c71c3662a7ebba5fdd0d804fe9ff864789fa08e8286352c21b339b9db2c3db81 (SHA256)
p.exe
Windows Exe (x86-32)
Created at 2018-09-11 15:34:00
Monitored Processes
Behavior Information - Grouped by Category
Process #1: p.exe
2390
0
| Information | Value |
|---|---|
| ID | #1 |
| File Name | c:\users\nd9e1fyi\desktop\p.exe |
| Command Line | "C:\Users\Nd9E1FYi\Desktop\p.exe" |
| Initial Working Directory | C:\Users\Nd9E1FYi\Desktop\ |
| Monitor | Start Time: 00:00:20, Reason: Analysis Target |
| Unmonitor | End Time: 00:00:43, Reason: Self Terminated |
| Monitor Duration | 00:00:23 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xad4 |
| Parent PID | 0x7d4 (c:\windows\explorer.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | X2VS1CUM\Nd9E1FYi |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
C58
0x
844
0x
CA8
0x
DFC
0x
DF0
0x
A64
0x
F98
0x
FE0
0x
C14
0x
E98
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000000000020000 | 0x00020000 | 0x00023fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000030000 | 0x00030000 | 0x00030fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000040000 | 0x00040000 | 0x00054fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000000060000 | 0x00060000 | 0x0009ffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000000a0000 | 0x000a0000 | 0x0019ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000000001a0000 | 0x001a0000 | 0x001a3fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000000001b0000 | 0x001b0000 | 0x001b1fff | Private Memory | rw |
|
|
|
- |
| private_0x00000000001c0000 | 0x001c0000 | 0x001fffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000200000 | 0x00200000 | 0x003fffff | Private Memory | rw |
|
|
|
- |
| p.exe | 0x00400000 | 0x00415fff | Memory Mapped File | rwx |
|
|
|
|
| private_0x0000000000420000 | 0x00420000 | 0x0045ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000460000 | 0x00460000 | 0x00460fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000470000 | 0x00470000 | 0x00471fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000480000 | 0x00480000 | 0x00480fff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x0000000000490000 | 0x00490000 | 0x00490fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000000004a0000 | 0x004a0000 | 0x004a0fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000000004b0000 | 0x004b0000 | 0x004b3fff | Private Memory | rw |
|
|
|
- |
| private_0x00000000004c0000 | 0x004c0000 | 0x004cffff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x004d0000 | 0x0058dfff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000000590000 | 0x00590000 | 0x0060ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000610000 | 0x00610000 | 0x00611fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000000620000 | 0x00620000 | 0x0062ffff | Private Memory | rw |
|
|
|
- |
| windowsshell.manifest | 0x00630000 | 0x00630fff | Memory Mapped File | r |
|
|
|
- |
| counters.dat | 0x00630000 | 0x00630fff | Memory Mapped File | rw |
|
|
|
- |
| private_0x0000000000640000 | 0x00640000 | 0x0073ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000740000 | 0x00740000 | 0x0083ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000840000 | 0x00840000 | 0x0093ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000940000 | 0x00940000 | 0x00ac7fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000ad0000 | 0x00ad0000 | 0x00c50fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000c60000 | 0x00c60000 | 0x0205ffff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000002060000 | 0x02060000 | 0x020fffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000002060000 | 0x02060000 | 0x02061fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000002070000 | 0x02070000 | 0x020affff | Private Memory | rw |
|
|
|
- |
| private_0x00000000020b0000 | 0x020b0000 | 0x020effff | Private Memory | rw |
|
|
|
- |
| private_0x00000000020f0000 | 0x020f0000 | 0x020fffff | Private Memory | rw |
|
|
|
- |
| sortdefault.nls | 0x02100000 | 0x02436fff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000002440000 | 0x02440000 | 0x02540fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002440000 | 0x02440000 | 0x0253ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002540000 | 0x02540000 | 0x0263ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002640000 | 0x02640000 | 0x0267ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002680000 | 0x02680000 | 0x0277ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002780000 | 0x02780000 | 0x027bffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000027c0000 | 0x027c0000 | 0x028bffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000028c0000 | 0x028c0000 | 0x028fffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002900000 | 0x02900000 | 0x029fffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002a00000 | 0x02a00000 | 0x02a3ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002a40000 | 0x02a40000 | 0x02b3ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000002b40000 | 0x02b40000 | 0x02b4ffff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000002b50000 | 0x02b50000 | 0x02b8ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002b90000 | 0x02b90000 | 0x02c8ffff | Private Memory | rw |
|
|
|
- |
| wow64cpu.dll | 0x6e310000 | 0x6e317fff | Memory Mapped File | rwx |
|
|
|
- |
| wow64.dll | 0x6e320000 | 0x6e36ffff | Memory Mapped File | rwx |
|
|
|
- |
| wow64win.dll | 0x6e370000 | 0x6e3e9fff | Memory Mapped File | rwx |
|
|
|
- |
| samlib.dll | 0x6f2d0000 | 0x6f2e2fff | Memory Mapped File | rwx |
|
|
|
- |
| mlang.dll | 0x6f2f0000 | 0x6f322fff | Memory Mapped File | rwx |
|
|
|
- |
| secur32.dll | 0x6f330000 | 0x6f339fff | Memory Mapped File | rwx |
|
|
|
- |
| comctl32.dll | 0x6f340000 | 0x6f54efff | Memory Mapped File | rwx |
|
|
|
- |
| ieframe.dll | 0x6f550000 | 0x700e8fff | Memory Mapped File | rwx |
|
|
|
- |
| pstorec.dll | 0x700f0000 | 0x700f7fff | Memory Mapped File | rwx |
|
|
|
- |
| msi.dll | 0x70100000 | 0x70488fff | Memory Mapped File | rwx |
|
|
|
- |
| samcli.dll | 0x70490000 | 0x704a4fff | Memory Mapped File | rwx |
|
|
|
- |
| netutils.dll | 0x704b0000 | 0x704b9fff | Memory Mapped File | rwx |
|
|
|
- |
| wsock32.dll | 0x704c0000 | 0x704c7fff | Memory Mapped File | rwx |
|
|
|
- |
| userenv.dll | 0x70b60000 | 0x70b78fff | Memory Mapped File | rwx |
|
|
|
- |
| uxtheme.dll | 0x70bf0000 | 0x70c64fff | Memory Mapped File | rwx |
|
|
|
- |
| wininet.dll | 0x70d50000 | 0x70f5cfff | Memory Mapped File | rwx |
|
|
|
- |
| iertutil.dll | 0x726a0000 | 0x7296afff | Memory Mapped File | rwx |
|
|
|
- |
| propsys.dll | 0x72ad0000 | 0x72c1afff | Memory Mapped File | rwx |
|
|
|
- |
| bcrypt.dll | 0x747e0000 | 0x747fafff | Memory Mapped File | rwx |
|
|
|
- |
| apphelp.dll | 0x74a90000 | 0x74b21fff | Memory Mapped File | rwx |
|
|
|
- |
| cryptbase.dll | 0x74b30000 | 0x74b39fff | Memory Mapped File | rwx |
|
|
|
- |
| sspicli.dll | 0x74b40000 | 0x74b5dfff | Memory Mapped File | rwx |
|
|
|
- |
| windows.storage.dll | 0x74b60000 | 0x75058fff | Memory Mapped File | rwx |
|
|
|
- |
| advapi32.dll | 0x75070000 | 0x750eafff | Memory Mapped File | rwx |
|
|
|
- |
| oleaut32.dll | 0x75210000 | 0x752a1fff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x75310000 | 0x7548dfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel.appcore.dll | 0x754f0000 | 0x754fbfff | Memory Mapped File | rwx |
|
|
|
- |
| imm32.dll | 0x75500000 | 0x7552afff | Memory Mapped File | rwx |
|
|
|
- |
| shlwapi.dll | 0x75540000 | 0x75584fff | Memory Mapped File | rwx |
|
|
|
- |
| netapi32.dll | 0x756b0000 | 0x756c2fff | Memory Mapped File | rwx |
|
|
|
- |
| msasn1.dll | 0x756d0000 | 0x756ddfff | Memory Mapped File | rwx |
|
|
|
- |
| shell32.dll | 0x756f0000 | 0x76aeefff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x76c60000 | 0x76ca3fff | Memory Mapped File | rwx |
|
|
|
- |
| ole32.dll | 0x76d10000 | 0x76dfafff | Memory Mapped File | rwx |
|
|
|
- |
| crypt32.dll | 0x76e00000 | 0x76f77fff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x76f80000 | 0x7702cfff | Memory Mapped File | rwx |
|
|
|
- |
| profapi.dll | 0x77030000 | 0x7703efff | Memory Mapped File | rwx |
|
|
|
- |
| gdi32.dll | 0x77040000 | 0x7718efff | Memory Mapped File | rwx |
|
|
|
- |
| combase.dll | 0x77230000 | 0x773ecfff | Memory Mapped File | rwx |
|
|
|
- |
| cfgmgr32.dll | 0x773f0000 | 0x77426fff | Memory Mapped File | rwx |
|
|
|
- |
| clbcatq.dll | 0x77840000 | 0x778c3fff | Memory Mapped File | rwx |
|
|
|
- |
| ws2_32.dll | 0x77930000 | 0x7798efff | Memory Mapped File | rwx |
|
|
|
- |
| shcore.dll | 0x779e0000 | 0x77a6cfff | Memory Mapped File | rwx |
|
|
|
- |
| bcryptprimitives.dll | 0x77a70000 | 0x77ac7fff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x77ad0000 | 0x77baffff | Memory Mapped File | rwx |
|
|
|
- |
| user32.dll | 0x77bb0000 | 0x77cf6fff | Memory Mapped File | rwx |
|
|
|
- |
| powrprof.dll | 0x77d00000 | 0x77d43fff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x77d50000 | 0x77e0dfff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x77e10000 | 0x77f8afff | Memory Mapped File | rwx |
|
|
|
- |
| pagefile_0x000000007feb0000 | 0x7feb0000 | 0x7ffaffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000007ffb0000 | 0x7ffb0000 | 0x7ffd2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x000000007fff0000 | 0x7fff0000 | 0x7ff91873ffff | Private Memory | r |
|
|
|
- |
| ntdll.dll | 0x7ff918740000 | 0x7ff918900fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x00007ff918901000 | 0x7ff918901000 | 0x7ffffffeffff | Private Memory | r |
|
|
|
- |
Host Behavior
COM (1)
| Operation | Class | Interface | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Create | 3C374A40-BAE4-11CF-BF7D-00AA006946EE | 3C374A41-BAE4-11CF-BF7D-00AA006946EE | cls_context = CLSCTX_INPROC_SERVER, CLSCTX_LOCAL_SERVER |
|
1 |
File (106)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Users\Nd9E1FYi\AppData\Local\Temp\HWID | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Windows\wcx_ftp.ini | desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Create | C:\Users\Nd9E1FYi\wcx_ftp.ini | desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Create | C:\Users\Nd9E1FYi\AppData\Roaming\GHISLER\wcx_ftp.ini | desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Create | C:\ProgramData\GHISLER\wcx_ftp.ini | desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Create | C:\Users\Nd9E1FYi\AppData\Local\GHISLER\wcx_ftp.ini | desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Create | C:\Users\Nd9E1FYi\AppData\Roaming\GlobalSCAPE\CuteFTP\sm.dat | desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Create | C:\Users\Nd9E1FYi\AppData\Roaming\GlobalSCAPE\CuteFTP Pro\sm.dat | desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Create | C:\Users\Nd9E1FYi\AppData\Roaming\GlobalSCAPE\CuteFTP Lite\sm.dat | desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Create | C:\Users\Nd9E1FYi\AppData\Roaming\CuteFTP\sm.dat | desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Create | C:\ProgramData\GlobalSCAPE\CuteFTP\sm.dat | desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Create | C:\ProgramData\GlobalSCAPE\CuteFTP Pro\sm.dat | desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Create | C:\ProgramData\GlobalSCAPE\CuteFTP Lite\sm.dat | desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Create | C:\ProgramData\CuteFTP\sm.dat | desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Create | C:\Users\Nd9E1FYi\AppData\Local\GlobalSCAPE\CuteFTP\sm.dat | desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Create | C:\Users\Nd9E1FYi\AppData\Local\GlobalSCAPE\CuteFTP Pro\sm.dat | desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Create | C:\Users\Nd9E1FYi\AppData\Local\GlobalSCAPE\CuteFTP Lite\sm.dat | desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Create | C:\Users\Nd9E1FYi\AppData\Local\CuteFTP\sm.dat | desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Create | C:\Program Files (x86)\GlobalSCAPE\CuteFTP\sm.dat | desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Create | C:\Program Files (x86)\GlobalSCAPE\CuteFTP Pro\sm.dat | desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Create | C:\Program Files (x86)\GlobalSCAPE\CuteFTP Lite\sm.dat | desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Create | C:\Program Files (x86)\CuteFTP\sm.dat | desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Create | C:\Users\Nd9E1FYi\AppData\Roaming\FlashFXP\3\Sites.dat | desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Create | C:\Users\Nd9E1FYi\AppData\Roaming\FlashFXP\4\Sites.dat | desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Create | C:\Users\Nd9E1FYi\AppData\Roaming\FlashFXP\3\Quick.dat | desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Create | C:\Users\Nd9E1FYi\AppData\Roaming\FlashFXP\4\Quick.dat | desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Create | C:\Users\Nd9E1FYi\AppData\Roaming\FlashFXP\3\History.dat | desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Create | C:\Users\Nd9E1FYi\AppData\Roaming\FlashFXP\4\History.dat | desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Create | C:\ProgramData\FlashFXP\3\Sites.dat | desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Create | C:\ProgramData\FlashFXP\4\Sites.dat | desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Create | C:\ProgramData\FlashFXP\3\Quick.dat | desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Create | C:\ProgramData\FlashFXP\4\Quick.dat | desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Create | C:\ProgramData\FlashFXP\3\History.dat | desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Create | C:\ProgramData\FlashFXP\4\History.dat | desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Create | C:\Users\Nd9E1FYi\AppData\Local\FlashFXP\3\Sites.dat | desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Create | C:\Users\Nd9E1FYi\AppData\Local\FlashFXP\4\Sites.dat | desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Create | C:\Users\Nd9E1FYi\AppData\Local\FlashFXP\3\Quick.dat | desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Create | C:\Users\Nd9E1FYi\AppData\Local\FlashFXP\4\Quick.dat | desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Create | C:\Users\Nd9E1FYi\AppData\Local\FlashFXP\3\History.dat | desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Create | C:\Users\Nd9E1FYi\AppData\Local\FlashFXP\4\History.dat | desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Create | C:\Users\Nd9E1FYi\AppData\Roaming\FileZilla\sitemanager.xml | desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Create | C:\Users\Nd9E1FYi\AppData\Roaming\FileZilla\recentservers.xml | desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Create | C:\Users\Nd9E1FYi\AppData\Roaming\FileZilla\filezilla.xml | desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Create | C:\ProgramData\FileZilla\sitemanager.xml | desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Create | C:\ProgramData\FileZilla\recentservers.xml | desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Create | C:\ProgramData\FileZilla\filezilla.xml | desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Create | C:\Users\Nd9E1FYi\AppData\Local\FileZilla\sitemanager.xml | desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Create | C:\Users\Nd9E1FYi\AppData\Local\FileZilla\recentservers.xml | desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Create | C:\Users\Nd9E1FYi\AppData\Local\FileZilla\filezilla.xml | desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Create | C:\Users\Nd9E1FYi\AppData\Roaming\ExpanDrive\drives.js | desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Create | C:\Users\Nd9E1FYi\AppData\Local\ExpanDrive\drives.js | desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Create | C:\ProgramData\ExpanDrive\drives.js | desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Create | C:\Users\Nd9E1FYi\AppData\Roaming\SharedSettings.ccs | desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Create | C:\Users\Nd9E1FYi\AppData\Roaming\SharedSettings.sqlite | desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Create | C:\Users\Nd9E1FYi\AppData\Roaming\SharedSettings_1_0_5.ccs | desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Create | C:\Users\Nd9E1FYi\AppData\Roaming\SharedSettings_1_0_5.sqlite | desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Create | C:\ProgramData\SharedSettings.ccs | desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Create | C:\ProgramData\SharedSettings.sqlite | desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Create | C:\ProgramData\SharedSettings_1_0_5.ccs | desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Create | C:\ProgramData\SharedSettings_1_0_5.sqlite | desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Create | C:\Users\Nd9E1FYi\AppData\Local\SharedSettings.ccs | desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Create | C:\Users\Nd9E1FYi\AppData\Local\SharedSettings.sqlite | desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Create | C:\Users\Nd9E1FYi\AppData\Local\SharedSettings_1_0_5.ccs | desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Create | C:\Users\Nd9E1FYi\AppData\Local\SharedSettings_1_0_5.sqlite | desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Create | C:\Users\Nd9E1FYi\AppData\Roaming\CoffeeCup Software\SharedSettings.ccs | desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Create | C:\Users\Nd9E1FYi\AppData\Roaming\CoffeeCup Software\SharedSettings.sqlite | desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Create | C:\Users\Nd9E1FYi\AppData\Roaming\CoffeeCup Software\SharedSettings_1_0_5.ccs | desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Create | C:\Users\Nd9E1FYi\AppData\Roaming\CoffeeCup Software\SharedSettings_1_0_5.sqlite | desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Create | C:\ProgramData\CoffeeCup Software\SharedSettings.ccs | desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Create | C:\ProgramData\CoffeeCup Software\SharedSettings.sqlite | desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Create | C:\ProgramData\CoffeeCup Software\SharedSettings_1_0_5.ccs | desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Create | C:\ProgramData\CoffeeCup Software\SharedSettings_1_0_5.sqlite | desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Create | C:\Users\Nd9E1FYi\AppData\Local\CoffeeCup Software\SharedSettings.ccs | desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Create | C:\Users\Nd9E1FYi\AppData\Local\CoffeeCup Software\SharedSettings.sqlite | desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Create | C:\Users\Nd9E1FYi\AppData\Local\CoffeeCup Software\SharedSettings_1_0_5.ccs | desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Create | C:\Users\Nd9E1FYi\AppData\Local\CoffeeCup Software\SharedSettings_1_0_5.sqlite | desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Create | C:\Windows\32BitFtp.ini | desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Create | C:\Users\Nd9E1FYi\AppData\Local\Google\Chrome\User Data\Default\Web Data | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\Nd9E1FYi\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\Nd9E1FYi\AppData\Local\Google\Chrome\User Data\Default\Login Data | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\Nd9E1FYi\AppData\Local\Google\Chrome\User Data\Default\Login Data-journal | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Read | C:\Users\Nd9E1FYi\AppData\Local\Google\Chrome\User Data\Default\Web Data | size = 4096, size_out = 4096 |
|
16 | |
| Read | C:\Users\Nd9E1FYi\AppData\Local\Google\Chrome\User Data\Default\Web Data | size = 4096, size_out = 0 |
|
1 | |
| Read | C:\Users\Nd9E1FYi\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal | size = 4096, size_out = 0 |
|
1 | |
| Read | C:\Users\Nd9E1FYi\AppData\Local\Google\Chrome\User Data\Default\Login Data | size = 4096, size_out = 4096 |
|
4 | |
| Read | C:\Users\Nd9E1FYi\AppData\Local\Google\Chrome\User Data\Default\Login Data | size = 4096, size_out = 2048 |
|
1 | |
| Read | C:\Users\Nd9E1FYi\AppData\Local\Google\Chrome\User Data\Default\Login Data | size = 4096, size_out = 0 |
|
1 | |
| Read | C:\Users\Nd9E1FYi\AppData\Local\Google\Chrome\User Data\Default\Login Data-journal | size = 4096, size_out = 0 |
|
1 |
Registry (949)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create Key | HKEY_CURRENT_USER\Software\WinRAR | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook | - |
|
3 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager | - |
|
3 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx | - |
|
3 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DXM_Runtime | - |
|
3 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore | - |
|
3 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40 | - |
|
3 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data | - |
|
3 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX | - |
|
3 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData | - |
|
3 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack | - |
|
3 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MPlayer2 | - |
|
3 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent | - |
|
3 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIC | - |
|
3 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E} | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2151757 | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2151757 | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2467173 | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2467173 | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2524860 | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2524860 | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2544655 | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2544655 | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2549743 | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2549743 | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2565063 | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2565063 | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB982573 | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB982573 | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3c3aafc8-d898-43ec-998f-965ffdae065a} | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3D82C954-2957-418B-908F-FE78BF3A8BEB} | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10} | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10} | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{582EA838-9199-3518-A05C-DB09462F68EC} | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{68306422-7C57-373F-8860-D26CE4BA2A15} | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2} | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9BE518E6-ECC6-35A9-88E4-87755C07200F} | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-0804-1033-1959-001824214663} | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-0804-1033-1959-001824214663} | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-0804-1033-1959-001824237067} | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1033-7B44-AC0F074E4100} | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B175520C-86A2-35A7-8619-86DC379688B9} | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB} | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6} | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{e52a6842-b0ac-476e-b48f-378a97a67346} | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{e6e75766-da0f-4ba2-9788-6ea593ce702d} | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5} | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2151757 | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2151757 | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2467173 | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2467173 | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2524860 | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2524860 | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2544655 | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2544655 | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2549743 | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2549743 | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2565063 | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2565063 | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB982573 | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB982573 | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{f325f05b-f963-4640-a43b-c8a494cdda0f} | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185} | - |
|
2 | |
| Open Key | HKEY_CURRENT_USER\Software\WinRAR | - |
|
3 | |
| Open Key | HKEY_CURRENT_USER\Software\WinRAR | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Far\Plugins\FTP\Hosts | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Far2\Plugins\FTP\Hosts | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Far Manager\Plugins\FTP\Hosts | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Far\SavedDialogHistory\FTPHost | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Far2\SavedDialogHistory\FTPHost | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Far Manager\SavedDialogHistory\FTPHost | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Ghisler\Windows Commander | - |
|
21 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Ghisler\Windows Commander | - |
|
21 | |
| Open Key | HKEY_CURRENT_USER\Software\Ghisler\Total Commander | - |
|
21 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Ghisler\Total Commander | - |
|
21 | |
| Open Key | HKEY_CURRENT_USER\Software\GlobalSCAPE\CuteFTP 6 Home\QCToolbar | - |
|
3 | |
| Open Key | HKEY_CURRENT_USER\Software\GlobalSCAPE\CuteFTP 6 Professional\QCToolbar | - |
|
3 | |
| Open Key | HKEY_CURRENT_USER\Software\GlobalSCAPE\CuteFTP 7 Home\QCToolbar | - |
|
3 | |
| Open Key | HKEY_CURRENT_USER\Software\GlobalSCAPE\CuteFTP 7 Professional\QCToolbar | - |
|
3 | |
| Open Key | HKEY_CURRENT_USER\Software\GlobalSCAPE\CuteFTP 8 Home\QCToolbar | - |
|
3 | |
| Open Key | HKEY_CURRENT_USER\Software\GlobalSCAPE\CuteFTP 8 Professional\QCToolbar | - |
|
3 | |
| Open Key | HKEY_CURRENT_USER\Software\FlashFXP\3 | - |
|
9 | |
| Open Key | HKEY_CURRENT_USER\Software\FlashFXP | - |
|
3 | |
| Open Key | HKEY_CURRENT_USER\Software\FlashFXP\4 | - |
|
12 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\FlashFXP\3 | - |
|
9 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\FlashFXP | - |
|
3 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\FlashFXP\4 | - |
|
12 | |
| Open Key | HKEY_CURRENT_USER\Software\FileZilla | - |
|
58 | |
| Open Key | HKEY_CURRENT_USER\Software\FileZilla Client | - |
|
3 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\FileZilla | - |
|
3 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\FileZilla Client | - |
|
3 | |
| Open Key | HKEY_CURRENT_USER\Software\BPFTP\Bullet Proof FTP\Main | - |
|
3 | |
| Open Key | HKEY_CURRENT_USER\Software\BulletProof Software\BulletProof FTP Client\Main | - |
|
3 | |
| Open Key | HKEY_CURRENT_USER\Software\BPFTP\Bullet Proof FTP\Options | - |
|
3 | |
| Open Key | HKEY_CURRENT_USER\Software\BulletProof Software\BulletProof FTP Client\Options | - |
|
3 | |
| Open Key | HKEY_CURRENT_USER\Software\BPFTP | - |
|
3 | |
| Open Key | HKEY_CURRENT_USER\Software\TurboFTP | - |
|
6 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\TurboFTP | - |
|
6 | |
| Open Key | HKEY_CURRENT_USER\Software\Sota\FFFTP | - |
|
6 | |
| Open Key | HKEY_CURRENT_USER\Software\Sota\FFFTP\Options | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\CoffeeCup Software\Internet\Profiles | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\FTPWare\COREFTP\Sites | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\FTP Explorer\FTP Explorer\Workspace\MFCToolBar-224 | - |
|
3 | |
| Open Key | HKEY_CURRENT_USER\Software\FTP Explorer\Profiles | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\VanDyke\SecureFX | - |
|
3 | |
| Open Key | HKEY_CURRENT_USER\Software\Cryer\WebSitePublisher | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\ExpanDrive\Sessions | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\ExpanDrive | - |
|
3 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\NCH Software\ClassicFTP\FTPAccounts | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\NCH Software\ClassicFTP\FTPAccounts | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\SOFTWARE\NCH Software\Fling\Accounts | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\NCH Software\Fling\Accounts | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\FTPClient\Sites | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\FTPClient\Sites | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\SoftX.org\FTPClient\Sites | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\SoftX.org\FTPClient\Sites | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\SOFTWARE\LeapWare | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\LeapWare | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Martin Prikryl | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Martin Prikryl | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\South River Technologies\WebDrive\Connections | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\South River Technologies\WebDrive\Connections | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Opera Software | - |
|
6 | |
| Open Key | HKEY_CLASSES_ROOT\Opera.HTML\shell\open\command | - |
|
3 | |
| Open Key | HKEY_CURRENT_USER\Software\AceBIT | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\AceBIT | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{CB1F2C0F-8094-4AAC-BCF5-41A64E27F777} | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{9EA55529-E122-4757-BC79-E4825F80732C} | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Mozilla | - |
|
8 | |
| Open Key | HKEY_CURRENT_USER\Software\Mozilla\Firefox | - |
|
14 | |
| Open Key | HKEY_CURRENT_USER\Software\Mozilla\Firefox\TaskBarIDs | - |
|
14 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Mozilla | - |
|
9 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Mozilla | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\LeechFTP | - |
|
6 | |
| Open Key | HKEY_CLASSES_ROOT\CLSID\{11C1D741-A95B-11d2-8A80-0080ADB32FF4}\InProcServer32 | - |
|
3 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IntelliForms\Storage2 | - |
|
102 | |
| Open Key | HKEY_CURRENT_USER\Software\Adobe\Common | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\ChromePlus | - |
|
3 | |
| Open Key | HKEY_CURRENT_USER\Software\FlashPeak\BlazeFtp\Settings | - |
|
12 | |
| Open Key | HKEY_CLASSES_ROOT\FTP++.Link\shell\open\command | - |
|
3 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F9043C88-F6F2-101A-A3C9-08002B2F49FB}\1.2\0\win32 | - |
|
3 | |
| Open Key | HKEY_CURRENT_USER\SOFTWARE\Robo-FTP 3.7\FTPServers | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Robo-FTP 3.7\FTPServers | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\SOFTWARE\Robo-FTP 3.7\Scripts | - |
|
3 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Robo-FTP 3.7\Scripts | - |
|
3 | |
| Open Key | HKEY_CURRENT_USER\Software\LinasFTP\Site Manager | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\SimonTatham\PuTTY\Sessions | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\SimonTatham\PuTTY\Sessions | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\CoffeeCup Software | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\CoffeeCup Software | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\MAS-Soft\FTPInfo\Setup | - |
|
3 | |
| Open Key | HKEY_CURRENT_USER\Software\Nico Mak Computing\WinZip\FTP | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Nico Mak Computing\WinZip\FTP | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Nico Mak Computing\WinZip\mru\jobs | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Nico Mak Computing\WinZip\mru\jobs | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows Live Mail | - |
|
3 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows Mail | - |
|
3 | |
| Open Key | HKEY_CURRENT_USER\Software\RimArts\B2\Settings | - |
|
6 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\RimArts\B2\Settings | - |
|
6 | |
| Open Key | HKEY_CURRENT_USER\Software\Poco Systems Inc | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Poco Systems Inc | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\IncrediMail | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\IncrediMail | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\RIT\The Bat! | - |
|
6 | |
| Open Key | HKEY_CURRENT_USER\Software\RIT\The Bat!\Users depot | - |
|
6 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\RIT\The Bat! | - |
|
6 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\RIT\The Bat!\Users depot | - |
|
6 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Internet Account Manager\Accounts | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Identities | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Account Manager | - |
|
3 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Office\Outlook\OMI Account Manager\Accounts | - |
|
2 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Microsoft Outlook Internet Settings | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Mozilla | - |
|
2 | |
| Open Key | HKEY_CURRENT_USER\Software\Mozilla\Firefox | - |
|
2 | |
| Open Key | HKEY_CURRENT_USER\Software\Mozilla\Firefox\TaskBarIDs | - |
|
2 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook | value_name = UninstallString, type = REG_NONE |
|
3 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager | value_name = UninstallString, type = REG_NONE |
|
3 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx | value_name = UninstallString, type = REG_NONE |
|
3 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DXM_Runtime | value_name = UninstallString, type = REG_NONE |
|
3 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore | value_name = UninstallString, type = REG_NONE |
|
3 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome | value_name = UninstallString, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome | value_name = UninstallString, data = 34 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome | value_name = DisplayName, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome | value_name = DisplayName, data = 71 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40 | value_name = UninstallString, type = REG_NONE |
|
3 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data | value_name = UninstallString, type = REG_NONE |
|
3 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX | value_name = UninstallString, type = REG_NONE |
|
3 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData | value_name = UninstallString, type = REG_NONE |
|
3 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack | value_name = UninstallString, type = REG_NONE |
|
3 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MPlayer2 | value_name = UninstallString, type = REG_NONE |
|
3 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent | value_name = UninstallString, type = REG_NONE |
|
3 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIC | value_name = UninstallString, type = REG_NONE |
|
3 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E} | value_name = UninstallString, data = 0, type = REG_EXPAND_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E} | value_name = UninstallString, data = 77 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E} | value_name = DisplayName, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E} | value_name = DisplayName, data = 77 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2151757 | value_name = UninstallString, type = REG_NONE |
|
2 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2467173 | value_name = UninstallString, type = REG_NONE |
|
2 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2524860 | value_name = UninstallString, type = REG_NONE |
|
2 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2544655 | value_name = UninstallString, type = REG_NONE |
|
2 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2549743 | value_name = UninstallString, type = REG_NONE |
|
2 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2565063 | value_name = UninstallString, type = REG_NONE |
|
2 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB982573 | value_name = UninstallString, type = REG_NONE |
|
2 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} | value_name = UninstallString, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} | value_name = UninstallString, data = 34 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} | value_name = DisplayName, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} | value_name = DisplayName, data = 77 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3c3aafc8-d898-43ec-998f-965ffdae065a} | value_name = UninstallString, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3c3aafc8-d898-43ec-998f-965ffdae065a} | value_name = UninstallString, data = 34 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3c3aafc8-d898-43ec-998f-965ffdae065a} | value_name = DisplayName, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3c3aafc8-d898-43ec-998f-965ffdae065a} | value_name = DisplayName, data = 77 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3D82C954-2957-418B-908F-FE78BF3A8BEB} | value_name = UninstallString, data = 0, type = REG_EXPAND_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3D82C954-2957-418B-908F-FE78BF3A8BEB} | value_name = UninstallString, data = 77 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3D82C954-2957-418B-908F-FE78BF3A8BEB} | value_name = DisplayName, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3D82C954-2957-418B-908F-FE78BF3A8BEB} | value_name = DisplayName, data = 65 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10} | value_name = UninstallString, type = REG_NONE |
|
2 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{582EA838-9199-3518-A05C-DB09462F68EC} | value_name = UninstallString, data = 0, type = REG_EXPAND_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{582EA838-9199-3518-A05C-DB09462F68EC} | value_name = UninstallString, data = 77 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{582EA838-9199-3518-A05C-DB09462F68EC} | value_name = DisplayName, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{582EA838-9199-3518-A05C-DB09462F68EC} | value_name = DisplayName, data = 77 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{68306422-7C57-373F-8860-D26CE4BA2A15} | value_name = UninstallString, data = 0, type = REG_EXPAND_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{68306422-7C57-373F-8860-D26CE4BA2A15} | value_name = UninstallString, data = 77 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{68306422-7C57-373F-8860-D26CE4BA2A15} | value_name = DisplayName, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{68306422-7C57-373F-8860-D26CE4BA2A15} | value_name = DisplayName, data = 77 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2} | value_name = UninstallString, data = 0, type = REG_EXPAND_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2} | value_name = UninstallString, data = 77 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2} | value_name = DisplayName, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2} | value_name = DisplayName, data = 77 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9BE518E6-ECC6-35A9-88E4-87755C07200F} | value_name = UninstallString, data = 0, type = REG_EXPAND_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9BE518E6-ECC6-35A9-88E4-87755C07200F} | value_name = UninstallString, data = 77 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9BE518E6-ECC6-35A9-88E4-87755C07200F} | value_name = DisplayName, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9BE518E6-ECC6-35A9-88E4-87755C07200F} | value_name = DisplayName, data = 77 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-0804-1033-1959-001824214663} | value_name = UninstallString, type = REG_NONE |
|
2 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-0804-1033-1959-001824237067} | value_name = UninstallString, data = 0, type = REG_EXPAND_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-0804-1033-1959-001824237067} | value_name = UninstallString, data = 77 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-0804-1033-1959-001824237067} | value_name = DisplayName, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-0804-1033-1959-001824237067} | value_name = DisplayName, data = 65 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1033-7B44-AC0F074E4100} | value_name = UninstallString, data = 0, type = REG_EXPAND_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1033-7B44-AC0F074E4100} | value_name = UninstallString, data = 77 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1033-7B44-AC0F074E4100} | value_name = DisplayName, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1033-7B44-AC0F074E4100} | value_name = DisplayName, data = 65 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B175520C-86A2-35A7-8619-86DC379688B9} | value_name = UninstallString, data = 0, type = REG_EXPAND_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B175520C-86A2-35A7-8619-86DC379688B9} | value_name = UninstallString, data = 77 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B175520C-86A2-35A7-8619-86DC379688B9} | value_name = DisplayName, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B175520C-86A2-35A7-8619-86DC379688B9} | value_name = DisplayName, data = 77 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB} | value_name = UninstallString, data = 0, type = REG_EXPAND_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB} | value_name = UninstallString, data = 77 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB} | value_name = DisplayName, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB} | value_name = DisplayName, data = 77 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6} | value_name = UninstallString, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6} | value_name = UninstallString, data = 34 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6} | value_name = DisplayName, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6} | value_name = DisplayName, data = 77 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{e52a6842-b0ac-476e-b48f-378a97a67346} | value_name = UninstallString, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{e52a6842-b0ac-476e-b48f-378a97a67346} | value_name = UninstallString, data = 34 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{e52a6842-b0ac-476e-b48f-378a97a67346} | value_name = DisplayName, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{e52a6842-b0ac-476e-b48f-378a97a67346} | value_name = DisplayName, data = 77 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{e6e75766-da0f-4ba2-9788-6ea593ce702d} | value_name = UninstallString, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{e6e75766-da0f-4ba2-9788-6ea593ce702d} | value_name = UninstallString, data = 34 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{e6e75766-da0f-4ba2-9788-6ea593ce702d} | value_name = DisplayName, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{e6e75766-da0f-4ba2-9788-6ea593ce702d} | value_name = DisplayName, data = 77 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5} | value_name = UninstallString, data = 0, type = REG_EXPAND_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5} | value_name = UninstallString, data = 77 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5} | value_name = DisplayName, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5} | value_name = DisplayName, data = 77 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2151757 | value_name = UninstallString, type = REG_NONE |
|
2 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2467173 | value_name = UninstallString, type = REG_NONE |
|
2 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2524860 | value_name = UninstallString, type = REG_NONE |
|
2 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2544655 | value_name = UninstallString, type = REG_NONE |
|
2 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2549743 | value_name = UninstallString, type = REG_NONE |
|
2 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2565063 | value_name = UninstallString, type = REG_NONE |
|
2 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB982573 | value_name = UninstallString, type = REG_NONE |
|
2 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{f325f05b-f963-4640-a43b-c8a494cdda0f} | value_name = UninstallString, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{f325f05b-f963-4640-a43b-c8a494cdda0f} | value_name = UninstallString, data = 34 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{f325f05b-f963-4640-a43b-c8a494cdda0f} | value_name = DisplayName, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{f325f05b-f963-4640-a43b-c8a494cdda0f} | value_name = DisplayName, data = 77 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185} | value_name = UninstallString, data = 0, type = REG_EXPAND_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185} | value_name = UninstallString, data = 77 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185} | value_name = DisplayName, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185} | value_name = DisplayName, data = 77 |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR | value_name = HWID, type = REG_BINARY |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR | value_name = HWID, data = 123 |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Mozilla\Firefox | value_name = PathToExe, type = REG_NONE |
|
9 | |
| Read Value | HKEY_CURRENT_USER\Software\Mozilla\Firefox\TaskBarIDs | value_name = PathToExe, type = REG_NONE |
|
9 | |
| Read Value | HKEY_CURRENT_USER\Software\Mozilla | value_name = PathToExe, type = REG_NONE |
|
3 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Mozilla | value_name = PathToExe, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Account Manager | value_name = Outlook, type = REG_NONE |
|
2 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Account Manager | value_name = Outlook, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Account Manager | value_name = Outlook, data = 83 |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR | value_name = HWID, size = 38, type = REG_BINARY |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Mozilla | - |
|
5 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Mozilla\Firefox | - |
|
5 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Mozilla\Firefox\TaskBarIDs | - |
|
5 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Mozilla\Firefox | - |
|
5 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Mozilla | - |
|
5 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Mozilla | - |
|
2 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Mozilla\Firefox | - |
|
2 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Mozilla\Firefox\TaskBarIDs | - |
|
2 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Mozilla\Firefox | - |
|
2 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Mozilla | - |
|
2 |
Module (43)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | ole32.dll | base_address = 0x76d10000 |
|
1 | |
| Load | crypt32.dll | base_address = 0x76e00000 |
|
1 | |
| Load | advapi32.dll | base_address = 0x75070000 |
|
1 | |
| Load | shell32.dll | base_address = 0x756f0000 |
|
1 | |
| Load | netapi32.dll | base_address = 0x756b0000 |
|
1 | |
| Load | kernel32.dll | base_address = 0x77ad0000 |
|
1 | |
| Load | msi.dll | base_address = 0x70100000 |
|
1 | |
| Load | pstorec.dll | base_address = 0x700f0000 |
|
1 | |
| Get Handle | c:\windows\syswow64\kernel32.dll | base_address = 0x77ad0000 |
|
2 | |
| Get Address | c:\windows\syswow64\ole32.dll | function = StgOpenStorage, address_out = 0x76d41b90 |
|
1 | |
| Get Address | c:\windows\syswow64\crypt32.dll | function = CryptUnprotectData, address_out = 0x76e23140 |
|
1 | |
| Get Address | c:\windows\syswow64\crypt32.dll | function = CertOpenSystemStoreA, address_out = 0x76e7e4f0 |
|
1 | |
| Get Address | c:\windows\syswow64\crypt32.dll | function = CertEnumCertificatesInStore, address_out = 0x76e548f0 |
|
1 | |
| Get Address | c:\windows\syswow64\crypt32.dll | function = CertCloseStore, address_out = 0x76e41d20 |
|
1 | |
| Get Address | c:\windows\syswow64\crypt32.dll | function = CryptAcquireCertificatePrivateKey, address_out = 0x76e57190 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = AllocateAndInitializeSid, address_out = 0x7508f660 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CheckTokenMembership, address_out = 0x7508fb50 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = FreeSid, address_out = 0x75090440 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CredEnumerateA, address_out = 0x750a6670 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CredFree, address_out = 0x75093930 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptGetUserKey, address_out = 0x750a6c30 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptExportKey, address_out = 0x7508fb30 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptDestroyKey, address_out = 0x75090400 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptReleaseContext, address_out = 0x75090650 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RevertToSelf, address_out = 0x7508fc20 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = OpenProcessToken, address_out = 0x7508f520 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = ImpersonateLoggedOnUser, address_out = 0x75090ff0 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = GetTokenInformation, address_out = 0x7508f370 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = ConvertSidToStringSidA, address_out = 0x7508f160 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = LogonUserA, address_out = 0x750a5270 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = LookupPrivilegeValueA, address_out = 0x750a4dc0 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = AdjustTokenPrivileges, address_out = 0x75090980 |
|
1 | |
| Get Address | c:\windows\syswow64\shell32.dll | function = SHGetFolderPathA, address_out = 0x758a9b10 |
|
1 | |
| Get Address | c:\windows\syswow64\netapi32.dll | function = NetApiBufferFree, address_out = 0x704b16d0 |
|
1 | |
| Get Address | c:\windows\syswow64\netapi32.dll | function = NetUserEnum, address_out = 0x7049c010 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = WTSGetActiveConsoleSessionId, address_out = 0x77aee5e0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = ProcessIdToSessionId, address_out = 0x77ae8fa0 |
|
1 | |
| Get Address | c:\windows\syswow64\msi.dll | function = MsiGetComponentPathA, address_out = 0x702419d0 |
|
1 | |
| Get Address | c:\windows\syswow64\pstorec.dll | function = PStoreCreateInstance, address_out = 0x700f1290 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetNativeSystemInfo, address_out = 0x77aeac70 |
|
2 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = IsWow64Process, address_out = 0x77ae9f10 |
|
1 |
User (295)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Lookup Privilege | privilege = SeImpersonatePrivilege, luid = 29 |
|
5 | |
| Lookup Privilege | privilege = SeTcbPrivilege, luid = 7 |
|
5 | |
| Lookup Privilege | privilege = SeChangeNotifyPrivilege, luid = 23 |
|
5 | |
| Lookup Privilege | privilege = SeCreateTokenPrivilege, luid = 2 |
|
5 | |
| Lookup Privilege | privilege = SeBackupPrivilege, luid = 17 |
|
5 | |
| Lookup Privilege | privilege = SeRestorePrivilege, luid = 18 |
|
5 | |
| Lookup Privilege | privilege = SeIncreaseQuotaPrivilege, luid = 5 |
|
5 | |
| Lookup Privilege | privilege = SeAssignPrimaryTokenPrivilege, luid = 3 |
|
5 | |
| Logon | user_name = Guest, password = Guest |
|
1 | |
| Logon | user_name = Guest, password = guest |
|
1 | |
| Logon | user_name = Guest, password = 123456 |
|
1 | |
| Logon | user_name = Guest, password = password |
|
1 | |
| Logon | user_name = Guest, password = phpbb |
|
1 | |
| Logon | user_name = Guest, password = qwerty |
|
1 | |
| Logon | user_name = Guest, password = 12345 |
|
1 | |
| Logon | user_name = Guest, password = jesus |
|
1 | |
| Logon | user_name = Guest, password = 12345678 |
|
1 | |
| Logon | user_name = Guest, password = 1234 |
|
1 | |
| Logon | user_name = Guest, password = abc123 |
|
1 | |
| Logon | user_name = Guest, password = letmein |
|
1 | |
| Logon | user_name = Guest, password = test |
|
1 | |
| Logon | user_name = Guest, password = love |
|
1 | |
| Logon | user_name = Guest, password = 123 |
|
1 | |
| Logon | user_name = Guest, password = password1 |
|
1 | |
| Logon | user_name = Guest, password = hello |
|
1 | |
| Logon | user_name = Guest, password = monkey |
|
1 | |
| Logon | user_name = Guest, password = dragon |
|
1 | |
| Logon | user_name = Guest, password = trustno1 |
|
1 | |
| Logon | user_name = Guest, password = 111111 |
|
1 | |
| Logon | user_name = Guest, password = iloveyou |
|
1 | |
| Logon | user_name = Guest, password = 1234567 |
|
1 | |
| Logon | user_name = Guest, password = shadow |
|
1 | |
| Logon | user_name = Guest, password = 123456789 |
|
1 | |
| Logon | user_name = Guest, password = christ |
|
1 | |
| Logon | user_name = Guest, password = sunshine |
|
1 | |
| Logon | user_name = Guest, password = master |
|
1 | |
| Logon | user_name = Guest, password = computer |
|
1 | |
| Logon | user_name = Guest, password = princess |
|
1 | |
| Logon | user_name = Guest, password = tigger |
|
1 | |
| Logon | user_name = Guest, password = football |
|
1 | |
| Logon | user_name = Guest, password = angel |
|
1 | |
| Logon | user_name = Guest, password = jesus1 |
|
1 | |
| Logon | user_name = Guest, password = 123123 |
|
1 | |
| Logon | user_name = Guest, password = whatever |
|
1 | |
| Logon | user_name = Guest, password = freedom |
|
1 | |
| Logon | user_name = Guest, password = killer |
|
1 | |
| Logon | user_name = Guest, password = asdf |
|
1 | |
| Logon | user_name = Guest, password = soccer |
|
1 | |
| Logon | user_name = Guest, password = superman |
|
1 | |
| Logon | user_name = Guest, password = michael |
|
1 | |
| Logon | user_name = Guest, password = cheese |
|
1 | |
| Logon | user_name = Guest, password = internet |
|
1 | |
| Logon | user_name = Guest, password = joshua |
|
1 | |
| Logon | user_name = Guest, password = fuckyou |
|
1 | |
| Logon | user_name = Guest, password = blessed |
|
1 | |
| Logon | user_name = Guest, password = baseball |
|
1 | |
| Logon | user_name = Guest, password = starwars |
|
1 | |
| Logon | user_name = Guest, password = 000000 |
|
1 | |
| Logon | user_name = Guest, password = purple |
|
1 | |
| Logon | user_name = Guest, password = jordan |
|
1 | |
| Logon | user_name = Guest, password = faith |
|
1 | |
| Logon | user_name = Guest, password = summer |
|
1 | |
| Logon | user_name = Guest, password = ashley |
|
1 | |
| Logon | user_name = Guest, password = buster |
|
1 | |
| Logon | user_name = Guest, password = heaven |
|
1 | |
| Logon | user_name = Guest, password = pepper |
|
1 | |
| Logon | user_name = Guest, password = 7777777 |
|
1 | |
| Logon | user_name = Guest, password = hunter |
|
1 | |
| Logon | user_name = Guest, password = lovely |
|
1 | |
| Logon | user_name = Guest, password = andrew |
|
1 | |
| Logon | user_name = Guest, password = thomas |
|
1 | |
| Logon | user_name = Guest, password = angels |
|
1 | |
| Logon | user_name = Guest, password = charlie |
|
1 | |
| Logon | user_name = Guest, password = daniel |
|
1 | |
| Logon | user_name = Guest, password = 1111 |
|
1 | |
| Logon | user_name = Guest, password = jennifer |
|
1 | |
| Logon | user_name = Guest, password = single |
|
1 | |
| Logon | user_name = Guest, password = hannah |
|
1 | |
| Logon | user_name = Guest, password = qazwsx |
|
1 | |
| Logon | user_name = Guest, password = happy |
|
1 | |
| Logon | user_name = Guest, password = matrix |
|
1 | |
| Logon | user_name = Guest, password = pass |
|
1 | |
| Logon | user_name = Guest, password = aaaaaa |
|
1 | |
| Logon | user_name = Guest, password = 654321 |
|
1 | |
| Logon | user_name = Guest, password = amanda |
|
1 | |
| Logon | user_name = Guest, password = nothing |
|
1 | |
| Logon | user_name = Guest, password = ginger |
|
1 | |
| Logon | user_name = Guest, password = mother |
|
1 | |
| Logon | user_name = Guest, password = snoopy |
|
1 | |
| Logon | user_name = Guest, password = jessica |
|
1 | |
| Logon | user_name = Guest, password = welcome |
|
1 | |
| Logon | user_name = Guest, password = pokemon |
|
1 | |
| Logon | user_name = Guest, password = iloveyou1 |
|
1 | |
| Logon | user_name = Guest, password = 11111 |
|
1 | |
| Logon | user_name = Guest, password = mustang |
|
1 | |
| Logon | user_name = Guest, password = helpme |
|
1 | |
| Logon | user_name = Guest, password = justin |
|
1 | |
| Logon | user_name = Guest, password = jasmine |
|
1 | |
| Logon | user_name = Guest, password = orange |
|
1 | |
| Logon | user_name = Guest, password = testing |
|
1 | |
| Logon | user_name = Guest, password = apple |
|
1 | |
| Logon | user_name = Guest, password = michelle |
|
1 | |
| Logon | user_name = Guest, password = peace |
|
1 | |
| Logon | user_name = Guest, password = secret |
|
1 | |
| Logon | user_name = Guest, password = 1 |
|
1 | |
| Logon | user_name = Guest, password = grace |
|
1 | |
| Logon | user_name = Guest, password = william |
|
1 | |
| Logon | user_name = Guest, password = iloveyou2 |
|
1 | |
| Logon | user_name = Guest, password = nicole |
|
1 | |
| Logon | user_name = Guest, password = 666666 |
|
1 | |
| Logon | user_name = Guest, password = muffin |
|
1 | |
| Logon | user_name = Guest, password = gateway |
|
1 | |
| Logon | user_name = Guest, password = fuckyou1 |
|
1 | |
| Logon | user_name = Guest, password = asshole |
|
1 | |
| Logon | user_name = Guest, password = hahaha |
|
1 | |
| Logon | user_name = Guest, password = poop |
|
1 | |
| Logon | user_name = Guest, password = blessing |
|
1 | |
| Logon | user_name = Guest, password = blahblah |
|
1 | |
| Logon | user_name = Guest, password = myspace1 |
|
1 | |
| Logon | user_name = Guest, password = matthew |
|
1 | |
| Logon | user_name = Guest, password = canada |
|
1 | |
| Logon | user_name = Guest, password = silver |
|
1 | |
| Logon | user_name = Guest, password = robert |
|
1 | |
| Logon | user_name = Guest, password = forever |
|
1 | |
| Logon | user_name = Guest, password = asdfgh |
|
1 | |
| Logon | user_name = Guest, password = rachel |
|
1 | |
| Logon | user_name = Guest, password = rainbow |
|
1 | |
| Logon | user_name = Guest, password = guitar |
|
1 | |
| Logon | user_name = Guest, password = peanut |
|
1 | |
| Logon | user_name = Guest, password = batman |
|
1 | |
| Logon | user_name = Guest, password = cookie |
|
1 | |
| Logon | user_name = Guest, password = bailey |
|
1 | |
| Logon | user_name = Guest, password = soccer1 |
|
1 | |
| Logon | user_name = Guest, password = mickey |
|
1 | |
| Logon | user_name = Guest, password = biteme |
|
1 | |
| Logon | user_name = Guest, password = hello1 |
|
1 | |
| Logon | user_name = Guest, password = eminem |
|
1 | |
| Logon | user_name = Guest, password = dakota |
|
1 | |
| Logon | user_name = Guest, password = samantha |
|
1 | |
| Logon | user_name = Guest, password = compaq |
|
1 | |
| Logon | user_name = Guest, password = diamond |
|
1 | |
| Logon | user_name = Guest, password = taylor |
|
1 | |
| Logon | user_name = Guest, password = forum |
|
1 | |
| Logon | user_name = Guest, password = john316 |
|
1 | |
| Logon | user_name = Guest, password = richard |
|
1 | |
| Logon | user_name = Guest, password = blink182 |
|
1 | |
| Logon | user_name = Guest, password = peaches |
|
1 | |
| Logon | user_name = Guest, password = cool |
|
1 | |
| Logon | user_name = Guest, password = flower |
|
1 | |
| Logon | user_name = Guest, password = scooter |
|
1 | |
| Logon | user_name = Guest, password = banana |
|
1 | |
| Logon | user_name = Guest, password = james |
|
1 | |
| Logon | user_name = Guest, password = asdfasdf |
|
1 | |
| Logon | user_name = Guest, password = victory |
|
1 | |
| Logon | user_name = Guest, password = london |
|
1 | |
| Logon | user_name = Guest, password = 123qwe |
|
1 | |
| Logon | user_name = Guest, password = 123321 |
|
1 | |
| Logon | user_name = Guest, password = startrek |
|
1 | |
| Logon | user_name = Guest, password = george |
|
1 | |
| Logon | user_name = Guest, password = winner |
|
1 | |
| Logon | user_name = Guest, password = maggie |
|
1 | |
| Logon | user_name = Guest, password = trinity |
|
1 | |
| Logon | user_name = Guest, password = online |
|
1 | |
| Logon | user_name = Guest, password = 123abc |
|
1 | |
| Logon | user_name = Guest, password = chicken |
|
1 | |
| Logon | user_name = Guest, password = junior |
|
1 | |
| Logon | user_name = Guest, password = chris |
|
1 | |
| Logon | user_name = Guest, password = passw0rd |
|
1 | |
| Logon | user_name = Guest, password = austin |
|
1 | |
| Logon | user_name = Guest, password = sparky |
|
1 | |
| Logon | user_name = Guest, password = admin |
|
1 | |
| Logon | user_name = Guest, password = merlin |
|
1 | |
| Logon | user_name = Guest, password = google |
|
1 | |
| Logon | user_name = Guest, password = friends |
|
1 | |
| Logon | user_name = Guest, password = hope |
|
1 | |
| Logon | user_name = Guest, password = shalom |
|
1 | |
| Logon | user_name = Guest, password = nintendo |
|
1 | |
| Logon | user_name = Guest, password = looking |
|
1 | |
| Logon | user_name = Guest, password = harley |
|
1 | |
| Logon | user_name = Guest, password = smokey |
|
1 | |
| Logon | user_name = Guest, password = 7777 |
|
1 | |
| Logon | user_name = Guest, password = joseph |
|
1 | |
| Logon | user_name = Guest, password = lucky |
|
1 | |
| Logon | user_name = Guest, password = digital |
|
1 | |
| Logon | user_name = Guest, password = a |
|
1 | |
| Logon | user_name = Guest, password = thunder |
|
1 | |
| Logon | user_name = Guest, password = spirit |
|
1 | |
| Logon | user_name = Guest, password = bandit |
|
1 | |
| Logon | user_name = Guest, password = enter |
|
1 | |
| Logon | user_name = Guest, password = anthony |
|
1 | |
| Logon | user_name = Guest, password = corvette |
|
1 | |
| Logon | user_name = Guest, password = hockey |
|
1 | |
| Logon | user_name = Guest, password = power |
|
1 | |
| Logon | user_name = Guest, password = benjamin |
|
1 | |
| Logon | user_name = Guest, password = iloveyou! |
|
1 | |
| Logon | user_name = Guest, password = 1q2w3e |
|
1 | |
| Logon | user_name = Guest, password = viper |
|
1 | |
| Logon | user_name = Guest, password = genesis |
|
1 | |
| Logon | user_name = Guest, password = knight |
|
1 | |
| Logon | user_name = Guest, password = qwerty1 |
|
1 | |
| Logon | user_name = Guest, password = creative |
|
1 | |
| Logon | user_name = Guest, password = foobar |
|
1 | |
| Logon | user_name = Guest, password = adidas |
|
1 | |
| Logon | user_name = Guest, password = rotimi |
|
1 | |
| Logon | user_name = Guest, password = slayer |
|
1 | |
| Logon | user_name = Guest, password = wisdom |
|
1 | |
| Logon | user_name = Guest, password = praise |
|
1 | |
| Logon | user_name = Guest, password = zxcvbnm |
|
1 | |
| Logon | user_name = Guest, password = samuel |
|
1 | |
| Logon | user_name = Guest, password = mike |
|
1 | |
| Logon | user_name = Guest, password = dallas |
|
1 | |
| Logon | user_name = Guest, password = green |
|
1 | |
| Logon | user_name = Guest, password = testtest |
|
1 | |
| Logon | user_name = Guest, password = maverick |
|
1 | |
| Logon | user_name = Guest, password = onelove |
|
1 | |
| Logon | user_name = Guest, password = david |
|
1 | |
| Logon | user_name = Guest, password = mylove |
|
1 | |
| Logon | user_name = Guest, password = church |
|
1 | |
| Logon | user_name = Guest, password = friend |
|
1 | |
| Logon | user_name = Guest, password = god |
|
1 | |
| Logon | user_name = Guest, password = destiny |
|
1 | |
| Logon | user_name = Guest, password = none |
|
1 | |
| Logon | user_name = Guest, password = microsoft |
|
1 | |
| Logon | user_name = Guest, password = 222222 |
|
1 | |
| Logon | user_name = Guest, password = bubbles |
|
1 | |
| Logon | user_name = Guest, password = 11111111 |
|
1 | |
| Logon | user_name = Guest, password = cocacola |
|
1 | |
| Logon | user_name = Guest, password = jordan23 |
|
1 | |
| Logon | user_name = Guest, password = ilovegod |
|
1 | |
| Logon | user_name = Guest, password = football1 |
|
1 | |
| Logon | user_name = Guest, password = loving |
|
1 | |
| Logon | user_name = Guest, password = nathan |
|
1 | |
| Logon | user_name = Guest, password = emmanuel |
|
1 | |
| Logon | user_name = Guest, password = scooby |
|
1 | |
| Logon | user_name = Guest, password = fuckoff |
|
1 | |
| Logon | user_name = Guest, password = sammy |
|
1 | |
| Logon | user_name = Guest, password = maxwell |
|
1 | |
| Logon | user_name = Guest, password = jason |
|
1 | |
| Logon | user_name = Guest, password = john |
|
1 | |
| Logon | user_name = Guest, password = 1q2w3e4r |
|
1 | |
| Logon | user_name = Guest, password = baby |
|
1 | |
| Logon | user_name = Guest, password = red123 |
|
1 | |
| Logon | user_name = Guest, password = blabla |
|
1 | |
| Logon | user_name = Guest, password = prince |
|
1 | |
| Logon | user_name = Guest, password = qwert |
|
1 | |
| Logon | user_name = Guest, password = chelsea |
|
1 | |
| Logon | user_name = Guest, password = 55555 |
|
1 | |
| Logon | user_name = Guest, password = angel1 |
|
1 | |
| Logon | user_name = Guest, password = hardcore |
|
1 | |
| Logon | user_name = Guest, password = dexter |
|
1 | |
| Logon | user_name = Guest, password = saved |
|
1 | |
| Logon | user_name = Guest, password = 112233 |
|
1 | |
| Logon | user_name = Guest, password = hallo |
|
1 | |
| Logon | user_name = Guest, password = jasper |
|
1 | |
| Logon | user_name = Guest, password = danielle |
|
1 | |
| Logon | user_name = Guest, password = kitten |
|
1 | |
| Logon | user_name = Guest, password = cassie |
|
1 | |
| Logon | user_name = Guest, password = stella |
|
1 | |
| Logon | user_name = Guest, password = prayer |
|
1 | |
| Logon | user_name = DefaultAccount, password = DefaultAccount |
|
1 | |
| Logon | user_name = DefaultAccount, password = defaultaccount |
|
1 | |
| Logon | user_name = Administrator, password = Administrator |
|
1 | |
| Logon | user_name = Administrator, password = administrator |
|
1 |
System (753)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Open Certificate Store | - |
|
1 | |
| Get Time | type = Ticks, time = 132890 |
|
249 | |
| Get Time | type = Ticks, time = 138656 |
|
249 | |
| Get Time | type = Ticks, time = 139156 |
|
249 | |
| Get Info | type = Operating System |
|
1 | |
| Get Info | type = Hardware Information |
|
1 | |
| Get Info | type = Windows Directory, result_out = C:\Windows |
|
3 |
Ini (2)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Read | C:\Windows\win.ini | section_name = WS_FTP, key_name = DIR |
|
1 | |
| Read | C:\Windows\win.ini | section_name = WS_FTP, key_name = DEFDIR |
|
1 |
