0x
420
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| pagefile_0x0000000000c60000 | 0x00c60000 | 0x00c6ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000000000c70000 | 0x00c70000 | 0x00c73fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000c80000 | 0x00c80000 | 0x00c80fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000c90000 | 0x00c90000 | 0x00ca3fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000000cb0000 | 0x00cb0000 | 0x00ceffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000cf0000 | 0x00cf0000 | 0x00deffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000df0000 | 0x00df0000 | 0x00df3fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000e00000 | 0x00e00000 | 0x00e00fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000000e10000 | 0x00e10000 | 0x00e11fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000e20000 | 0x00e20000 | 0x00e20fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000e30000 | 0x00e30000 | 0x00e33fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000000e40000 | 0x00e40000 | 0x00e4ffff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x00e50000 | 0x00f0dfff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000000f50000 | 0x00f50000 | 0x00f8ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000fc0000 | 0x00fc0000 | 0x010bffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000000011c0000 | 0x011c0000 | 0x01347fff | Pagefile Backed Memory | r |
|
|
|
- |
| pdf_incoming_tracked.exe | 0x013e0000 | 0x013f6fff | Memory Mapped File | rwx |
|
|
|
- |
| pagefile_0x0000000001400000 | 0x01400000 | 0x01580fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000000015b0000 | 0x015b0000 | 0x015bffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000000015c0000 | 0x015c0000 | 0x029bffff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000002a50000 | 0x02a50000 | 0x02a5ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000002a60000 | 0x02a60000 | 0x02b17fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000002b20000 | 0x02b20000 | 0x02c1ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000002c20000 | 0x02c20000 | 0x02de3fff | Pagefile Backed Memory | rwx |
|
|
|
- |
| wow64cpu.dll | 0x64ae0000 | 0x64ae7fff | Memory Mapped File | rwx |
|
|
|
- |
| wow64win.dll | 0x64af0000 | 0x64b62fff | Memory Mapped File | rwx |
|
|
|
- |
| wow64.dll | 0x64b70000 | 0x64bbefff | Memory Mapped File | rwx |
|
|
|
- |
| dwmapi.dll | 0x74c00000 | 0x74c1cfff | Memory Mapped File | rwx |
|
|
|
- |
| uxtheme.dll | 0x74c20000 | 0x74c94fff | Memory Mapped File | rwx |
|
|
|
- |
| apphelp.dll | 0x74ca0000 | 0x74d30fff | Memory Mapped File | rwx |
|
|
|
- |
| bcryptprimitives.dll | 0x74d40000 | 0x74d98fff | Memory Mapped File | rwx |
|
|
|
- |
| cryptbase.dll | 0x74da0000 | 0x74da9fff | Memory Mapped File | rwx |
|
|
|
- |
| sspicli.dll | 0x74db0000 | 0x74dcdfff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x74e70000 | 0x74fe5fff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x75260000 | 0x7534ffff | Memory Mapped File | rwx |
|
|
|
- |
| imm32.dll | 0x75400000 | 0x7542afff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x76c40000 | 0x76c82fff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x76d90000 | 0x76e3bfff | Memory Mapped File | rwx |
|
|
|
- |
| combase.dll | 0x76e40000 | 0x76ff9fff | Memory Mapped File | rwx |
|
|
|
- |
| gdi32.dll | 0x77000000 | 0x7714cfff | Memory Mapped File | rwx |
|
|
|
- |
| user32.dll | 0x77150000 | 0x7728ffff | Memory Mapped File | rwx |
|
|
|
- |
| msctf.dll | 0x778d0000 | 0x779effff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x779f0000 | 0x77aadfff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x77ca0000 | 0x77e18fff | Memory Mapped File | rwx |
|
|
|
- |
| pagefile_0x000000007e790000 | 0x7e790000 | 0x7e88ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000007e890000 | 0x7e890000 | 0x7e8b2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000007e8b4000 | 0x7e8b4000 | 0x7e8b6fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007e8ba000 | 0x7e8ba000 | 0x7e8bafff | Private Memory | rw |
|
|
|
- |
| private_0x000000007e8bc000 | 0x7e8bc000 | 0x7e8bcfff | Private Memory | rw |
|
|
|
- |
| private_0x000000007e8bd000 | 0x7e8bd000 | 0x7e8bffff | Private Memory | rw |
|
|
|
- |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x000000007fff0000 | 0x7fff0000 | 0x7ff8ee37ffff | Private Memory | r |
|
|
|
- |
| ntdll.dll | 0x7ff8ee380000 | 0x7ff8ee541fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x00007ff8ee542000 | 0x7ff8ee542000 | 0x7ffffffeffff | Private Memory | r |
|
|
|
- |
Injection Information
| Injection Type | Source Process | Source Os Thread ID | Information | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | #3: c:\windows\syswow64\explorer.exe | 0x9e4 | address = 0x2c20000, size = 1851392 |
|
1 | |
| Modify Memory | #3: c:\windows\syswow64\explorer.exe | 0x9e4 | address = 0x2de20c7, size = 58 |
|
1 | |
| Modify Memory | #3: c:\windows\syswow64\explorer.exe | 0x9e4 | address = 0x77cdc700, size = 6 |
|
1 |
Process #13: rangestremendous.exe
0
0
| Information | Value |
|---|---|
| ID | #13 |
| File Name | c:\program files (x86)\common files\rangestremendous.exe |
| Command Line | "C:\Program Files (x86)\Common Files\rangestremendous.exe" |
| Initial Working Directory | C:\Program Files (x86)\Common Files\ |
| Monitor | Start Time: 00:02:22, Reason: Injection |
| Unmonitor | End Time: 00:03:06, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:44 |
| Remark | No high level activity detected in monitored regions |
| Remark | This is a randomly generated process started by the VMRay Analyzer prior to the sample analysis. |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x720 |
| Parent PID | 0x508 (c:\windows\explorer.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
8E0
0x
654
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| rangestremendous.exe | 0x00e80000 | 0x00e96fff | Memory Mapped File | rwx |
|
|
|
- |
| pagefile_0x0000000000f40000 | 0x00f40000 | 0x00f4ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000000000f50000 | 0x00f50000 | 0x00f53fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000f60000 | 0x00f60000 | 0x00f60fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000f70000 | 0x00f70000 | 0x00f83fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000000f90000 | 0x00f90000 | 0x00fcffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000fd0000 | 0x00fd0000 | 0x010cffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000000010d0000 | 0x010d0000 | 0x010d3fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000000010e0000 | 0x010e0000 | 0x010e0fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000000010f0000 | 0x010f0000 | 0x010f1fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000001140000 | 0x01140000 | 0x0114ffff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x01150000 | 0x0120dfff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000001210000 | 0x01210000 | 0x01210fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000001220000 | 0x01220000 | 0x01223fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000001230000 | 0x01230000 | 0x0123ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000001240000 | 0x01240000 | 0x0127ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000001280000 | 0x01280000 | 0x0137ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000001480000 | 0x01480000 | 0x01607fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000001610000 | 0x01610000 | 0x01790fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000000017a0000 | 0x017a0000 | 0x02b9ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000002ba0000 | 0x02ba0000 | 0x02c57fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000002c70000 | 0x02c70000 | 0x02c7ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002c80000 | 0x02c80000 | 0x02d7ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000002d80000 | 0x02d80000 | 0x02f43fff | Pagefile Backed Memory | rwx |
|
|
|
- |
| wow64cpu.dll | 0x64ae0000 | 0x64ae7fff | Memory Mapped File | rwx |
|
|
|
- |
| wow64win.dll | 0x64af0000 | 0x64b62fff | Memory Mapped File | rwx |
|
|
|
- |
| wow64.dll | 0x64b70000 | 0x64bbefff | Memory Mapped File | rwx |
|
|
|
- |
| dwmapi.dll | 0x74c00000 | 0x74c1cfff | Memory Mapped File | rwx |
|
|
|
- |
| uxtheme.dll | 0x74c20000 | 0x74c94fff | Memory Mapped File | rwx |
|
|
|
- |
| apphelp.dll | 0x74ca0000 | 0x74d30fff | Memory Mapped File | rwx |
|
|
|
- |
| bcryptprimitives.dll | 0x74d40000 | 0x74d98fff | Memory Mapped File | rwx |
|
|
|
- |
| cryptbase.dll | 0x74da0000 | 0x74da9fff | Memory Mapped File | rwx |
|
|
|
- |
| sspicli.dll | 0x74db0000 | 0x74dcdfff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x74e70000 | 0x74fe5fff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x75260000 | 0x7534ffff | Memory Mapped File | rwx |
|
|
|
- |
| imm32.dll | 0x75400000 | 0x7542afff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x76c40000 | 0x76c82fff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x76d90000 | 0x76e3bfff | Memory Mapped File | rwx |
|
|
|
- |
| combase.dll | 0x76e40000 | 0x76ff9fff | Memory Mapped File | rwx |
|
|
|
- |
| gdi32.dll | 0x77000000 | 0x7714cfff | Memory Mapped File | rwx |
|
|
|
- |
| user32.dll | 0x77150000 | 0x7728ffff | Memory Mapped File | rwx |
|
|
|
- |
| msctf.dll | 0x778d0000 | 0x779effff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x779f0000 | 0x77aadfff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x77ca0000 | 0x77e18fff | Memory Mapped File | rwx |
|
|
|
- |
| pagefile_0x000000007eb60000 | 0x7eb60000 | 0x7ec5ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000007ec60000 | 0x7ec60000 | 0x7ec82fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000007ec84000 | 0x7ec84000 | 0x7ec86fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007ec87000 | 0x7ec87000 | 0x7ec87fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007ec8c000 | 0x7ec8c000 | 0x7ec8efff | Private Memory | rw |
|
|
|
- |
| private_0x000000007ec8f000 | 0x7ec8f000 | 0x7ec8ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x000000007fff0000 | 0x7fff0000 | 0x7ff8ee37ffff | Private Memory | r |
|
|
|
- |
| ntdll.dll | 0x7ff8ee380000 | 0x7ff8ee541fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x00007ff8ee542000 | 0x7ff8ee542000 | 0x7ffffffeffff | Private Memory | r |
|
|
|
- |
Injection Information
| Injection Type | Source Process | Source Os Thread ID | Information | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | #3: c:\windows\syswow64\explorer.exe | 0x9e4 | address = 0x2d80000, size = 1851392 |
|
1 | |
| Modify Memory | #3: c:\windows\syswow64\explorer.exe | 0x9e4 | address = 0x2f420c7, size = 58 |
|
1 | |
| Modify Memory | #3: c:\windows\syswow64\explorer.exe | 0x9e4 | address = 0x77cdc700, size = 6 |
|
1 |
Process #14: uncertainty_furnishings_tramadol.exe
0
0
| Information | Value |
|---|---|
| ID | #14 |
| File Name | c:\program files (x86)\common files\uncertainty_furnishings_tramadol.exe |
| Command Line | "C:\Program Files (x86)\Common Files\uncertainty_furnishings_tramadol.exe" |
| Initial Working Directory | C:\Program Files (x86)\Common Files\ |
| Monitor | Start Time: 00:02:22, Reason: Injection |
| Unmonitor | End Time: 00:03:06, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:44 |
| Remark | No high level activity detected in monitored regions |
| Remark | This is a randomly generated process started by the VMRay Analyzer prior to the sample analysis. |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x644 |
| Parent PID | 0x508 (c:\windows\explorer.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
ACC
0x
718
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| pagefile_0x0000000000630000 | 0x00630000 | 0x0063ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000000000640000 | 0x00640000 | 0x00643fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000650000 | 0x00650000 | 0x00650fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000660000 | 0x00660000 | 0x00673fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000000680000 | 0x00680000 | 0x006bffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000006c0000 | 0x006c0000 | 0x007bffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000000007c0000 | 0x007c0000 | 0x007c3fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000000007d0000 | 0x007d0000 | 0x007d0fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000000007e0000 | 0x007e0000 | 0x007e1fff | Private Memory | rw |
|
|
|
- |
| private_0x00000000007f0000 | 0x007f0000 | 0x008effff | Private Memory | rw |
|
|
|
- |
| private_0x00000000008f0000 | 0x008f0000 | 0x008f0fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000900000 | 0x00900000 | 0x00903fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000000920000 | 0x00920000 | 0x0092ffff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x00930000 | 0x009edfff | Memory Mapped File | r |
|
|
|
- |
| uncertainty_furnishings_tramadol.exe | 0x00a60000 | 0x00a76fff | Memory Mapped File | rwx |
|
|
|
- |
| pagefile_0x0000000000b80000 | 0x00b80000 | 0x00d07fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000d10000 | 0x00d10000 | 0x00dc7fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000000de0000 | 0x00de0000 | 0x00deffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000df0000 | 0x00df0000 | 0x00f70fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000f80000 | 0x00f80000 | 0x0237ffff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000002380000 | 0x02380000 | 0x023bffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002470000 | 0x02470000 | 0x0247ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002480000 | 0x02480000 | 0x0257ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000002580000 | 0x02580000 | 0x02743fff | Pagefile Backed Memory | rwx |
|
|
|
- |
| wow64cpu.dll | 0x64ae0000 | 0x64ae7fff | Memory Mapped File | rwx |
|
|
|
- |
| wow64win.dll | 0x64af0000 | 0x64b62fff | Memory Mapped File | rwx |
|
|
|
- |
| wow64.dll | 0x64b70000 | 0x64bbefff | Memory Mapped File | rwx |
|
|
|
- |
| dwmapi.dll | 0x74c00000 | 0x74c1cfff | Memory Mapped File | rwx |
|
|
|
- |
| uxtheme.dll | 0x74c20000 | 0x74c94fff | Memory Mapped File | rwx |
|
|
|
- |
| apphelp.dll | 0x74ca0000 | 0x74d30fff | Memory Mapped File | rwx |
|
|
|
- |
| bcryptprimitives.dll | 0x74d40000 | 0x74d98fff | Memory Mapped File | rwx |
|
|
|
- |
| cryptbase.dll | 0x74da0000 | 0x74da9fff | Memory Mapped File | rwx |
|
|
|
- |
| sspicli.dll | 0x74db0000 | 0x74dcdfff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x74e70000 | 0x74fe5fff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x75260000 | 0x7534ffff | Memory Mapped File | rwx |
|
|
|
- |
| imm32.dll | 0x75400000 | 0x7542afff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x76c40000 | 0x76c82fff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x76d90000 | 0x76e3bfff | Memory Mapped File | rwx |
|
|
|
- |
| combase.dll | 0x76e40000 | 0x76ff9fff | Memory Mapped File | rwx |
|
|
|
- |
| gdi32.dll | 0x77000000 | 0x7714cfff | Memory Mapped File | rwx |
|
|
|
- |
| user32.dll | 0x77150000 | 0x7728ffff | Memory Mapped File | rwx |
|
|
|
- |
| msctf.dll | 0x778d0000 | 0x779effff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x779f0000 | 0x77aadfff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x77ca0000 | 0x77e18fff | Memory Mapped File | rwx |
|
|
|
- |
| pagefile_0x000000007ed30000 | 0x7ed30000 | 0x7ee2ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000007ee30000 | 0x7ee30000 | 0x7ee52fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000007ee53000 | 0x7ee53000 | 0x7ee53fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007ee56000 | 0x7ee56000 | 0x7ee58fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007ee5c000 | 0x7ee5c000 | 0x7ee5efff | Private Memory | rw |
|
|
|
- |
| private_0x000000007ee5f000 | 0x7ee5f000 | 0x7ee5ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x000000007fff0000 | 0x7fff0000 | 0x7ff8ee37ffff | Private Memory | r |
|
|
|
- |
| ntdll.dll | 0x7ff8ee380000 | 0x7ff8ee541fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x00007ff8ee542000 | 0x7ff8ee542000 | 0x7ffffffeffff | Private Memory | r |
|
|
|
- |
Injection Information
| Injection Type | Source Process | Source Os Thread ID | Information | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | #3: c:\windows\syswow64\explorer.exe | 0x9e4 | address = 0x2580000, size = 1851392 |
|
1 | |
| Modify Memory | #3: c:\windows\syswow64\explorer.exe | 0x9e4 | address = 0x27420c7, size = 58 |
|
1 | |
| Modify Memory | #3: c:\windows\syswow64\explorer.exe | 0x9e4 | address = 0x77cdc700, size = 6 |
|
1 |
Process #15: batteries_dirty.exe
0
0
| Information | Value |
|---|---|
| ID | #15 |
| File Name | c:\program files\windows sidebar\batteries_dirty.exe |
| Command Line | "C:\Program Files\Windows Sidebar\batteries_dirty.exe" |
| Initial Working Directory | C:\Program Files\Windows Sidebar\ |
| Monitor | Start Time: 00:02:22, Reason: Injection |
| Unmonitor | End Time: 00:03:06, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:44 |
| Remark | No high level activity detected in monitored regions |
| Remark | This is a randomly generated process started by the VMRay Analyzer prior to the sample analysis. |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xbd4 |
| Parent PID | 0x508 (c:\windows\explorer.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
474
0x
AE0
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| pagefile_0x00000000001d0000 | 0x001d0000 | 0x001dffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x00000000001e0000 | 0x001e0000 | 0x001e3fff | Private Memory | rw |
|
|
|
- |
| private_0x00000000001f0000 | 0x001f0000 | 0x001f0fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000200000 | 0x00200000 | 0x00213fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000000220000 | 0x00220000 | 0x0025ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000260000 | 0x00260000 | 0x0035ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000360000 | 0x00360000 | 0x00363fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000370000 | 0x00370000 | 0x00370fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000000380000 | 0x00380000 | 0x00381fff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x00390000 | 0x0044dfff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000000490000 | 0x00490000 | 0x00490fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000000004a0000 | 0x004a0000 | 0x004a3fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000000004b0000 | 0x004b0000 | 0x004effff | Private Memory | rw |
|
|
|
- |
| private_0x00000000004f0000 | 0x004f0000 | 0x004fffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000570000 | 0x00570000 | 0x0057ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000730000 | 0x00730000 | 0x0082ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000830000 | 0x00830000 | 0x009b7fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000000009c0000 | 0x009c0000 | 0x00b40fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000b50000 | 0x00b50000 | 0x00c07fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000000c10000 | 0x00c10000 | 0x00c1ffff | Private Memory | rw |
|
|
|
- |
| batteries_dirty.exe | 0x00c60000 | 0x00c76fff | Memory Mapped File | rwx |
|
|
|
- |
| pagefile_0x0000000000c80000 | 0x00c80000 | 0x0207ffff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000002080000 | 0x02080000 | 0x0217ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000002180000 | 0x02180000 | 0x02343fff | Pagefile Backed Memory | rwx |
|
|
|
- |
| wow64cpu.dll | 0x64ae0000 | 0x64ae7fff | Memory Mapped File | rwx |
|
|
|
- |
| wow64win.dll | 0x64af0000 | 0x64b62fff | Memory Mapped File | rwx |
|
|
|
- |
| wow64.dll | 0x64b70000 | 0x64bbefff | Memory Mapped File | rwx |
|
|
|
- |
| dwmapi.dll | 0x74c00000 | 0x74c1cfff | Memory Mapped File | rwx |
|
|
|
- |
| uxtheme.dll | 0x74c20000 | 0x74c94fff | Memory Mapped File | rwx |
|
|
|
- |
| apphelp.dll | 0x74ca0000 | 0x74d30fff | Memory Mapped File | rwx |
|
|
|
- |
| bcryptprimitives.dll | 0x74d40000 | 0x74d98fff | Memory Mapped File | rwx |
|
|
|
- |
| cryptbase.dll | 0x74da0000 | 0x74da9fff | Memory Mapped File | rwx |
|
|
|
- |
| sspicli.dll | 0x74db0000 | 0x74dcdfff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x74e70000 | 0x74fe5fff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x75260000 | 0x7534ffff | Memory Mapped File | rwx |
|
|
|
- |
| imm32.dll | 0x75400000 | 0x7542afff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x76c40000 | 0x76c82fff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x76d90000 | 0x76e3bfff | Memory Mapped File | rwx |
|
|
|
- |
| combase.dll | 0x76e40000 | 0x76ff9fff | Memory Mapped File | rwx |
|
|
|
- |
| gdi32.dll | 0x77000000 | 0x7714cfff | Memory Mapped File | rwx |
|
|
|
- |
| user32.dll | 0x77150000 | 0x7728ffff | Memory Mapped File | rwx |
|
|
|
- |
| msctf.dll | 0x778d0000 | 0x779effff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x779f0000 | 0x77aadfff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x77ca0000 | 0x77e18fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x000000007e69d000 | 0x7e69d000 | 0x7e69ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000007e6a0000 | 0x7e6a0000 | 0x7e79ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000007e7a0000 | 0x7e7a0000 | 0x7e7c2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000007e7c5000 | 0x7e7c5000 | 0x7e7c5fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007e7cb000 | 0x7e7cb000 | 0x7e7cdfff | Private Memory | rw |
|
|
|
- |
| private_0x000000007e7ce000 | 0x7e7ce000 | 0x7e7cefff | Private Memory | rw |
|
|
|
- |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x000000007fff0000 | 0x7fff0000 | 0x7ff8ee37ffff | Private Memory | r |
|
|
|
- |
| ntdll.dll | 0x7ff8ee380000 | 0x7ff8ee541fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x00007ff8ee542000 | 0x7ff8ee542000 | 0x7ffffffeffff | Private Memory | r |
|
|
|
- |
Injection Information
| Injection Type | Source Process | Source Os Thread ID | Information | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | #3: c:\windows\syswow64\explorer.exe | 0x9e4 | address = 0x2180000, size = 1851392 |
|
1 | |
| Modify Memory | #3: c:\windows\syswow64\explorer.exe | 0x9e4 | address = 0x23420c7, size = 58 |
|
1 | |
| Modify Memory | #3: c:\windows\syswow64\explorer.exe | 0x9e4 | address = 0x77cdc700, size = 6 |
|
1 |
Process #16: disorder.exe
0
0
| Information | Value |
|---|---|
| ID | #16 |
| File Name | c:\program files\windows portable devices\disorder.exe |
| Command Line | "C:\Program Files\Windows Portable Devices\disorder.exe" |
| Initial Working Directory | C:\Program Files\Windows Portable Devices\ |
| Monitor | Start Time: 00:02:22, Reason: Injection |
| Unmonitor | End Time: 00:03:06, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:44 |
| Remark | No high level activity detected in monitored regions |
| Remark | This is a randomly generated process started by the VMRay Analyzer prior to the sample analysis. |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x8e8 |
| Parent PID | 0x508 (c:\windows\explorer.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
AE8
0x
AC8
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| disorder.exe | 0x001b0000 | 0x001c6fff | Memory Mapped File | rwx |
|
|
|
- |
| pagefile_0x0000000000520000 | 0x00520000 | 0x0052ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000000000530000 | 0x00530000 | 0x00533fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000540000 | 0x00540000 | 0x00540fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000550000 | 0x00550000 | 0x00563fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000000570000 | 0x00570000 | 0x005affff | Private Memory | rw |
|
|
|
- |
| private_0x00000000005b0000 | 0x005b0000 | 0x006affff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000000006b0000 | 0x006b0000 | 0x006b3fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000000006c0000 | 0x006c0000 | 0x006c0fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000000006d0000 | 0x006d0000 | 0x006d1fff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x006e0000 | 0x0079dfff | Memory Mapped File | r |
|
|
|
- |
| private_0x00000000007e0000 | 0x007e0000 | 0x007e0fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000000007f0000 | 0x007f0000 | 0x007f3fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000000800000 | 0x00800000 | 0x0083ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000860000 | 0x00860000 | 0x0086ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000870000 | 0x00870000 | 0x0087ffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000009d0000 | 0x009d0000 | 0x00acffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000ad0000 | 0x00ad0000 | 0x00c57fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000c60000 | 0x00c60000 | 0x00de0fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000000e10000 | 0x00e10000 | 0x00e1ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000e20000 | 0x00e20000 | 0x0221ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000002220000 | 0x02220000 | 0x022d7fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000000022e0000 | 0x022e0000 | 0x023dffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000000023e0000 | 0x023e0000 | 0x025a3fff | Pagefile Backed Memory | rwx |
|
|
|
- |
| wow64cpu.dll | 0x64ae0000 | 0x64ae7fff | Memory Mapped File | rwx |
|
|
|
- |
| wow64win.dll | 0x64af0000 | 0x64b62fff | Memory Mapped File | rwx |
|
|
|
- |
| wow64.dll | 0x64b70000 | 0x64bbefff | Memory Mapped File | rwx |
|
|
|
- |
| dwmapi.dll | 0x74c00000 | 0x74c1cfff | Memory Mapped File | rwx |
|
|
|
- |
| uxtheme.dll | 0x74c20000 | 0x74c94fff | Memory Mapped File | rwx |
|
|
|
- |
| apphelp.dll | 0x74ca0000 | 0x74d30fff | Memory Mapped File | rwx |
|
|
|
- |
| bcryptprimitives.dll | 0x74d40000 | 0x74d98fff | Memory Mapped File | rwx |
|
|
|
- |
| cryptbase.dll | 0x74da0000 | 0x74da9fff | Memory Mapped File | rwx |
|
|
|
- |
| sspicli.dll | 0x74db0000 | 0x74dcdfff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x74e70000 | 0x74fe5fff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x75260000 | 0x7534ffff | Memory Mapped File | rwx |
|
|
|
- |
| imm32.dll | 0x75400000 | 0x7542afff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x76c40000 | 0x76c82fff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x76d90000 | 0x76e3bfff | Memory Mapped File | rwx |
|
|
|
- |
| combase.dll | 0x76e40000 | 0x76ff9fff | Memory Mapped File | rwx |
|
|
|
- |
| gdi32.dll | 0x77000000 | 0x7714cfff | Memory Mapped File | rwx |
|
|
|
- |
| user32.dll | 0x77150000 | 0x7728ffff | Memory Mapped File | rwx |
|
|
|
- |
| msctf.dll | 0x778d0000 | 0x779effff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x779f0000 | 0x77aadfff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x77ca0000 | 0x77e18fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x000000007f60d000 | 0x7f60d000 | 0x7f60ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000007f610000 | 0x7f610000 | 0x7f70ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000007f710000 | 0x7f710000 | 0x7f732fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000007f738000 | 0x7f738000 | 0x7f738fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007f73b000 | 0x7f73b000 | 0x7f73bfff | Private Memory | rw |
|
|
|
- |
| private_0x000000007f73d000 | 0x7f73d000 | 0x7f73ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x000000007fff0000 | 0x7fff0000 | 0x7ff8ee37ffff | Private Memory | r |
|
|
|
- |
| ntdll.dll | 0x7ff8ee380000 | 0x7ff8ee541fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x00007ff8ee542000 | 0x7ff8ee542000 | 0x7ffffffeffff | Private Memory | r |
|
|
|
- |
Injection Information
| Injection Type | Source Process | Source Os Thread ID | Information | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | #3: c:\windows\syswow64\explorer.exe | 0x9e4 | address = 0x23e0000, size = 1851392 |
|
1 | |
| Modify Memory | #3: c:\windows\syswow64\explorer.exe | 0x9e4 | address = 0x25a20c7, size = 58 |
|
1 | |
| Modify Memory | #3: c:\windows\syswow64\explorer.exe | 0x9e4 | address = 0x77cdc700, size = 6 |
|
1 |
Process #17: solo.exe
0
0
| Information | Value |
|---|---|
| ID | #17 |
| File Name | c:\program files (x86)\mozilla maintenance service\solo.exe |
| Command Line | "C:\Program Files (x86)\Mozilla Maintenance Service\solo.exe" |
| Initial Working Directory | C:\Program Files (x86)\Mozilla Maintenance Service\ |
| Monitor | Start Time: 00:02:22, Reason: Injection |
| Unmonitor | End Time: 00:03:06, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:44 |
| Remark | No high level activity detected in monitored regions |
| Remark | This is a randomly generated process started by the VMRay Analyzer prior to the sample analysis. |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x708 |
| Parent PID | 0x508 (c:\windows\explorer.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
83C
0x
B44
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| pagefile_0x0000000000020000 | 0x00020000 | 0x0002ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000000000030000 | 0x00030000 | 0x00033fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000040000 | 0x00040000 | 0x00040fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000050000 | 0x00050000 | 0x00063fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000070000 | 0x00070000 | 0x00073fff | Pagefile Backed Memory | r |
|
|
|
- |
| solo.exe | 0x00080000 | 0x00096fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x00000000000a0000 | 0x000a0000 | 0x000dffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000000e0000 | 0x000e0000 | 0x001dffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000000001e0000 | 0x001e0000 | 0x001e0fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000000001f0000 | 0x001f0000 | 0x001f1fff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x00200000 | 0x002bdfff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000000300000 | 0x00300000 | 0x00300fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000310000 | 0x00310000 | 0x00313fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000000320000 | 0x00320000 | 0x0035ffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000003a0000 | 0x003a0000 | 0x003affff | Private Memory | rw |
|
|
|
- |
| private_0x00000000003c0000 | 0x003c0000 | 0x003cffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000000003d0000 | 0x003d0000 | 0x00487fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000000004b0000 | 0x004b0000 | 0x005affff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000000006b0000 | 0x006b0000 | 0x00837fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000840000 | 0x00840000 | 0x009c0fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000000009f0000 | 0x009f0000 | 0x009fffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000a00000 | 0x00a00000 | 0x01dfffff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000001e00000 | 0x01e00000 | 0x01efffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000001f00000 | 0x01f00000 | 0x020c3fff | Pagefile Backed Memory | rwx |
|
|
|
- |
| wow64cpu.dll | 0x64ae0000 | 0x64ae7fff | Memory Mapped File | rwx |
|
|
|
- |
| wow64win.dll | 0x64af0000 | 0x64b62fff | Memory Mapped File | rwx |
|
|
|
- |
| wow64.dll | 0x64b70000 | 0x64bbefff | Memory Mapped File | rwx |
|
|
|
- |
| dwmapi.dll | 0x74c00000 | 0x74c1cfff | Memory Mapped File | rwx |
|
|
|
- |
| uxtheme.dll | 0x74c20000 | 0x74c94fff | Memory Mapped File | rwx |
|
|
|
- |
| apphelp.dll | 0x74ca0000 | 0x74d30fff | Memory Mapped File | rwx |
|
|
|
- |
| bcryptprimitives.dll | 0x74d40000 | 0x74d98fff | Memory Mapped File | rwx |
|
|
|
- |
| cryptbase.dll | 0x74da0000 | 0x74da9fff | Memory Mapped File | rwx |
|
|
|
- |
| sspicli.dll | 0x74db0000 | 0x74dcdfff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x74e70000 | 0x74fe5fff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x75260000 | 0x7534ffff | Memory Mapped File | rwx |
|
|
|
- |
| imm32.dll | 0x75400000 | 0x7542afff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x76c40000 | 0x76c82fff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x76d90000 | 0x76e3bfff | Memory Mapped File | rwx |
|
|
|
- |
| combase.dll | 0x76e40000 | 0x76ff9fff | Memory Mapped File | rwx |
|
|
|
- |
| gdi32.dll | 0x77000000 | 0x7714cfff | Memory Mapped File | rwx |
|
|
|
- |
| user32.dll | 0x77150000 | 0x7728ffff | Memory Mapped File | rwx |
|
|
|
- |
| msctf.dll | 0x778d0000 | 0x779effff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x779f0000 | 0x77aadfff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x77ca0000 | 0x77e18fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x000000007f51d000 | 0x7f51d000 | 0x7f51ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000007f520000 | 0x7f520000 | 0x7f61ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000007f620000 | 0x7f620000 | 0x7f642fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000007f647000 | 0x7f647000 | 0x7f647fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007f64a000 | 0x7f64a000 | 0x7f64afff | Private Memory | rw |
|
|
|
- |
| private_0x000000007f64d000 | 0x7f64d000 | 0x7f64ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x000000007fff0000 | 0x7fff0000 | 0x7ff8ee37ffff | Private Memory | r |
|
|
|
- |
| ntdll.dll | 0x7ff8ee380000 | 0x7ff8ee541fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x00007ff8ee542000 | 0x7ff8ee542000 | 0x7ffffffeffff | Private Memory | r |
|
|
|
- |
Injection Information
| Injection Type | Source Process | Source Os Thread ID | Information | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | #3: c:\windows\syswow64\explorer.exe | 0x9e4 | address = 0x1f00000, size = 1851392 |
|
1 | |
| Modify Memory | #3: c:\windows\syswow64\explorer.exe | 0x9e4 | address = 0x20c20c7, size = 58 |
|
1 | |
| Modify Memory | #3: c:\windows\syswow64\explorer.exe | 0x9e4 | address = 0x77cdc700, size = 6 |
|
1 |
Process #18: likes skiing.exe
0
0
| Information | Value |
|---|---|
| ID | #18 |
| File Name | c:\program files\java\likes skiing.exe |
| Command Line | "C:\Program Files\Java\likes skiing.exe" |
| Initial Working Directory | C:\Program Files\Java\ |
| Monitor | Start Time: 00:02:22, Reason: Injection |
| Unmonitor | End Time: 00:03:06, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:44 |
| Remark | No high level activity detected in monitored regions |
| Remark | This is a randomly generated process started by the VMRay Analyzer prior to the sample analysis. |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xb54 |
| Parent PID | 0x508 (c:\windows\explorer.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
768
0x
6B4
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| pagefile_0x00000000007a0000 | 0x007a0000 | 0x007affff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x00000000007b0000 | 0x007b0000 | 0x007b3fff | Private Memory | rw |
|
|
|
- |
| private_0x00000000007c0000 | 0x007c0000 | 0x007c0fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000000007d0000 | 0x007d0000 | 0x007e3fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000000007f0000 | 0x007f0000 | 0x0082ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000830000 | 0x00830000 | 0x0092ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000930000 | 0x00930000 | 0x00933fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000940000 | 0x00940000 | 0x00940fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000000950000 | 0x00950000 | 0x00951fff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x00960000 | 0x00a1dfff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000000a60000 | 0x00a60000 | 0x00a60fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000a70000 | 0x00a70000 | 0x00a73fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000000a90000 | 0x00a90000 | 0x00a9ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000aa0000 | 0x00aa0000 | 0x00adffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000b20000 | 0x00b20000 | 0x00b2ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000b80000 | 0x00b80000 | 0x00c7ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000d80000 | 0x00d80000 | 0x00f07fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000f10000 | 0x00f10000 | 0x01090fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000000010a0000 | 0x010a0000 | 0x01157fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000000011f0000 | 0x011f0000 | 0x011fffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000001200000 | 0x01200000 | 0x012fffff | Private Memory | rw |
|
|
|
- |
| likes skiing.exe | 0x013a0000 | 0x013b6fff | Memory Mapped File | rwx |
|
|
|
- |
| pagefile_0x00000000013c0000 | 0x013c0000 | 0x027bffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000000027c0000 | 0x027c0000 | 0x02983fff | Pagefile Backed Memory | rwx |
|
|
|
- |
| wow64cpu.dll | 0x64ae0000 | 0x64ae7fff | Memory Mapped File | rwx |
|
|
|
- |
| wow64win.dll | 0x64af0000 | 0x64b62fff | Memory Mapped File | rwx |
|
|
|
- |
| wow64.dll | 0x64b70000 | 0x64bbefff | Memory Mapped File | rwx |
|
|
|
- |
| dwmapi.dll | 0x74c00000 | 0x74c1cfff | Memory Mapped File | rwx |
|
|
|
- |
| uxtheme.dll | 0x74c20000 | 0x74c94fff | Memory Mapped File | rwx |
|
|
|
- |
| apphelp.dll | 0x74ca0000 | 0x74d30fff | Memory Mapped File | rwx |
|
|
|
- |
| bcryptprimitives.dll | 0x74d40000 | 0x74d98fff | Memory Mapped File | rwx |
|
|
|
- |
| cryptbase.dll | 0x74da0000 | 0x74da9fff | Memory Mapped File | rwx |
|
|
|
- |
| sspicli.dll | 0x74db0000 | 0x74dcdfff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x74e70000 | 0x74fe5fff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x75260000 | 0x7534ffff | Memory Mapped File | rwx |
|
|
|
- |
| imm32.dll | 0x75400000 | 0x7542afff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x76c40000 | 0x76c82fff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x76d90000 | 0x76e3bfff | Memory Mapped File | rwx |
|
|
|
- |
| combase.dll | 0x76e40000 | 0x76ff9fff | Memory Mapped File | rwx |
|
|
|
- |
| gdi32.dll | 0x77000000 | 0x7714cfff | Memory Mapped File | rwx |
|
|
|
- |
| user32.dll | 0x77150000 | 0x7728ffff | Memory Mapped File | rwx |
|
|
|
- |
| msctf.dll | 0x778d0000 | 0x779effff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x779f0000 | 0x77aadfff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x77ca0000 | 0x77e18fff | Memory Mapped File | rwx |
|
|
|
- |
| pagefile_0x000000007f430000 | 0x7f430000 | 0x7f52ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000007f530000 | 0x7f530000 | 0x7f552fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000007f554000 | 0x7f554000 | 0x7f554fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007f556000 | 0x7f556000 | 0x7f558fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007f55c000 | 0x7f55c000 | 0x7f55efff | Private Memory | rw |
|
|
|
- |
| private_0x000000007f55f000 | 0x7f55f000 | 0x7f55ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x000000007fff0000 | 0x7fff0000 | 0x7ff8ee37ffff | Private Memory | r |
|
|
|
- |
| ntdll.dll | 0x7ff8ee380000 | 0x7ff8ee541fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x00007ff8ee542000 | 0x7ff8ee542000 | 0x7ffffffeffff | Private Memory | r |
|
|
|
- |
Injection Information
| Injection Type | Source Process | Source Os Thread ID | Information | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | #3: c:\windows\syswow64\explorer.exe | 0x9e4 | address = 0x27c0000, size = 1851392 |
|
1 | |
| Modify Memory | #3: c:\windows\syswow64\explorer.exe | 0x9e4 | address = 0x29820c7, size = 58 |
|
1 | |
| Modify Memory | #3: c:\windows\syswow64\explorer.exe | 0x9e4 | address = 0x77cdc700, size = 6 |
|
1 |
Process #19: touringcontinuedrussia.exe
0
0
| Information | Value |
|---|---|
| ID | #19 |
| File Name | c:\program files\windows sidebar\touringcontinuedrussia.exe |
| Command Line | "C:\Program Files\Windows Sidebar\touringcontinuedrussia.exe" |
| Initial Working Directory | C:\Program Files\Windows Sidebar\ |
| Monitor | Start Time: 00:02:22, Reason: Injection |
| Unmonitor | End Time: 00:03:06, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:44 |
| Remark | No high level activity detected in monitored regions |
| Remark | This is a randomly generated process started by the VMRay Analyzer prior to the sample analysis. |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xb58 |
| Parent PID | 0x508 (c:\windows\explorer.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
7A4
0x
834
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| pagefile_0x0000000000f40000 | 0x00f40000 | 0x00f4ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000000000f50000 | 0x00f50000 | 0x00f53fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000f60000 | 0x00f60000 | 0x00f60fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000f70000 | 0x00f70000 | 0x00f83fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000000f90000 | 0x00f90000 | 0x00fcffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000fd0000 | 0x00fd0000 | 0x010cffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000000010d0000 | 0x010d0000 | 0x010d3fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000000010e0000 | 0x010e0000 | 0x010e0fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000000010f0000 | 0x010f0000 | 0x010f1fff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x01100000 | 0x011bdfff | Memory Mapped File | r |
|
|
|
- |
| private_0x00000000011c0000 | 0x011c0000 | 0x011c0fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000000011d0000 | 0x011d0000 | 0x011d3fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000000011e0000 | 0x011e0000 | 0x011effff | Private Memory | rw |
|
|
|
- |
| private_0x0000000001230000 | 0x01230000 | 0x0126ffff | Private Memory | rw |
|
|
|
- |
| touringcontinuedrussia.exe | 0x012b0000 | 0x012c6fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x0000000001380000 | 0x01380000 | 0x0147ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000001580000 | 0x01580000 | 0x01707fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000001710000 | 0x01710000 | 0x01890fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000000018e0000 | 0x018e0000 | 0x018effff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000000018f0000 | 0x018f0000 | 0x02ceffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000002cf0000 | 0x02cf0000 | 0x02da7fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000002db0000 | 0x02db0000 | 0x02eaffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002eb0000 | 0x02eb0000 | 0x02ebffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000002ec0000 | 0x02ec0000 | 0x03083fff | Pagefile Backed Memory | rwx |
|
|
|
- |
| wow64cpu.dll | 0x64ae0000 | 0x64ae7fff | Memory Mapped File | rwx |
|
|
|
- |
| wow64win.dll | 0x64af0000 | 0x64b62fff | Memory Mapped File | rwx |
|
|
|
- |
| wow64.dll | 0x64b70000 | 0x64bbefff | Memory Mapped File | rwx |
|
|
|
- |
| dwmapi.dll | 0x74c00000 | 0x74c1cfff | Memory Mapped File | rwx |
|
|
|
- |
| uxtheme.dll | 0x74c20000 | 0x74c94fff | Memory Mapped File | rwx |
|
|
|
- |
| apphelp.dll | 0x74ca0000 | 0x74d30fff | Memory Mapped File | rwx |
|
|
|
- |
| bcryptprimitives.dll | 0x74d40000 | 0x74d98fff | Memory Mapped File | rwx |
|
|
|
- |
| cryptbase.dll | 0x74da0000 | 0x74da9fff | Memory Mapped File | rwx |
|
|
|
- |
| sspicli.dll | 0x74db0000 | 0x74dcdfff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x74e70000 | 0x74fe5fff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x75260000 | 0x7534ffff | Memory Mapped File | rwx |
|
|
|
- |
| imm32.dll | 0x75400000 | 0x7542afff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x76c40000 | 0x76c82fff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x76d90000 | 0x76e3bfff | Memory Mapped File | rwx |
|
|
|
- |
| combase.dll | 0x76e40000 | 0x76ff9fff | Memory Mapped File | rwx |
|
|
|
- |
| gdi32.dll | 0x77000000 | 0x7714cfff | Memory Mapped File | rwx |
|
|
|
- |
| user32.dll | 0x77150000 | 0x7728ffff | Memory Mapped File | rwx |
|
|
|
- |
| msctf.dll | 0x778d0000 | 0x779effff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x779f0000 | 0x77aadfff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x77ca0000 | 0x77e18fff | Memory Mapped File | rwx |
|
|
|
- |
| pagefile_0x000000007ec70000 | 0x7ec70000 | 0x7ed6ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000007ed70000 | 0x7ed70000 | 0x7ed92fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000007ed93000 | 0x7ed93000 | 0x7ed95fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007ed99000 | 0x7ed99000 | 0x7ed9bfff | Private Memory | rw |
|
|
|
- |
| private_0x000000007ed9c000 | 0x7ed9c000 | 0x7ed9cfff | Private Memory | rw |
|
|
|
- |
| private_0x000000007ed9f000 | 0x7ed9f000 | 0x7ed9ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x000000007fff0000 | 0x7fff0000 | 0x7ff8ee37ffff | Private Memory | r |
|
|
|
- |
| ntdll.dll | 0x7ff8ee380000 | 0x7ff8ee541fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x00007ff8ee542000 | 0x7ff8ee542000 | 0x7ffffffeffff | Private Memory | r |
|
|
|
- |
Injection Information
| Injection Type | Source Process | Source Os Thread ID | Information | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | #3: c:\windows\syswow64\explorer.exe | 0x9e4 | address = 0x2ec0000, size = 1851392 |
|
1 | |
| Modify Memory | #3: c:\windows\syswow64\explorer.exe | 0x9e4 | address = 0x30820c7, size = 58 |
|
1 | |
| Modify Memory | #3: c:\windows\syswow64\explorer.exe | 0x9e4 | address = 0x77cdc700, size = 6 |
|
1 |
Process #20: matching.exe
0
0
| Information | Value |
|---|---|
| ID | #20 |
| File Name | c:\program files\common files\matching.exe |
| Command Line | "C:\Program Files\Common Files\matching.exe" |
| Initial Working Directory | C:\Program Files\Common Files\ |
| Monitor | Start Time: 00:02:22, Reason: Injection |
| Unmonitor | End Time: 00:03:06, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:44 |
| Remark | No high level activity detected in monitored regions |
| Remark | This is a randomly generated process started by the VMRay Analyzer prior to the sample analysis. |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xb84 |
| Parent PID | 0x508 (c:\windows\explorer.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
78C
0x
91C
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| matching.exe | 0x00850000 | 0x00866fff | Memory Mapped File | rwx |
|
|
|
- |
| pagefile_0x0000000000c60000 | 0x00c60000 | 0x00c6ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000000000c70000 | 0x00c70000 | 0x00c73fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000c80000 | 0x00c80000 | 0x00c80fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000c90000 | 0x00c90000 | 0x00ca3fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000000cb0000 | 0x00cb0000 | 0x00ceffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000cf0000 | 0x00cf0000 | 0x00deffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000df0000 | 0x00df0000 | 0x00df3fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000e00000 | 0x00e00000 | 0x00e00fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000000e10000 | 0x00e10000 | 0x00e11fff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x00e20000 | 0x00eddfff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000000ee0000 | 0x00ee0000 | 0x00eeffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000f30000 | 0x00f30000 | 0x00f30fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000f40000 | 0x00f40000 | 0x00f43fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000000f70000 | 0x00f70000 | 0x0106ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000001170000 | 0x01170000 | 0x012f7fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000001300000 | 0x01300000 | 0x0133ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000001340000 | 0x01340000 | 0x0134ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000001380000 | 0x01380000 | 0x0138ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000001390000 | 0x01390000 | 0x01510fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000001520000 | 0x01520000 | 0x0291ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000002920000 | 0x02920000 | 0x029d7fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000000029e0000 | 0x029e0000 | 0x02adffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000002ae0000 | 0x02ae0000 | 0x02ca3fff | Pagefile Backed Memory | rwx |
|
|
|
- |
| wow64cpu.dll | 0x64ae0000 | 0x64ae7fff | Memory Mapped File | rwx |
|
|
|
- |
| wow64win.dll | 0x64af0000 | 0x64b62fff | Memory Mapped File | rwx |
|
|
|
- |
| wow64.dll | 0x64b70000 | 0x64bbefff | Memory Mapped File | rwx |
|
|
|
- |
| dwmapi.dll | 0x74c00000 | 0x74c1cfff | Memory Mapped File | rwx |
|
|
|
- |
| uxtheme.dll | 0x74c20000 | 0x74c94fff | Memory Mapped File | rwx |
|
|
|
- |
| apphelp.dll | 0x74ca0000 | 0x74d30fff | Memory Mapped File | rwx |
|
|
|
- |
| bcryptprimitives.dll | 0x74d40000 | 0x74d98fff | Memory Mapped File | rwx |
|
|
|
- |
| cryptbase.dll | 0x74da0000 | 0x74da9fff | Memory Mapped File | rwx |
|
|
|
- |
| sspicli.dll | 0x74db0000 | 0x74dcdfff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x74e70000 | 0x74fe5fff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x75260000 | 0x7534ffff | Memory Mapped File | rwx |
|
|
|
- |
| imm32.dll | 0x75400000 | 0x7542afff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x76c40000 | 0x76c82fff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x76d90000 | 0x76e3bfff | Memory Mapped File | rwx |
|
|
|
- |
| combase.dll | 0x76e40000 | 0x76ff9fff | Memory Mapped File | rwx |
|
|
|
- |
| gdi32.dll | 0x77000000 | 0x7714cfff | Memory Mapped File | rwx |
|
|
|
- |
| user32.dll | 0x77150000 | 0x7728ffff | Memory Mapped File | rwx |
|
|
|
- |
| msctf.dll | 0x778d0000 | 0x779effff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x779f0000 | 0x77aadfff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x77ca0000 | 0x77e18fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x000000007ecad000 | 0x7ecad000 | 0x7ecaffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000007ecb0000 | 0x7ecb0000 | 0x7edaffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000007edb0000 | 0x7edb0000 | 0x7edd2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000007edd8000 | 0x7edd8000 | 0x7edd8fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007eddb000 | 0x7eddb000 | 0x7eddbfff | Private Memory | rw |
|
|
|
- |
| private_0x000000007eddd000 | 0x7eddd000 | 0x7eddffff | Private Memory | rw |
|
|
|
- |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x000000007fff0000 | 0x7fff0000 | 0x7ff8ee37ffff | Private Memory | r |
|
|
|
- |
| ntdll.dll | 0x7ff8ee380000 | 0x7ff8ee541fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x00007ff8ee542000 | 0x7ff8ee542000 | 0x7ffffffeffff | Private Memory | r |
|
|
|
- |
Injection Information
| Injection Type | Source Process | Source Os Thread ID | Information | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | #3: c:\windows\syswow64\explorer.exe | 0x9e4 | address = 0x2ae0000, size = 1851392 |
|
1 | |
| Modify Memory | #3: c:\windows\syswow64\explorer.exe | 0x9e4 | address = 0x2ca20c7, size = 58 |
|
1 | |
| Modify Memory | #3: c:\windows\syswow64\explorer.exe | 0x9e4 | address = 0x77cdc700, size = 6 |
|
1 |
Process #21: readingsunto.exe
0
0
| Information | Value |
|---|---|
| ID | #21 |
| File Name | c:\program files\uninstall information\readingsunto.exe |
| Command Line | "C:\Program Files\Uninstall Information\readingsunto.exe" |
| Initial Working Directory | C:\Program Files\Uninstall Information\ |
| Monitor | Start Time: 00:02:22, Reason: Injection |
| Unmonitor | End Time: 00:03:06, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:44 |
| Remark | No high level activity detected in monitored regions |
| Remark | This is a randomly generated process started by the VMRay Analyzer prior to the sample analysis. |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xa1c |
| Parent PID | 0x508 (c:\windows\explorer.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
5C8
0x
8C8
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| readingsunto.exe | 0x00360000 | 0x00376fff | Memory Mapped File | rwx |
|
|
|
- |
| pagefile_0x0000000000840000 | 0x00840000 | 0x0084ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000000000850000 | 0x00850000 | 0x00853fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000860000 | 0x00860000 | 0x00860fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000870000 | 0x00870000 | 0x00883fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000000890000 | 0x00890000 | 0x008cffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000008d0000 | 0x008d0000 | 0x009cffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000000009d0000 | 0x009d0000 | 0x009d3fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000000009e0000 | 0x009e0000 | 0x009e0fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000000009f0000 | 0x009f0000 | 0x009f1fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000a40000 | 0x00a40000 | 0x00a40fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000a50000 | 0x00a50000 | 0x00b4ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000b50000 | 0x00b50000 | 0x00b5ffff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x00b60000 | 0x00c1dfff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x0000000000d20000 | 0x00d20000 | 0x00ea7fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000eb0000 | 0x00eb0000 | 0x00eb3fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000000ec0000 | 0x00ec0000 | 0x00efffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000f50000 | 0x00f50000 | 0x00f5ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000f60000 | 0x00f60000 | 0x010e0fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000000010f0000 | 0x010f0000 | 0x024effff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000000024f0000 | 0x024f0000 | 0x025a7fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000000025b0000 | 0x025b0000 | 0x026affff | Private Memory | rw |
|
|
|
- |
| private_0x00000000026d0000 | 0x026d0000 | 0x026dffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000000026e0000 | 0x026e0000 | 0x028a3fff | Pagefile Backed Memory | rwx |
|
|
|
- |
| wow64cpu.dll | 0x64ae0000 | 0x64ae7fff | Memory Mapped File | rwx |
|
|
|
- |
| wow64win.dll | 0x64af0000 | 0x64b62fff | Memory Mapped File | rwx |
|
|
|
- |
| wow64.dll | 0x64b70000 | 0x64bbefff | Memory Mapped File | rwx |
|
|
|
- |
| dwmapi.dll | 0x74c00000 | 0x74c1cfff | Memory Mapped File | rwx |
|
|
|
- |
| uxtheme.dll | 0x74c20000 | 0x74c94fff | Memory Mapped File | rwx |
|
|
|
- |
| apphelp.dll | 0x74ca0000 | 0x74d30fff | Memory Mapped File | rwx |
|
|
|
- |
| bcryptprimitives.dll | 0x74d40000 | 0x74d98fff | Memory Mapped File | rwx |
|
|
|
- |
| cryptbase.dll | 0x74da0000 | 0x74da9fff | Memory Mapped File | rwx |
|
|
|
- |
| sspicli.dll | 0x74db0000 | 0x74dcdfff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x74e70000 | 0x74fe5fff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x75260000 | 0x7534ffff | Memory Mapped File | rwx |
|
|
|
- |
| imm32.dll | 0x75400000 | 0x7542afff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x76c40000 | 0x76c82fff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x76d90000 | 0x76e3bfff | Memory Mapped File | rwx |
|
|
|
- |
| combase.dll | 0x76e40000 | 0x76ff9fff | Memory Mapped File | rwx |
|
|
|
- |
| gdi32.dll | 0x77000000 | 0x7714cfff | Memory Mapped File | rwx |
|
|
|
- |
| user32.dll | 0x77150000 | 0x7728ffff | Memory Mapped File | rwx |
|
|
|
- |
| msctf.dll | 0x778d0000 | 0x779effff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x779f0000 | 0x77aadfff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x77ca0000 | 0x77e18fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x000000007ed9d000 | 0x7ed9d000 | 0x7ed9ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000007eda0000 | 0x7eda0000 | 0x7ee9ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000007eea0000 | 0x7eea0000 | 0x7eec2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000007eec5000 | 0x7eec5000 | 0x7eec5fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007eec7000 | 0x7eec7000 | 0x7eec7fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007eecd000 | 0x7eecd000 | 0x7eecffff | Private Memory | rw |
|
|
|
- |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x000000007fff0000 | 0x7fff0000 | 0x7ff8ee37ffff | Private Memory | r |
|
|
|
- |
| ntdll.dll | 0x7ff8ee380000 | 0x7ff8ee541fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x00007ff8ee542000 | 0x7ff8ee542000 | 0x7ffffffeffff | Private Memory | r |
|
|
|
- |
Injection Information
| Injection Type | Source Process | Source Os Thread ID | Information | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | #3: c:\windows\syswow64\explorer.exe | 0x9e4 | address = 0x26e0000, size = 1851392 |
|
1 | |
| Modify Memory | #3: c:\windows\syswow64\explorer.exe | 0x9e4 | address = 0x28a20c7, size = 58 |
|
1 | |
| Modify Memory | #3: c:\windows\syswow64\explorer.exe | 0x9e4 | address = 0x77cdc700, size = 6 |
|
1 |
Process #22: colininstallations.exe
0
0
| Information | Value |
|---|---|
| ID | #22 |
| File Name | c:\program files (x86)\microsoft.net\colininstallations.exe |
| Command Line | "C:\Program Files (x86)\Microsoft.NET\colininstallations.exe" |
| Initial Working Directory | C:\Program Files (x86)\Microsoft.NET\ |
| Monitor | Start Time: 00:02:22, Reason: Injection |
| Unmonitor | End Time: 00:03:06, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:44 |
| Remark | No high level activity detected in monitored regions |
| Remark | This is a randomly generated process started by the VMRay Analyzer prior to the sample analysis. |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xa6c |
| Parent PID | 0x508 (c:\windows\explorer.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
AB0
0x
380
0x
988
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| pagefile_0x0000000000830000 | 0x00830000 | 0x0083ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000000000840000 | 0x00840000 | 0x00843fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000850000 | 0x00850000 | 0x00850fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000860000 | 0x00860000 | 0x00873fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000000880000 | 0x00880000 | 0x008bffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000008c0000 | 0x008c0000 | 0x009bffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000000009c0000 | 0x009c0000 | 0x009c3fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000000009d0000 | 0x009d0000 | 0x009d0fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000000009e0000 | 0x009e0000 | 0x009e1fff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x009f0000 | 0x00aadfff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000000af0000 | 0x00af0000 | 0x00af0fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000b00000 | 0x00b00000 | 0x00b0ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000c10000 | 0x00c10000 | 0x00c13fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000c20000 | 0x00c20000 | 0x00c24fff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000000000c30000 | 0x00c30000 | 0x00c33fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000c40000 | 0x00c40000 | 0x00c4ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000c50000 | 0x00c50000 | 0x00c8ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000c90000 | 0x00c90000 | 0x00d8ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000d90000 | 0x00d90000 | 0x00f17fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000f20000 | 0x00f20000 | 0x00fd7fff | Pagefile Backed Memory | r |
|
|
|
- |
| colininstallations.exe | 0x00fe0000 | 0x00ff6fff | Memory Mapped File | rwx |
|
|
|
- |
| pagefile_0x0000000001000000 | 0x01000000 | 0x01180fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000000011f0000 | 0x011f0000 | 0x011fffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000001200000 | 0x01200000 | 0x025fffff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000002600000 | 0x02600000 | 0x026fffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000002700000 | 0x02700000 | 0x028c3fff | Pagefile Backed Memory | rwx |
|
|
|
- |
| wow64cpu.dll | 0x64ae0000 | 0x64ae7fff | Memory Mapped File | rwx |
|
|
|
- |
| wow64win.dll | 0x64af0000 | 0x64b62fff | Memory Mapped File | rwx |
|
|
|
- |
| wow64.dll | 0x64b70000 | 0x64bbefff | Memory Mapped File | rwx |
|
|
|
- |
| dwmapi.dll | 0x74c00000 | 0x74c1cfff | Memory Mapped File | rwx |
|
|
|
- |
| uxtheme.dll | 0x74c20000 | 0x74c94fff | Memory Mapped File | rwx |
|
|
|
- |
| apphelp.dll | 0x74ca0000 | 0x74d30fff | Memory Mapped File | rwx |
|
|
|
- |
| bcryptprimitives.dll | 0x74d40000 | 0x74d98fff | Memory Mapped File | rwx |
|
|
|
- |
| cryptbase.dll | 0x74da0000 | 0x74da9fff | Memory Mapped File | rwx |
|
|
|
- |
| sspicli.dll | 0x74db0000 | 0x74dcdfff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x74e70000 | 0x74fe5fff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x75260000 | 0x7534ffff | Memory Mapped File | rwx |
|
|
|
- |
| imm32.dll | 0x75400000 | 0x7542afff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x76c40000 | 0x76c82fff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x76d90000 | 0x76e3bfff | Memory Mapped File | rwx |
|
|
|
- |
| combase.dll | 0x76e40000 | 0x76ff9fff | Memory Mapped File | rwx |
|
|
|
- |
| gdi32.dll | 0x77000000 | 0x7714cfff | Memory Mapped File | rwx |
|
|
|
- |
| user32.dll | 0x77150000 | 0x7728ffff | Memory Mapped File | rwx |
|
|
|
- |
| msctf.dll | 0x778d0000 | 0x779effff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x779f0000 | 0x77aadfff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x77ca0000 | 0x77e18fff | Memory Mapped File | rwx |
|
|
|
- |
| pagefile_0x000000007ee40000 | 0x7ee40000 | 0x7ef3ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000007ef40000 | 0x7ef40000 | 0x7ef62fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000007ef64000 | 0x7ef64000 | 0x7ef64fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007ef65000 | 0x7ef65000 | 0x7ef65fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007ef67000 | 0x7ef67000 | 0x7ef69fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007ef6d000 | 0x7ef6d000 | 0x7ef6ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x000000007fff0000 | 0x7fff0000 | 0x7ff8ee37ffff | Private Memory | r |
|
|
|
- |
| ntdll.dll | 0x7ff8ee380000 | 0x7ff8ee541fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x00007ff8ee542000 | 0x7ff8ee542000 | 0x7ffffffeffff | Private Memory | r |
|
|
|
- |
Injection Information
| Injection Type | Source Process | Source Os Thread ID | Information | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | #3: c:\windows\syswow64\explorer.exe | 0x9e4 | address = 0x2700000, size = 1851392 |
|
1 | |
| Modify Memory | #3: c:\windows\syswow64\explorer.exe | 0x9e4 | address = 0x28c20c7, size = 58 |
|
1 | |
| Modify Memory | #3: c:\windows\syswow64\explorer.exe | 0x9e4 | address = 0x77cdc700, size = 6 |
|
1 |
