Joebox - Abstract Analysis File: 2485
General information
Joebox version: 1.5.5
Start time: 19:24:57
Start date: 18/03/2010
Overall analysis duration: 0h 1m 22s
Target binary file name: Install_Digital-Access_v.9251.exe
Target script file name: xp.jbs
Avira scanner version: 7.10.4.41 - FUP(0), created 02/11/2010
Avira label: TR/FraudPack.aeff.2
Errors:
    Number of runs: 1
    Number of analysed new started processes analysed: 1
    Number of new started drivers analysed: 0
    Number of existing processes analysed: 0
    Number of existing drivers analysed: 0
    Number of injected processes analysed: 1
    Calling statistics
    NtCreateFile 8
    NtOpenFile 33
    NtDeleteFile 0
    NtSetInformationFile 0
    NtCreateIoCompletion 0
    NtRemoveIoCompletion 0
    NtSetIoCompletion 0
    NtAreMappedFilesTheSame 0
    NtCancelIoFile 0
    NtCreateNamedPipeFile 0
    NtFlushBuffersFile 0
    NtFsControlFile 1
    NtLockFile 0
    NtOpenDirectoryObject 2
    NtQueryAttributesFile 41
    NtQueryDirectoryFile 0
    NtQueryFullAttributesFile 0
    NtQueryInformationFile 2
    NtQueryVolumeInformationFile 1
    NtReadFile 1
    NtUnlockFile 0
    NtUnmapViewOfSection 17
    NtWriteFile 0
    NtCloseObjectAuditAlarm 0
    NtClose 176
    NtDeleteObjectAuditAlarm 0
    NtCreateSection 32
    NtOpenSection 28
    NtMapViewOfSection 50
    NtQuerySection 13
    NtMakeTemporaryObject 0
    NtCreateKey 3
    NtOpenKey 110
    NtRenameKey 0
    NtDeleteKey 0
    NtDeleteValueKey 0
    NtSetValueKey 0
    NtEnumerateKey 0
    NtEnumerateValueKey 1
    NtFlushKey 0
    NtNotifyChangeKey 2
    NtQueryKey 1
    NtQueryValueKey 178
    NtSetInformationKey 0
    NtCreateProcess 0
    NtCreateProcessEx 0
    NtTerminateProcess 0
    NtFlushInstructionCache 111
    NtOpenProcess 1
    NtOpenProcessToken 6
    NtOpenProcessTokenEx 3
    NtReadVirtualMemory 0
    NtWriteVirtualMemory 2
    NtAllocateVirtualMemory 35
    NtFlushVirtualMemory 1
    NtFreeVirtualMemory 1
    NtLockVirtualMemory 0
    NtProtectVirtualMemory 230
    NtQueryInformationProcess 14
    NtQueryVirtualMemory 9
    NtSetInformationProcess 5
    NtSuspendProcess 0
    NtCreateThread 1
    NtGetContextThread 1
    NtSetContextThread 4
    NtQueueApcThread 1
    NtAlertThread 0
    NtDelayExecution 0
    NtImpersonateThread 1
    NtOpenThread 1
    NtOpenThreadToken 10
    NtOpenThreadTokenEx 7
    NtQueryInformationThread 0
    NtRegisterThreadTerminatePort 1
    NtResumeThread 1
    NtSetInformationThread 2
    NtSuspendThread 0
    NtTerminateThread 0
    NtYieldExecution 0
    NtAcceptConnectPort 0
    NtCompleteConnectPort 0
    NtConnectPort 3
    NtCreatePort 0
    NtImpersonateClientOfPort 0
    NtReplyPort 0
    NtReplyWaitReceivePort 0
    NtReplyWaitReceivePortEx 0
    NtRequestPort 0
    NtRequestWaitReplyPort 14
    NtSecureConnectPort 1
    NtReadRequestData 0
    NtWriteRequestData 0
    NtAccessCheck 7
    NtAccessCheckAndAuditAlarm 0
    NtAccessCheckByType 0
    NtAdjustPrivilegesToken 6
    NtAllocateLocallyUniqueId 0
    NtQuerySecurityObject 0
    NtSetSecurityObject 0
    NtAddAtom 1
    NtFindAtom 0
    NtDeleteAtom 0
    NtQueryInformationAtom 0
    NtOpenKeyedEvent 1
    NtCreateKeyedEvent 0
    NtOpenEvent 5
    NtQueryEvent 0
    NtCreateEvent 14
    NtSetEvent 4
    NtSetEventBoostPriority 0
    NtOpenMutant 1
    NtCreateMutant 6
    NtCreateSemaphore 3
    NtReleaseSemaphore 0
    NtReleaseMutant 39
    NtCreateTimer 0
    NtCancelTimer 0
    NtSetTimer 0
    NtDeviceIoControlFile 11
    NtLoadDriver 0
    NtUnloadDriver 0
    NtDuplicateObject 4
    NtOpenObjectAuditAlarm 0
    NtDuplicateToken 0
    NtImpersonateAnonymousToken 0
    NtQueryInformationToken 11
    NtGetPlugPlayEvent 0
    NtPlugPlayControl 0
    NtOpenSymbolicLinkObject 1
    NtQuerySymbolicLinkObject 1
    NtQueryDirectoryObject 0
    NtQueryDebugFilterState 14
    NtQueryDefaultLocale 14
    NtQueryDefaultUILanguage 6
    NtQueryInstallUILanguage 2
    NtQueryInformationJobObject 0
    NtQueryObject 1
    NtQueryPerformanceCounter 2
    NtQuerySystemInformation 26
    NtQuerySystemTime 1
    NtQueryTimerResolution 0
    NtRaiseException 0
    NtRaiseHardError 0
    NtSetInformationObject 3
    NtSetSystemInformation 0
    NtShutdownSystem 0
    NtSystemDebugControl 0
    NtTestAlert 2
    NtWaitForMultipleObjects 2
    NtWaitForSingleObject 42
    NtSetInformationDebugObject 0
    NtCreateDebugObject 0
    NtDebugContinue 0
    NtWaitForDebugEvent 0
    NtRemoveProcessDebug 0
    NtUserPostMessage 2
    NtUserSendInput 0
    NtUserSetWindowsHookEx 4
    NtUserSetWinEventHook 0
    NtUserDestroyWindow 3
    NtUserPostThreadMessage 16
    NtUserBuildHwndList 9
    NtUserSetCapture 0
    NtUserRegisterHotKey 0
    NtUserRegisterUserApiHook 0
    NtUserCreateWindowEx 11
    NtUserQueryWindow 16
    NtUserFindWindowEx 1
    NtUserGetAsyncKeyState 0
    NtUserGetKeyboardState 0
    NtUserGetKeyState 0
    Startup
    • system is xp
    • Install_Digital-Access_v.9251.exe (PID: 1040 MD5: 83CA4E7DB79255C97992FF4E8BF2E502)
      • smss.exe (PID: 368 MD5: 5F816C1F539266D2D4C78694239DA0B5)
    • cleanup
    Analysis File: Install_Digital-Access_v.9251.exe PID: 1040 Parent PID: 148 Run ID: 0
    Sections
    General
    Start time: 19:25:39
    Start date: 18/03/2010
    Path: C:\Install_Digital-Access_v.9251.exe
    File size: 169480 bytes
    MD5 hash: 83CA4E7DB79255C97992FF4E8BF2E502
    File Activities:
    File opened
    File Path Access Options Completion Count
    C:\WINDOWS\WindowsShell.Manifest read attributes and synchronize and generic read synchronous io non alert and non directory file success or wait 41
    C:\WINDOWS\WindowsShell.Manifest read attributes and synchronize and generic read synchronous io non alert and non directory file success or wait 1
    C:\WINDOWS\system32\msctfime.ime read attributes and synchronize and generic read synchronous io non alert and non directory file success or wait 1
    C:\WINDOWS\system32\msctfime.ime read attributes and synchronize and generic read synchronous io non alert and non directory file success or wait 1
    File created
    File Path Access Attributes Options Completion Count
    File overwritten
    File Path Access Options Completion Count
    \Device\NetBT_Tcpip_{47A92F1D-762B-4D26-B738-80E5927050D1} synchronize and generic execute no options success or wait 1
    \Device\NetBT_Tcpip_{18A9CD70-4305-4C71-B17A-9770CD1408D4} synchronize and generic execute no options success or wait 1
    \Device\NetBT_Tcpip_{71174492-2DC9-4A53-90A5-5A404C91D131} synchronize and generic execute no options object name not found 1
    \Device\NetBT_Tcpip_{841AE918-5873-43F0-B832-8DB0F994E31E} synchronize and generic execute no options object name not found 1
    \Device\RasAcd read data or list directory and write data or add file no options success or wait 1
    C:\WINDOWS\system32\SHELL32.dll.124.Manifest read data or list directory and read ea and execute or traverse and read attributes and read control and synchronize synchronous io non alert and non directory file object name not found 1
    \Device\KsecDD read data or list directory and synchronize synchronous io alert success or wait 1
    File deleted
    File Path Completion Count
    File renamed
    Old File Path New File Path Completion Count
    File written
    File Path Completion Count
    Other file operations
    File Path Disposition Data Completion Count
    C:\WINDOWS\WindowsShell.Config open none object name not found 1
    C:\WINDOWS\system32\SHELL32.dll.124.Config open none object name not found 1
    Section Activities:
    Section opened
    File Path Access Base Entrypoint Size Mapped to pid Completion Count
    \KnownDlls\kernel32.dll map write and map read and map execute 7C800000 7C80B64E F6000 own pid success or wait 1
    \NLS\NlsSectionUnicode map read 00270000 0 15DF4 own pid success or wait 1
    \NLS\NlsSectionLocale map read 00290000 0 40EDC own pid success or wait 1
    \NLS\NlsSectionSortkey query and map read 002E0000 0 40004 own pid success or wait 1
    \NLS\NlsSectionSortTbls map read 00330000 0 5A04 own pid success or wait 1
    \NLS\NlsSectionSortkey00000409 map read not known not known not known own pid object name not found 2
    \KnownDlls\USER32.dll map write and map read and map execute 7E410000 7E41B217 91000 own pid success or wait 1
    \KnownDlls\GDI32.dll map write and map read and map execute 77F10000 77F16587 49000 own pid success or wait 1
    \KnownDlls\msvcrt.dll map write and map read and map execute 77C10000 77C1F2A1 58000 own pid success or wait 1
    \KnownDlls\ADVAPI32.dll map write and map read and map execute 77DD0000 77DD710B 9B000 own pid success or wait 1
    \KnownDlls\RPCRT4.dll map write and map read and map execute 77E70000 77E7628F 92000 own pid success or wait 1
    \KnownDlls\Secur32.dll map write and map read and map execute 77FE0000 77FE2146 11000 own pid success or wait 1
    \KnownDlls\SHLWAPI.dll map write and map read and map execute 77F60000 77F651FB 76000 own pid success or wait 1
    \NLS\NlsSectionCType map read 00370000 0 20C2 own pid success or wait 1
    \KnownDlls\lz32.dll map write and map read and map execute not known 73DC0000 3000 own pid success or wait 1
    \KnownDlls\WS2_32.dll map write and map read and map execute not known not known not known own pid object name not found 1
    \KnownDlls\WS2HELP.dll map write and map read and map execute not known not known not known own pid object name not found 1
    \KnownDlls\SHELL32.dll map write and map read and map execute 7C9C0000 7C9E74E6 817000 own pid success or wait 1
    \NLS\NlsSectionSortkey00000419 map read not known not known not known own pid object name not found 1
    \BaseNamedObjects\CTF.TimListCache.FMPDefaultS-1-5-21-220523388-1935655697-1343024091-1003SFM.DefaultS-1-5-21-220523388-1935655697-1343024091-1003 query and map write and map read and map execute and extend size 00910000 805E6300 40000 own pid success or wait 1
    \KnownDlls\version.dll map write and map read and map execute 77C00000 77C01135 8000 own pid success or wait 1
    \BaseNamedObjects\ShimSharedMemory map write 00950000 0 E000 own pid success or wait 1
    \KnownDlls\UxTheme.dll map write and map read and map execute not known not known not known own pid object name not found 1
    \KnownDlls\DNSAPI.dll map write and map read and map execute not known not known not known own pid object name not found 1
    \KnownDlls\WLDAP32.dll map write and map read and map execute 76F60000 76F61130 2C000 own pid success or wait 1
    \KnownDlls\rasadhlp.dll map write and map read and map execute not known not known not known own pid object name not found 1
    \BaseNamedObjects\CTF.AsmListCache.FMPDefaultS-1-5-21-220523388-1935655697-1343024091-1003 query and map write and map read and map execute and extend size 009F0000 805E6300 1000 own pid success or wait 1
    Section created
    File Path Access Attributes Base Entrypoint Size Protection Mapped to pid Completion Count
    not known query and map write and map read and map execute and extend size reserve not known F772DA00 10000 read write own pid success or wait 60
    not known query and map write and map read and map execute and extend size reserve not known F772DA00 10000 read write own pid success or wait 1
    C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll query and map write and map read and map execute image 773D0000 773D4256 103000 execute own pid success or wait 1
    C:\WINDOWS\system32\imm32.dll map write and map read and map execute commit 00340000 F772DA00 1AE00 execute own pid success or wait 2
    C:\WINDOWS\system32\imm32.dll query and map write and map read and map execute image 76390000 763912C0 1D000 execute own pid success or wait 1
    C:\WINDOWS\WindowsShell.Manifest map write and map read and map execute commit 00380000 F7841A00 2ED execute own pid success or wait 1
    C:\WINDOWS\WindowsShell.Manifest query and map read commit 00380000 F7841A00 2ED readonly own pid success or wait 1
    C:\WINDOWS\WindowsShell.Manifest map read commit 00380000 F7841A00 2ED readonly own pid success or wait 1
    C:\WINDOWS\system32\msctf.dll map write and map read and map execute commit 003A0000 F7841100 48C00 execute own pid success or wait 1
    C:\WINDOWS\system32\msctf.dll query and map write and map read and map execute image 74720000 747213A5 4C000 execute own pid success or wait 1
    \BaseNamedObjects\CiceroSharedMemDefaultS-1-5-21-220523388-1935655697-1343024091-1003 query and map write and map read commit 00380000 0 1000 read write own pid object name exists 1
    not known query and map write and map read and map execute and extend size commit 003D0000 F7841A00 24000 execute and read and write own pid success or wait 1
    C:\WINDOWS\system32\ws2_32.dll query and map write and map read and map execute image 71AB0000 71AB1273 17000 execute own pid success or wait 1
    C:\WINDOWS\system32\ws2help.dll query and map write and map read and map execute image 71AA0000 71AA1638 8000 execute own pid success or wait 1
    C:\WINDOWS\system32\shell32.dll map read commit 00910000 F7841A00 811C00 readonly own pid success or wait 1
    C:\WINDOWS\system32\msctfime.ime map write and map read and map execute commit 00950000 F7841000 2B400 execute own pid success or wait 3
    C:\WINDOWS\system32\msctfime.ime query and map read commit 00950000 F7841000 2B400 readonly own pid success or wait 2
    C:\WINDOWS\system32\msctfime.ime query and map write and map read and map execute image 755C0000 755D9FE1 2E000 execute own pid success or wait 1
    C:\WINDOWS\system32\ole32.dll map write and map read and map execute commit 00960000 F7841000 13A400 execute own pid success or wait 1
    C:\WINDOWS\system32\ole32.dll query and map write and map read and map execute image 774E0000 774FD0B9 13D000 execute own pid success or wait 1
    C:\WINDOWS\system32\uxtheme.dll query and map write and map read and map execute image 5AD70000 5AD71626 38000 execute own pid success or wait 1
    C:\WINDOWS\system32\mswsock.dll map write and map read and map execute commit 00960000 F7841A00 3BE00 execute own pid success or wait 1
    C:\WINDOWS\system32\mswsock.dll query and map write and map read and map execute image 71A50000 71A514CD 3F000 execute own pid success or wait 1
    C:\WINDOWS\system32\dnsapi.dll query and map write and map read and map execute image 76F20000 76F2AC82 27000 execute own pid success or wait 1
    C:\WINDOWS\system32\winrnr.dll map write and map read and map execute commit 00960000 F7841A00 4200 execute own pid success or wait 1
    C:\WINDOWS\system32\winrnr.dll query and map write and map read and map execute image 76FB0000 76FB115D 8000 execute own pid success or wait 1
    C:\WINDOWS\system32\rasadhlp.dll query and map write and map read and map execute image 76FC0000 76FC142F 6000 execute own pid success or wait 1
    \BaseNamedObjects\MSCTF.MarshalInterface.FileMap.EMF..GIEDH query and map write and map read commit 009F0000 0 1000 read write own pid success or wait 1
    \BaseNamedObjects\MSCTF.MarshalInterface.FileMap.EMF.B.BJEDH query and map write and map read commit 00A00000 0 1000 read write own pid success or wait 1
    Registry Activities:
    Key opened
    Key Path Access Completion Count
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install_Digital-Access_v.9251.exe generic read object name not found 2
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Terminal Server query value and enumerate sub key and notify and read or execute and write and read control success or wait 1
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots enumerate sub key and read or execute object name not found 2
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SafeBoot\Option query value and set value and read or execute and write object name not found 1
    HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers query value and read or execute success or wait 1
    HKEY_USERS\S-1-5-21-220523388-1935655697-1343024091-1003\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers query value and read or execute object name not found 1
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GDI32.dll generic read object name not found 1
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\USER32.dll generic read object name not found 1
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager query value and read or execute success or wait 1
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IMM32.DLL generic read object name not found 1
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ntdll.dll generic read object name not found 1
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kernel32.dll generic read object name not found 1
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msvcrt.dll generic read object name not found 1
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Secur32.dll generic read object name not found 1
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RPCRT4.dll generic read object name not found 1
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ADVAPI32.dll generic read object name not found 1
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SHLWAPI.dll generic read object name not found 1
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\COMCTL32.dll generic read object name not found 1
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Error Message Instrument\ query value and enumerate sub key and notify and read or execute and write and read control object name not found 1
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize query value and enumerate sub key and notify and read or execute and write and read control success or wait 1
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows query value and enumerate sub key and notify and read or execute and write and read control success or wait 1
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon query value and enumerate sub key and notify and read or execute and write and read control success or wait 1
    HKEY_LOCAL_MACHINE maximum allowed success or wait 1
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Diagnostics query value and enumerate sub key and notify and read or execute and write and read control object name not found 1
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Performance maximum allowed object name not found 1
    HKEY_USERS\S-1-5-21-220523388-1935655697-1343024091-1003 query value and enumerate sub key and notify and read or execute and write and read control success or wait 1
    HKEY_USERS\S-1-5-21-220523388-1935655697-1343024091-1003\Control Panel\Desktop query value and enumerate sub key and notify and read or execute and write and read control success or wait 1
    HKEY_USERS\S-1-5-21-220523388-1935655697-1343024091-1003\software\Microsoft\Windows\CurrentVersion\Explorer\Advanced query value and enumerate sub key and notify and read or execute and write and read control success or wait 1
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\LanguagePack query value and read or execute success or wait 1
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSCTF.dll generic read object name not found 1
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\Compatibility\Install_Digital-Access_v.9251.exe query value and enumerate sub key and notify and read or execute and write and read control object name not found 1
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\SystemShared\ query value and enumerate sub key and notify and read or execute and write and read control success or wait 1
    HKEY_USERS\S-1-5-21-220523388-1935655697-1343024091-1003 maximum allowed success or wait 1
    HKEY_USERS\S-1-5-21-220523388-1935655697-1343024091-1003\Keyboard Layout\Toggle query value and enumerate sub key and notify and read or execute and write and read control success or wait 2
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\ query value and enumerate sub key and notify and read or execute and write and read control success or wait 1
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WS2HELP.dll generic read object name not found 1
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WS2_32.dll generic read object name not found 1
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SHELL32.dll generic read object name not found 1
    HKEY_LOCAL_MACHINE\SYSTEM\Setup query value and read or execute success or wait 1
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lz32.dll generic read object name not found 1
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\agp query value and enumerate sub key and notify and read or execute and write and read control success or wait 1
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\WinSock2\Parameters maximum allowed success or wait 2
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9 maximum allowed success or wait 1
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\00000006 maximum allowed object name not found 1
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries maximum allowed success or wait 1
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001 query value and enumerate sub key and notify and read or execute and write and read control success or wait 1
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002 query value and enumerate sub key and notify and read or execute and write and read control success or wait 1
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003 query value and enumerate sub key and notify and read or execute and write and read control success or wait 1
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004 query value and enumerate sub key and notify and read or execute and write and read control success or wait 1
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005 query value and enumerate sub key and notify and read or execute and write and read control success or wait 1
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006 query value and enumerate sub key and notify and read or execute and write and read control success or wait 1
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007 query value and enumerate sub key and notify and read or execute and write and read control success or wait 1
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008 query value and enumerate sub key and notify and read or execute and write and read control success or wait 1
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009 query value and enumerate sub key and notify and read or execute and write and read control success or wait 1
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010 query value and enumerate sub key and notify and read or execute and write and read control success or wait 1
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011 query value and enumerate sub key and notify and read or execute and write and read control success or wait 1
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012 query value and enumerate sub key and notify and read or execute and write and read control success or wait 1
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000013 query value and enumerate sub key and notify and read or execute and write and read control success or wait 1
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5 maximum allowed success or wait 1
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\00000004 maximum allowed object name not found 1
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries maximum allowed success or wait 1
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001 query value and enumerate sub key and notify and read or execute and write and read control success or wait 1
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002 query value and enumerate sub key and notify and read or execute and write and read control success or wait 1
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003 query value and enumerate sub key and notify and read or execute and write and read control success or wait 1
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Winsock2\Parameters query value and read or execute success or wait 1
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\IMM maximum allowed success or wait 1
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\version.dll generic read object name not found 1
    HKEY_USERS\S-1-5-18\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers query value and enumerate sub key and notify and read or execute and write and read control object name not found 2
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msctfime.ime generic read object name not found 1
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ole32.dll generic read object name not found 1
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager query value and enumerate sub key and notify and read or execute and write and read control success or wait 1
    HKEY_LOCAL_MACHINE\Software\Microsoft\Ole query value and enumerate sub key and notify and read or execute and write and read control success or wait 1
    HKEY_LOCAL_MACHINE\Software\Classes\Interface query value and enumerate sub key and notify and read or execute and write and read control success or wait 1
    HKEY_LOCAL_MACHINE\Software\Classes\Interface\{00020400-0000-0000-C000-000000000046} query value and enumerate sub key and notify and read or execute and write and read control success or wait 1
    HKEY_USERS\S-1-5-21-220523388-1935655697-1343024091-1003\SOFTWARE\Microsoft\CTF maximum allowed success or wait 3
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UxTheme.dll generic read object name not found 1
    HKEY_USERS\S-1-5-18 query value and set value and create sub key and enumerate sub key and notify and read or execute and write and read control success or wait 1
    HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\ThemeManager query value and read or execute success or wait 1
    HKEY_USERS\S-1-5-18 query value and enumerate sub key and notify and read or execute and write and read control success or wait 1
    HKEY_USERS\.DEFAULT\Control Panel\Desktop query value and read or execute success or wait 1
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mswsock.dll generic read object name not found 1
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DNSAPI.dll generic read object name not found 1
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DnsCache\Parameters query value and enumerate sub key and notify and read or execute and write and read control success or wait 3
    HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\DnsClient query value and enumerate sub key and notify and read or execute and write and read control object name not found 3
    HKEY_LOCAL_MACHINE\System\Setup query value and read or execute success or wait 1
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters query value and read or execute success or wait 2
    HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\PagedBuffers query value and enumerate sub key and notify and read or execute and write and read control object name not found 1
    HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc query value and enumerate sub key and notify and read or execute and write and read control success or wait 1
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install_Digital-Access_v.9251.exe\RpcThreadPoolThrottle query value and enumerate sub key and notify and read or execute and write and read control object name not found 1
    HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Rpc query value and enumerate sub key and notify and read or execute and write and read control object name not found 1
    HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\System\DNSClient query value and read or execute object name not found 1
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WLDAP32.dll generic read object name not found 1
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LDAP query value and enumerate sub key and notify and read or execute and write and read control success or wait 1
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winrnr.dll generic read object name not found 1
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Linkage query value and enumerate sub key and notify and read or execute and write and read control success or wait 1
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rasadhlp.dll generic read object name not found 1
    HKEY_USERS\S-1-5-21-220523388-1935655697-1343024091-1003\SOFTWARE\Microsoft\CTF\LangBarAddIn\ query value and enumerate sub key and notify and read or execute and write and read control object name not found 1
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\LangBarAddIn\ query value and enumerate sub key and notify and read or execute and write and read control object name not found 1
    Key created
    Key Path Access Options Completion Count
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters query value and enumerate sub key and notify and read or execute and write and read control non volatile success or wait 291
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters query value and enumerate sub key and notify and read or execute and write and read control non volatile success or wait 3
    Key deleted
    Key Path Completion Count
    Key value deleted
    Key Path Key Value Name Completion Count
    Key value set
    Key Path Name Type Data Completion Count
    Key value replaced with new
    Key Path Name Type Old Data New Data Completion Count
    Key value replaced with same
    Key Path Name Type Data Completion Count
    Key value queried
    Key Path Name Completion Count
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Terminal Server TSAppCompat success or wait 1
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers TransparentEnabled success or wait 1
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager SafeDllSearchMode object name not found 1
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize DisableMetaFiles object name not found 1
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows AppInit_DLLs success or wait 1
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon LeakTrack object name not found 1
    HKEY_USERS\S-1-5-21-220523388-1935655697-1343024091-1003\Control Panel\Desktop SmoothScroll object name not found 1
    HKEY_USERS\S-1-5-21-220523388-1935655697-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced EnableBalloonTips object name not found 1
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\SystemShared CUAS success or wait 1
    HKEY_USERS\S-1-5-21-220523388-1935655697-1343024091-1003\Keyboard Layout\Toggle Language Hotkey success or wait 1
    HKEY_USERS\S-1-5-21-220523388-1935655697-1343024091-1003\Keyboard Layout\Toggle Language Hotkey success or wait 1
    HKEY_USERS\S-1-5-21-220523388-1935655697-1343024091-1003\Keyboard Layout\Toggle Layout Hotkey success or wait 1
    HKEY_USERS\S-1-5-21-220523388-1935655697-1343024091-1003\Keyboard Layout\Toggle Layout Hotkey success or wait 1
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF EnableAnchorContext object name not found 1
    HKEY_LOCAL_MACHINE\SYSTEM\Setup SystemSetupInProgress success or wait 1
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters WinSock_Registry_Version success or wait 1
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters WinSock_Registry_Version success or wait 1
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9 Serial_Access_Num success or wait 1
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9 Serial_Access_Num success or wait 1
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9 Next_Catalog_Entry_ID success or wait 1
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9 Num_Catalog_Entries success or wait 1
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001 PackedCatalogItem buffer overflow 2
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001 PackedCatalogItem success or wait 1
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002 PackedCatalogItem buffer overflow 2
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002 PackedCatalogItem success or wait 1
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003 PackedCatalogItem buffer overflow 2
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003 PackedCatalogItem success or wait 1
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004 PackedCatalogItem buffer overflow 2
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004 PackedCatalogItem success or wait 1
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005 PackedCatalogItem buffer overflow 2
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005 PackedCatalogItem success or wait 1
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006 PackedCatalogItem buffer overflow 2
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006 PackedCatalogItem success or wait 1
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007 PackedCatalogItem buffer overflow 2
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007 PackedCatalogItem success or wait 1
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008 PackedCatalogItem buffer overflow 2
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008 PackedCatalogItem success or wait 1
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009 PackedCatalogItem buffer overflow 2
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009 PackedCatalogItem success or wait 1
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010 PackedCatalogItem buffer overflow 2
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010 PackedCatalogItem success or wait 1
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011 PackedCatalogItem buffer overflow 2
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011 PackedCatalogItem success or wait 1
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012 PackedCatalogItem buffer overflow 2
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012 PackedCatalogItem success or wait 1
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000013 PackedCatalogItem buffer overflow 2
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000013 PackedCatalogItem success or wait 1
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5 Serial_Access_Num success or wait 1
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5 Serial_Access_Num success or wait 1
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5 Num_Catalog_Entries success or wait 1
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001 LibraryPath success or wait 1
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001 LibraryPath success or wait 1
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001 DisplayString success or wait 1
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001 DisplayString success or wait 1
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001 DisplayString success or wait 1
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001 DisplayString success or wait 1
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001 ProviderId success or wait 1
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001 AddressFamily object name not found 1
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001 SupportedNameSpace success or wait 1
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001 Enabled success or wait 1
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001 Version success or wait 1
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001 StoresServiceClassInfo success or wait 1
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002 LibraryPath success or wait 1
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002 LibraryPath success or wait 1
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002 DisplayString success or wait 1
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002 DisplayString success or wait 1
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002 DisplayString success or wait 1
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002 DisplayString success or wait 1
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002 ProviderId success or wait 1
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002 AddressFamily object name not found 1
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002 SupportedNameSpace success or wait 1
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002 Enabled success or wait 1
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002 Version success or wait 1
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002 StoresServiceClassInfo success or wait 1
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003 LibraryPath success or wait 1
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003 LibraryPath success or wait 1
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003 DisplayString success or wait 1
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003 DisplayString success or wait 1
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003 DisplayString success or wait 1
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003 DisplayString success or wait 1
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003 ProviderId success or wait 1
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003 AddressFamily object name not found 1
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003 SupportedNameSpace success or wait 1
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003 Enabled success or wait 1
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003 Version success or wait 1
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003 StoresServiceClassInfo success or wait 1
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters Ws2_32NumHandleBuckets object name not found 1
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IMM Ime File success or wait 1
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager CriticalSectionTimeout success or wait 1
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole RWLockResourceTimeOut object name not found 1
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface InterfaceHelperDisableAll object name not found 1
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface InterfaceHelperDisableAllForOle32 object name not found 1
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface InterfaceHelperDisableTypeLib object name not found 1
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00020400-0000-0000-C000-000000000046} InterfaceHelperDisableAll object name not found 1
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00020400-0000-0000-C000-000000000046} InterfaceHelperDisableAllForOle32 object name not found 1
    HKEY_USERS\S-1-5-21-220523388-1935655697-1343024091-1003\Software\Microsoft\CTF Disable Thread Input Manager object name not found 1
    HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\ThemeManager Compositing object name not found 1
    HKEY_USERS\.DEFAULT\Control Panel\Desktop LameButtonText object name not found 1
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters QueryAdapterName object name not found 1
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters DisableAdapterDomainName object name not found 1
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters UseDomainNameDevolution object name not found 1
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters UseDomainNameDevolution success or wait 1
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters PrioritizeRecordData object name not found 1
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters PrioritizeRecordData object name not found 1
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters AllowUnqualifiedQuery object name not found 1
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters AllowUnqualifiedQuery object name not found 1
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters AppendToMultiLabelName object name not found 1
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters ScreenBadTlds object name not found 1
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters ScreenUnreachableServers object name not found 1
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters FilterClusterIp object name not found 1
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters WaitForNameErrorOnAll object name not found 1
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters UseEdns object name not found 1
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters QueryIpMatching object name not found 1
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters UseHostsFile object name not found 1
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters RegistrationEnabled object name not found 1
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters DisableDynamicUpdate object name not found 1
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters RegisterPrimaryName object name not found 1
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters RegisterAdapterName object name not found 1
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters EnableAdapterDomainNameRegistration object name not found 1
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters RegisterReverseLookup object name not found 1
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters DisableReverseAddressRegistrations object name not found 1
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters RegisterWanAdapters object name not found 1
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters DisableWanDynamicUpdate object name not found 1
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters RegistrationTtl object name not found 1
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters DefaultRegistrationTTL object name not found 1
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters RegistrationRefreshInterval object name not found 1
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters DefaultRegistrationRefreshInterval object name not found 1
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters RegistrationMaxAddressCount object name not found 1
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters MaxNumberOfAddressesToRegister object name not found 1
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters UpdateSecurityLevel object name not found 1
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters UpdateSecurityLevel object name not found 1
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters UpdateZoneExcludeFile object name not found 1
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters UpdateTopLevelDomainZones object name not found 1
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters DnsTest object name not found 1
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters MaxCacheSize object name not found 1
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters MaxCacheTtl object name not found 1
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters MaxNegativeCacheTtl object name not found 1
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters AdapterTimeoutLimit object name not found 1
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters ServerPriorityTimeLimit object name not found 1
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters MaxCachedSockets object name not found 1
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters MulticastListenLevel object name not found 1
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters MulticastSendLevel object name not found 1
    HKEY_LOCAL_MACHINE\SYSTEM\Setup SystemSetupInProgress success or wait 1
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters DnsQueryTimeouts object name not found 1
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters DnsQuickQueryTimeouts object name not found 1
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters DnsMulticastQueryTimeouts object name not found 1
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc MaxRpcSize object name not found 1
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters Hostname success or wait 1
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters Hostname success or wait 1
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters Domain success or wait 1
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters Domain success or wait 1
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters DnsNbtLookupOrder object name not found 1
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ldap LdapClientIntegrity success or wait 1
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NetBT\Linkage Export buffer overflow 2
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NetBT\Linkage Export success or wait 1
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters WinSock_Registry_Version success or wait 1
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters WinSock_Registry_Version success or wait 1
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters AutodialDLL object name not found 1
    HKEY_USERS\S-1-5-21-220523388-1935655697-1343024091-1003\Software\Microsoft\CTF Disable Thread Input Manager object name not found 1
    HKEY_USERS\S-1-5-21-220523388-1935655697-1343024091-1003\Software\Microsoft\CTF Disable Thread Input Manager object name not found 1
    HKEY_USERS\S-1-5-21-220523388-1935655697-1343024091-1003\Keyboard Layout\Toggle Language Hotkey success or wait 1
    HKEY_USERS\S-1-5-21-220523388-1935655697-1343024091-1003\Keyboard Layout\Toggle Language Hotkey success or wait 1
    HKEY_USERS\S-1-5-21-220523388-1935655697-1343024091-1003\Keyboard Layout\Toggle Layout Hotkey success or wait 1
    HKEY_USERS\S-1-5-21-220523388-1935655697-1343024091-1003\Keyboard Layout\Toggle Layout Hotkey success or wait 1
    Mutant Activities:
    Mutant opened
    Name Completion Count
    Mutant created
    Name Completion Count
    \BaseNamedObjects\CTF.LBES.MutexDefaultS-1-5-21-220523388-1935655697-1343024091-1003 object name exists 6
    \BaseNamedObjects\CTF.LBES.MutexDefaultS-1-5-21-220523388-1935655697-1343024091-1003 object name exists 1
    \BaseNamedObjects\CTF.Compart.MutexDefaultS-1-5-21-220523388-1935655697-1343024091-1003 object name exists 1
    \BaseNamedObjects\CTF.Asm.MutexDefaultS-1-5-21-220523388-1935655697-1343024091-1003 object name exists 1
    \BaseNamedObjects\CTF.Layouts.MutexDefaultS-1-5-21-220523388-1935655697-1343024091-1003 object name exists 1
    \BaseNamedObjects\CTF.TMD.MutexDefaultS-1-5-21-220523388-1935655697-1343024091-1003 object name exists 1
    \BaseNamedObjects\CTF.TimListCache.FMPDefaultS-1-5-21-220523388-1935655697-1343024091-1003MUTEX.DefaultS-1-5-21-220523388-1935655697-1343024091-1003 object name exists 1
    Mutant released
    Name Completion Count
    Process Activities:
    Process started
    PID Access Flags System Completion Count
    Process opened
    PID Access Filename Cmdline Completion Count
    368 create thread and vm operation and vm write and dupclicate handle C:\WINDOWS\System32\smss.exe \SystemRoot\System32\smss.exe success or wait 1
    368 create thread and vm operation and vm write and dupclicate handle C:\WINDOWS\System32\smss.exe \SystemRoot\System32\smss.exe success or wait 1
    Process suspended
    PID Filename Cmdline Completion Count
    Process terminated
    PID Filename Cmdline Completion Count
    Thread Activities:
    Thread opened
    TID PID Access Completion Count
    Thread created
    TID PID Process Path Cmdline Access Completion Count
    1964 368 C:\WINDOWS\System32\smss.exe \SystemRoot\System32\smss.exe terminate and suspend resume and alert and get context and set context and set information and query information and set token and impersonate and direct impersonation success or wait 6
    1964 368 C:\WINDOWS\System32\smss.exe \SystemRoot\System32\smss.exe terminate and suspend resume and alert and get context and set context and set information and query information and set token and impersonate and direct impersonation success or wait 1
    Thread queued
    TID PID Completion Count
    not known not known success or wait 1
    Thread set
    TID PID Completion Count
    not known not known success or wait 3
    1964 368 success or wait 1
    Thread delayed
    TID Delay Completion Count
    Thread terminated
    TID PID Completion Count
    Memory Activities:
    Memory read
    PID Filename Cmdline Base Completion Count
    Memory written
    PID Filename Cmdline Base Completion Count
    368 C:\WINDOWS\System32\smss.exe \SystemRoot\System32\smss.exe 003FFFFC success or wait 2
    368 C:\WINDOWS\System32\smss.exe \SystemRoot\System32\smss.exe 003FFFFC success or wait 1
    368 C:\WINDOWS\System32\smss.exe \SystemRoot\System32\smss.exe 003FF000 success or wait 1
    Driver Activities:
    Driver loaded
    Service name path Completion Count
    Driver unloaded
    Service name path Completion Count
    System Activities:
    System information set
    System info class Data Completion Count
    System information queried
    System info class Completion Count
    BasicInformation success or wait 26
    BasicInformation success or wait 3
    RangeStartInformation success or wait 1
    BasicInformation success or wait 1
    BasicInformation success or wait 1
    BasicInformation success or wait 1
    BasicInformation success or wait 1
    BasicInformation success or wait 1
    ProcessorInformation success or wait 6
    ProcessInformation info length mismatch 1
    ProcessInformation success or wait 1
    BasicInformation success or wait 1
    BasicInformation success or wait 1
    BasicInformation success or wait 1
    BasicInformation success or wait 2
    BasicInformation success or wait 1
    BasicInformation success or wait 1
    PerformanceInformation success or wait 1
    BasicInformation success or wait 1
    Time Activities:
    Performance counter queried
    Count Frequency Completion Count
    1703492405 3579545 success or wait 3
    1703492405 3579545 success or wait 1
    1711827495 3579545 success or wait 1
    System resolution queried
    Minimum resolution Maximum resolution Current resolution Completion Count
    System time queried
    Time Completion Count
    129134103397228480 success or wait 1
    User Activities:
    Window created
    Window name Class name Completion Count
    no string no string success 16
    no string no string success 1
    6.0.2600.5512!Static no string success 1
    6.0.2600.5512!msctls_progress32 msctls_progress32 success 1
    6.0.2600.5512!Static no string success 1
    no string no string success 1
    6.0.2600.5512!Button no string success 1
    6.0.2600.5512!Static no string success 1
    6.0.2600.5512!Static no string success 1
    CicDUmmyWndForDefIMEWnd CicDUmmyWndForDefIMEWnd success 1
    MSCTFIME UI MSCTFIME UI error 1
    CicMarshalWndClass CicMarshalWndClass success 1
    Window found
    Window name Class name Completion Count
    no string Shell_TrayWnd success 1
    Window hook set
    Module Thread id Hook code Completion Count
    C:\WINDOWS\system32\MSCTF.dll 1476 keyboard success 1
    C:\WINDOWS\system32\MSCTF.dll 1476 mouse success 1
    C:\WINDOWS\system32\MSCTF.dll 1476 keyboard success 1
    C:\WINDOWS\system32\MSCTF.dll 1476 mouse success 1
    Key async got
    Virtual key code Key state Count
    Keyboard state got
    Completion Count
    Key state got
    Virtual key code State Count
    Debug Activities:
    System debug info set
    Debug info class Input data Output data Completion Count
    Exception Activities:
    Exception raised
    Exception code Address Completion Count
    Chronological sections
    Operation Data Completion Time
    Key opened Path: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install_Digital-Access_v.9251.exe Access: generic read object name not found 1701914059
    System info queried Type: BasicInformation success or wait 1701915604
    System info queried Type: BasicInformation success or wait 1701916525
    Section opened Access: map write and map read and map execute Baseaddress: 7C800000 Size: F6000 Mapped to pid: own pid Path: \KnownDlls\kernel32.dll success or wait 1701918772
    System info queried Type: RangeStartInformation success or wait 1701923199
    System info queried Type: BasicInformation success or wait 1701923313
    Section created Access: query and map write and map read and map execute and extend size Protection: read write Attributes: reserve Path: not known Type: reserve Baseaddress: not known Entrypoint: F772DA00 Mapped to pid: own pid Size: 10000 success or wait 1701923597
    System info queried Type: BasicInformation success or wait 1702159889
    Key opened Path: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Terminal Server Access: query value and enumerate sub key and notify and read or execute and write and read control success or wait 1702162538
    Key value queried Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Terminal Server Name: TSAppCompat success or wait 1702164448
    Key opened Path: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install_Digital-Access_v.9251.exe Access: generic read object name not found 1702170497
    Section opened Access: map read Baseaddress: 00270000 Size: 15DF4 Mapped to pid: own pid Path: \NLS\NlsSectionUnicode success or wait 1702171101
    Section opened Access: map read Baseaddress: 00290000 Size: 40EDC Mapped to pid: own pid Path: \NLS\NlsSectionLocale success or wait 1702175131
    Section opened Access: query and map read Baseaddress: 002E0000 Size: 40004 Mapped to pid: own pid Path: \NLS\NlsSectionSortkey success or wait 1702176630
    Section opened Access: map read Baseaddress: 00330000 Size: 5A04 Mapped to pid: own pid Path: \NLS\NlsSectionSortTbls success or wait 1702177457
    Section opened Access: map read Baseaddress: not known Size: not known Mapped to pid: own pid Path: \NLS\NlsSectionSortkey00000409 object name not found 1702179193
    Section opened Access: map read Baseaddress: not known Size: not known Mapped to pid: own pid Path: \NLS\NlsSectionSortkey00000409 object name not found 1702179392
    Section opened Access: map write and map read and map execute Baseaddress: 7E410000 Size: 91000 Mapped to pid: own pid Path: \KnownDlls\USER32.dll success or wait 1702184499
    Section opened Access: map write and map read and map execute Baseaddress: 77F10000 Size: 49000 Mapped to pid: own pid Path: \KnownDlls\GDI32.dll success or wait 1702185843
    Key opened Path: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots Access: enumerate sub key and read or execute object name not found 1702193281
    Section created Access: query and map write and map read and map execute Protection: execute Attributes: image Path: C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll Type: image Baseaddress: 773D0000 Entrypoint: 773D4256 Mapped to pid: own pid Size: 103000 success or wait 1702196342
    Key opened Path: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SafeBoot\Option Access: query value and set value and read or execute and write object name not found 1702197654
    Key opened Path: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Access: query value and read or execute success or wait 1702197954
    Key value queried Path: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers Name: TransparentEnabled success or wait 1702198404
    Key opened Path: HKEY_USERS\S-1-5-21-220523388-1935655697-1343024091-1003\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Access: query value and read or execute object name not found 1702199610
    Section opened Access: map write and map read and map execute Baseaddress: 77C10000 Size: 58000 Mapped to pid: own pid Path: \KnownDlls\msvcrt.dll success or wait 1702201162
    Section opened Access: map write and map read and map execute Baseaddress: 77DD0000 Size: 9B000 Mapped to pid: own pid Path: \KnownDlls\ADVAPI32.dll success or wait 1702205361
    Section opened Access: map write and map read and map execute Baseaddress: 77E70000 Size: 92000 Mapped to pid: own pid Path: \KnownDlls\RPCRT4.dll success or wait 1702209598
    Section opened Access: map write and map read and map execute Baseaddress: 77FE0000 Size: 11000 Mapped to pid: own pid Path: \KnownDlls\Secur32.dll success or wait 1702213284
    Section opened Access: map write and map read and map execute Baseaddress: 77F60000 Size: 76000 Mapped to pid: own pid Path: \KnownDlls\SHLWAPI.dll success or wait 1702219755
    Key opened Path: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GDI32.dll Access: generic read object name not found 1702229969
    Key opened Path: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\USER32.dll Access: generic read object name not found 1702230355
    System info queried Type: BasicInformation success or wait 1702230595
    Key opened Path: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager Access: query value and read or execute success or wait 1702231812
    Key value queried Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager Name: SafeDllSearchMode object name not found 1702232107
    Section created Access: map write and map read and map execute Protection: execute Attributes: commit Path: C:\WINDOWS\system32\imm32.dll Type: commit Baseaddress: 00340000 Entrypoint: F772DA00 Mapped to pid: own pid Size: 1AE00 success or wait 1702233208
    Section created Access: map write and map read and map execute Protection: execute Attributes: commit Path: C:\WINDOWS\system32\imm32.dll Type: commit Baseaddress: 00340000 Entrypoint: F772DA00 Mapped to pid: own pid Size: 1AE00 success or wait 1702235498
    Section created Access: query and map write and map read and map execute Protection: execute Attributes: image Path: C:\WINDOWS\system32\imm32.dll Type: image Baseaddress: 76390000 Entrypoint: 763912C0 Mapped to pid: own pid Size: 1D000 success or wait 1702237188
    Key opened Path: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IMM32.DLL Access: generic read object name not found 1702241361
    System info queried Type: BasicInformation success or wait 1702241507
    Key opened Path: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ntdll.dll Access: generic read object name not found 1702242191
    Key opened Path: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kernel32.dll Access: generic read object name not found 1702242742
    Key opened Path: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msvcrt.dll Access: generic read object name not found 1702242965
    Key opened Path: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Secur32.dll Access: generic read object name not found 1702243184
    Key opened Path: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RPCRT4.dll Access: generic read object name not found 1702243405
    Key opened Path: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ADVAPI32.dll Access: generic read object name not found 1702243625
    Key opened Path: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SHLWAPI.dll Access: generic read object name not found 1702243845
    Key opened Path: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\COMCTL32.dll Access: generic read object name not found 1702244550
    Key opened Path: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Error Message Instrument\ Access: query value and enumerate sub key and notify and read or execute and write and read control object name not found 1702245068
    Key opened Path: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize Access: query value and enumerate sub key and notify and read or execute and write and read control success or wait 1702245447
    Key value queried Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize Name: DisableMetaFiles object name not found 1702245741
    Key opened Path: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows Access: query value and enumerate sub key and notify and read or execute and write and read control success or wait 1702249688
    Key value queried Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Name: AppInit_DLLs success or wait 1702249924
    System info queried Type: BasicInformation success or wait 1702252211
    Section opened Access: map read Baseaddress: 00370000 Size: 20C2 Mapped to pid: own pid Path: \NLS\NlsSectionCType success or wait 1702253551
    Key opened Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon Access: query value and enumerate sub key and notify and read or execute and write and read control success or wait 1702257264
    Key value queried Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon Name: LeakTrack object name not found 1702257470
    Key opened Path: HKEY_LOCAL_MACHINE Access: maximum allowed success or wait 1702258254
    Key opened Path: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Diagnostics Access: query value and enumerate sub key and notify and read or execute and write and read control object name not found 1702258664
    Key opened Path: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Performance Access: maximum allowed object name not found 1702259092
    Section created Access: map write and map read and map execute Protection: execute Attributes: commit Path: C:\WINDOWS\WindowsShell.Manifest Type: commit Baseaddress: 00380000 Entrypoint: F7841A00 Mapped to pid: own pid Size: 2ED success or wait 1702262285
    File opened Path: C:\WINDOWS\WindowsShell.Manifest Access: read attributes and synchronize and generic read Disposition: open Options: synchronous io non alert and non directory file Attributes: none success or wait 1702264272
    Section created Access: query and map read Protection: readonly Attributes: commit Path: C:\WINDOWS\WindowsShell.Manifest Type: commit Baseaddress: 00380000 Entrypoint: F7841A00 Mapped to pid: own pid Size: 2ED success or wait 1702264588
    Section created Access: map read Protection: readonly Attributes: commit Path: C:\WINDOWS\WindowsShell.Manifest Type: commit Baseaddress: 00380000 Entrypoint: F7841A00 Mapped to pid: own pid Size: 2ED success or wait 1702265984
    Key opened Path: HKEY_USERS\S-1-5-21-220523388-1935655697-1343024091-1003 Access: query value and enumerate sub key and notify and read or execute and write and read control success or wait 1702279658
    Key opened Path: HKEY_USERS\S-1-5-21-220523388-1935655697-1343024091-1003\Control Panel\Desktop Access: query value and enumerate sub key and notify and read or execute and write and read control success or wait 1702280654
    Key value queried Path: HKEY_USERS\S-1-5-21-220523388-1935655697-1343024091-1003\Control Panel\Desktop Name: SmoothScroll object name not found 1702280877
    Key opened Path: HKEY_USERS\S-1-5-21-220523388-1935655697-1343024091-1003\software\Microsoft\Windows\CurrentVersion\Explorer\Advanced Access: query value and enumerate sub key and notify and read or execute and write and read control success or wait 1702282289
    Key value queried Path: HKEY_USERS\S-1-5-21-220523388-1935655697-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced Name: EnableBalloonTips object name not found 1702282550
    Key opened Path: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\LanguagePack Access: query value and read or execute success or wait 1702283693
    Thread apc queued TID: not known PID: not known success or wait 1702287840
    Section created Access: map write and map read and map execute Protection: execute Attributes: commit Path: C:\WINDOWS\system32\msctf.dll Type: commit Baseaddress: 003A0000 Entrypoint: F7841100 Mapped to pid: own pid Size: 48C00 success or wait 1702289491
    Section created Access: query and map write and map read and map execute Protection: execute Attributes: image Path: C:\WINDOWS\system32\msctf.dll Type: image Baseaddress: 74720000 Entrypoint: 747213A5 Mapped to pid: own pid Size: 4C000 success or wait 1702291530
    Key opened Path: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSCTF.dll Access: generic read object name not found 1702296103
    Section created Access: query and map write and map read Protection: read write Attributes: commit Path: \BaseNamedObjects\CiceroSharedMemDefaultS-1-5-21-220523388-1935655697-1343024091-1003 Type: commit Baseaddress: 00380000 Entrypoint: 0 Mapped to pid: own pid Size: 1000 object name exists 1702299287
    Key opened Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\Compatibility\Install_Digital-Access_v.9251.exe Access: query value and enumerate sub key and notify and read or execute and write and read control object name not found 1702299898
    Key opened Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\SystemShared\ Access: query value and enumerate sub key and notify and read or execute and write and read control success or wait 1702300116
    Key value queried Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\SystemShared Name: CUAS success or wait 1702300366
    Mutant created Name: \BaseNamedObjects\CTF.LBES.MutexDefaultS-1-5-21-220523388-1935655697-1343024091-1003 object name exists 1702301381
    Mutant created Name: \BaseNamedObjects\CTF.Compart.MutexDefaultS-1-5-21-220523388-1935655697-1343024091-1003 object name exists 1702301741
    Mutant created Name: \BaseNamedObjects\CTF.Asm.MutexDefaultS-1-5-21-220523388-1935655697-1343024091-1003 object name exists 1702301994
    Mutant created Name: \BaseNamedObjects\CTF.Layouts.MutexDefaultS-1-5-21-220523388-1935655697-1343024091-1003 object name exists 1702302243
    Mutant created Name: \BaseNamedObjects\CTF.TMD.MutexDefaultS-1-5-21-220523388-1935655697-1343024091-1003 object name exists 1702302489
    Key opened Path: HKEY_USERS\S-1-5-21-220523388-1935655697-1343024091-1003 Access: maximum allowed success or wait 1702303513
    Key opened Path: HKEY_USERS\S-1-5-21-220523388-1935655697-1343024091-1003\Keyboard Layout\Toggle Access: query value and enumerate sub key and notify and read or execute and write and read control success or wait 1702303906
    Key value queried Path: HKEY_USERS\S-1-5-21-220523388-1935655697-1343024091-1003\Keyboard Layout\Toggle Name: Language Hotkey success or wait 1702304292
    Key value queried Path: HKEY_USERS\S-1-5-21-220523388-1935655697-1343024091-1003\Keyboard Layout\Toggle Name: Language Hotkey success or wait 1702304995
    Key value queried Path: HKEY_USERS\S-1-5-21-220523388-1935655697-1343024091-1003\Keyboard Layout\Toggle Name: Layout Hotkey success or wait 1702305731
    Key value queried Path: HKEY_USERS\S-1-5-21-220523388-1935655697-1343024091-1003\Keyboard Layout\Toggle Name: Layout Hotkey success or wait 1702306365
    Key opened Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\ Access: query value and enumerate sub key and notify and read or execute and write and read control success or wait 1702309333
    Key value queried Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF Name: EnableAnchorContext object name not found 1702309545
    Section created Access: query and map write and map read and map execute and extend size Protection: execute and read and write Attributes: commit Path: not known Type: commit Baseaddress: 003D0000 Entrypoint: F7841A00 Mapped to pid: own pid Size: 24000 success or wait 1702331571
    Thread context set TID: not known PID: not known success or wait 1702333307
    Section opened Access: map write and map read and map execute Baseaddress: not known Size: 3000 Mapped to pid: own pid Path: \KnownDlls\lz32.dll success or wait 1702333565
    Thread context set TID: not known PID: not known success or wait 1702336184
    Section opened Access: map write and map read and map execute Baseaddress: not known Size: not known Mapped to pid: own pid Path: \KnownDlls\WS2_32.dll object name not found 1702339667
    Section created Access: query and map write and map read and map execute Protection: execute Attributes: image Path: C:\WINDOWS\system32\ws2_32.dll Type: image Baseaddress: 71AB0000 Entrypoint: 71AB1273 Mapped to pid: own pid Size: 17000 success or wait 1702341133
    Section opened Access: map write and map read and map execute Baseaddress: not known Size: not known Mapped to pid: own pid Path: \KnownDlls\WS2HELP.dll object name not found 1702345299
    Section created Access: query and map write and map read and map execute Protection: execute Attributes: image Path: C:\WINDOWS\system32\ws2help.dll Type: image Baseaddress: 71AA0000 Entrypoint: 71AA1638 Mapped to pid: own pid Size: 8000 success or wait 1702346472
    Section opened Access: map write and map read and map execute Baseaddress: 7C9C0000 Size: 817000 Mapped to pid: own pid Path: \KnownDlls\SHELL32.dll success or wait 1702353866
    Key opened Path: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WS2HELP.dll Access: generic read object name not found 1702363729
    Key opened Path: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WS2_32.dll Access: generic read object name not found 1702363995
    System info queried Type: BasicInformation success or wait 1702364138
    System info queried Type: ProcessorInformation success or wait 1702364330
    Key opened Path: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SHELL32.dll Access: generic read object name not found 1702364552
    Key opened Path: HKEY_LOCAL_MACHINE\SYSTEM\Setup Access: query value and read or execute success or wait 1702366632
    Key value queried Path: HKEY_LOCAL_MACHINE\SYSTEM\Setup Name: SystemSetupInProgress success or wait 1702366905
    Section created Access: map read Protection: readonly Attributes: commit Path: C:\WINDOWS\system32\shell32.dll Type: commit Baseaddress: 00910000 Entrypoint: F7841A00 Mapped to pid: own pid Size: 811C00 success or wait 1702369308
    Key opened Path: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots Access: enumerate sub key and read or execute object name not found 1702386838
    Key opened Path: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lz32.dll Access: generic read object name not found 1702389254
    Thread context set TID: not known PID: not known success or wait 1702389417
    System info queried Type: ProcessInformation info length mismatch 1702389965
    System info queried Type: ProcessInformation success or wait 1702668993
    Process opened Access: create thread and vm operation and vm write and dupclicate handle PID: 368 Cmdline: \SystemRoot\System32\smss.exe Path: C:\WINDOWS\System32\smss.exe success or wait 1702950616
    System info queried Type: BasicInformation success or wait 1702955116
    Memory written PID: 368 Path: C:\WINDOWS\System32\smss.exe Cmdline: \SystemRoot\System32\smss.exe Base: 003FFFFC Length: 00000004 Value: null success or wait 1702999234
    Thread created Access: terminate and suspend resume and alert and get context and set context and set information and query information and set token and impersonate and direct impersonation PID: NULL TID: 1964 Imagepath: C:\WINDOWS\System32\smss.exe Cmdline: \SystemRoot\System32\smss.exe success or wait 1703000656
    Memory written PID: 368 Path: C:\WINDOWS\System32\smss.exe Cmdline: \SystemRoot\System32\smss.exe Base: 003FF000 Length: 0000004C Value: null success or wait 1703002400
    Thread context set TID: 1964 PID: 368 success or wait 1703003411
    Section opened Access: map read Baseaddress: not known Size: not known Mapped to pid: own pid Path: \NLS\NlsSectionSortkey00000419 object name not found 1703029942
    Key opened Path: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\agp Access: query value and enumerate sub key and notify and read or execute and write and read control success or wait 1703030142
    Key opened Path: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\WinSock2\Parameters Access: maximum allowed success or wait 1703032225
    Key value queried Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters Name: WinSock_Registry_Version success or wait 1703032546
    Key value queried Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters Name: WinSock_Registry_Version success or wait 1703033195
    Key opened Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9 Access: maximum allowed success or wait 1703034367
    Key value queried Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9 Name: Serial_Access_Num success or wait 1703034587
    Key value queried Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9 Name: Serial_Access_Num success or wait 1703035457
    Key opened Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\00000006 Access: maximum allowed object name not found 1703036364
    Key value queried Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9 Name: Next_Catalog_Entry_ID success or wait 1703036534
    Key value queried Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9 Name: Num_Catalog_Entries success or wait 1703037177
    Key opened Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries Access: maximum allowed success or wait 1703037843
    Key opened Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001 Access: query value and enumerate sub key and notify and read or execute and write and read control success or wait 1703038098
    Key value queried Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001 Name: PackedCatalogItem buffer overflow 1703039239
    Key value queried Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001 Name: PackedCatalogItem buffer overflow 1703039888
    Key value queried Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001 Name: PackedCatalogItem success or wait 1703040529
    Key opened Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002 Access: query value and enumerate sub key and notify and read or execute and write and read control success or wait 1703055087
    Key value queried Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002 Name: PackedCatalogItem buffer overflow 1703055334
    Key value queried Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002 Name: PackedCatalogItem buffer overflow 1703055980
    Key value queried Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002 Name: PackedCatalogItem success or wait 1703056925
    Key opened Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003 Access: query value and enumerate sub key and notify and read or execute and write and read control success or wait 1703070386
    Key value queried Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003 Name: PackedCatalogItem buffer overflow 1703070611
    Key value queried Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003 Name: PackedCatalogItem buffer overflow 1703071256
    Key value queried Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003 Name: PackedCatalogItem success or wait 1703071897
    Key opened Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004 Access: query value and enumerate sub key and notify and read or execute and write and read control success or wait 1703086127
    Key value queried Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004 Name: PackedCatalogItem buffer overflow 1703086349
    Key value queried Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004 Name: PackedCatalogItem buffer overflow 1703086991
    Key value queried Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004 Name: PackedCatalogItem success or wait 1703087634
    Key opened Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005 Access: query value and enumerate sub key and notify and read or execute and write and read control success or wait 1703101890
    Key value queried Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005 Name: PackedCatalogItem buffer overflow 1703102108
    Key value queried Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005 Name: PackedCatalogItem buffer overflow 1703103270
    Key value queried Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005 Name: PackedCatalogItem success or wait 1703103912
    Key opened Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006 Access: query value and enumerate sub key and notify and read or execute and write and read control success or wait 1703118145
    Key value queried Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006 Name: PackedCatalogItem buffer overflow 1703118365
    Key value queried Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006 Name: PackedCatalogItem buffer overflow 1703119032
    Key value queried Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006 Name: PackedCatalogItem success or wait 1703119957
    Key opened Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007 Access: query value and enumerate sub key and notify and read or execute and write and read control success or wait 1703134257
    Key value queried Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007 Name: PackedCatalogItem buffer overflow 1703134478
    Key value queried Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007 Name: PackedCatalogItem buffer overflow 1703135158
    Key value queried Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007 Name: PackedCatalogItem success or wait 1703135796
    Key opened Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008 Access: query value and enumerate sub key and notify and read or execute and write and read control success or wait 1703151701
    Key value queried Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008 Name: PackedCatalogItem buffer overflow 1703151927
    Key value queried Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008 Name: PackedCatalogItem buffer overflow 1703152569
    Key value queried Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008 Name: PackedCatalogItem success or wait 1703153209
    Key opened Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009 Access: query value and enumerate sub key and notify and read or execute and write and read control success or wait 1703167779
    Key value queried Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009 Name: PackedCatalogItem buffer overflow 1703167999
    Key value queried Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009 Name: PackedCatalogItem buffer overflow 1703168680
    Key value queried Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009 Name: PackedCatalogItem success or wait 1703169319
    Key opened Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010 Access: query value and enumerate sub key and notify and read or execute and write and read control success or wait 1703182650
    Key value queried Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010 Name: PackedCatalogItem buffer overflow 1703182872
    Key value queried Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010 Name: PackedCatalogItem buffer overflow 1703183517
    Key value queried Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010 Name: PackedCatalogItem success or wait 1703184448
    Key opened Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011 Access: query value and enumerate sub key and notify and read or execute and write and read control success or wait 1703198701
    Key value queried Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011 Name: PackedCatalogItem buffer overflow 1703199685
    Key value queried Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011 Name: PackedCatalogItem buffer overflow 1703200335
    Key value queried Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011 Name: PackedCatalogItem success or wait 1703200979
    Key opened Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012 Access: query value and enumerate sub key and notify and read or execute and write and read control success or wait 1703215668
    Key value queried Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012 Name: PackedCatalogItem buffer overflow 1703215892
    Key value queried Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012 Name: PackedCatalogItem buffer overflow 1703216536
    Key value queried Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012 Name: PackedCatalogItem success or wait 1703217206
    Key opened Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000013 Access: query value and enumerate sub key and notify and read or execute and write and read control success or wait 1703231396
    Key value queried Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000013 Name: PackedCatalogItem buffer overflow 1703231645
    Key value queried Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000013 Name: PackedCatalogItem buffer overflow 1703232294
    Key value queried Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000013 Name: PackedCatalogItem success or wait 1703232934
    Key opened Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5 Access: maximum allowed success or wait 1703246873
    Key value queried Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5 Name: Serial_Access_Num success or wait 1703247089
    Key value queried Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5 Name: Serial_Access_Num success or wait 1703247933
    Key opened Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\00000004 Access: maximum allowed object name not found 1703248656
    Key value queried Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5 Name: Num_Catalog_Entries success or wait 1703248825
    Key opened Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries Access: maximum allowed success or wait 1703249494
    Key opened Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001 Access: query value and enumerate sub key and notify and read or execute and write and read control success or wait 1703249746
    Key value queried Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001 Name: LibraryPath success or wait 1703249968
    Key value queried Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001 Name: LibraryPath success or wait 1703250611
    Key value queried Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001 Name: DisplayString success or wait 1703251253
    Key value queried Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001 Name: DisplayString success or wait 1703251924
    Key value queried Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001 Name: DisplayString success or wait 1703252571
    Key value queried Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001 Name: DisplayString success or wait 1703253212
    Key value queried Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001 Name: ProviderId success or wait 1703253855
    Key value queried Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001 Name: AddressFamily object name not found 1703254499
    Key value queried Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001 Name: SupportedNameSpace success or wait 1703255141
    Key value queried Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001 Name: Enabled success or wait 1703255818
    Key value queried Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001 Name: Version success or wait 1703256460
    Key value queried Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001 Name: StoresServiceClassInfo success or wait 1703257105
    Key opened Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002 Access: query value and enumerate sub key and notify and read or execute and write and read control success or wait 1703257882
    Key value queried Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002 Name: LibraryPath success or wait 1703258103
    Key value queried Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002 Name: LibraryPath success or wait 1703258748
    Key value queried Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002 Name: DisplayString success or wait 1703259429
    Key value queried Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002 Name: DisplayString success or wait 1703260070
    Key value queried Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002 Name: DisplayString success or wait 1703260712
    Key value queried Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002 Name: DisplayString success or wait 1703261355
    Key value queried Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002 Name: ProviderId success or wait 1703261995
    Key value queried Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002 Name: AddressFamily object name not found 1703262949
    Key value queried Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002 Name: SupportedNameSpace success or wait 1703263593
    Key value queried Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002 Name: Enabled success or wait 1703264237
    Key value queried Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002 Name: Version success or wait 1703264877
    Key value queried Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002 Name: StoresServiceClassInfo success or wait 1703265523
    Key opened Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003 Access: query value and enumerate sub key and notify and read or execute and write and read control success or wait 1703266647
    Key value queried Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003 Name: LibraryPath success or wait 1703266871
    Key value queried Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003 Name: LibraryPath success or wait 1703267516
    Key value queried Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003 Name: DisplayString success or wait 1703268159
    Key value queried Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003 Name: DisplayString success or wait 1703268799
    Key value queried Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003 Name: DisplayString success or wait 1703269440
    Key value queried Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003 Name: DisplayString success or wait 1703270115
    Key value queried Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003 Name: ProviderId success or wait 1703270761
    Key value queried Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003 Name: AddressFamily object name not found 1703271404
    Key value queried Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003 Name: SupportedNameSpace success or wait 1703272047
    Key value queried Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003 Name: Enabled success or wait 1703272688
    Key value queried Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003 Name: Version success or wait 1703273329
    Key value queried Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003 Name: StoresServiceClassInfo success or wait 1703274001
    System info queried Type: BasicInformation success or wait 1703275020
    System info queried Type: ProcessorInformation success or wait 1703275204
    Key opened Path: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Winsock2\Parameters Access: query value and read or execute success or wait 1703275415
    Key value queried Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters Name: Ws2_32NumHandleBuckets object name not found 1703275637
    Windows hook set Window Name: no string Class Name: no string success 1703279930
    Mutant created Name: \BaseNamedObjects\CTF.TimListCache.FMPDefaultS-1-5-21-220523388-1935655697-1343024091-1003MUTEX.DefaultS-1-5-21-220523388-1935655697-1343024091-1003 object name exists 1703280386
    Section opened Access: query and map write and map read and map execute and extend size Baseaddress: 00910000 Size: 40000 Mapped to pid: own pid Path: \BaseNamedObjects\CTF.TimListCache.FMPDefaultS-1-5-21-220523388-1935655697-1343024091-1003SFM.DefaultS-1-5-21-220523388-1935655697-1343024091-1003 success or wait 1703280749
    Windows hook set Module: C:\WINDOWS\system32\MSCTF.dll TID: 1476 Hook ID: keyboard success 1703282987
    Windows hook set Module: C:\WINDOWS\system32\MSCTF.dll TID: 1476 Hook ID: mouse success 1703283188
    Key opened Path: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\IMM Access: maximum allowed success or wait 1703283962
    Key value queried Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IMM Name: Ime File success or wait 1703284247
    Section opened Access: map write and map read and map execute Baseaddress: 77C00000 Size: 8000 Mapped to pid: own pid Path: \KnownDlls\version.dll success or wait 1703285150
    Key opened Path: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\version.dll Access: generic read object name not found 1703288618
    Section created Access: map write and map read and map execute Protection: execute Attributes: commit Path: C:\WINDOWS\system32\msctfime.ime Type: commit Baseaddress: 00950000 Entrypoint: F7841000 Mapped to pid: own pid Size: 2B400 success or wait 1703290002
    File opened Path: C:\WINDOWS\system32\msctfime.ime Access: read attributes and synchronize and generic read Disposition: open Options: synchronous io non alert and non directory file Attributes: none success or wait 1703292252
    Section created Access: query and map read Protection: readonly Attributes: commit Path: C:\WINDOWS\system32\msctfime.ime Type: commit Baseaddress: 00950000 Entrypoint: F7841000 Mapped to pid: own pid Size: 2B400 success or wait 1703292609
    Section created Access: map write and map read and map execute Protection: execute Attributes: commit Path: C:\WINDOWS\system32\msctfime.ime Type: commit Baseaddress: 00950000 Entrypoint: F7841000 Mapped to pid: own pid Size: 2B400 success or wait 1703296088
    File opened Path: C:\WINDOWS\system32\msctfime.ime Access: read attributes and synchronize and generic read Disposition: open Options: synchronous io non alert and non directory file Attributes: none success or wait 1703297901
    Section created Access: query and map read Protection: readonly Attributes: commit Path: C:\WINDOWS\system32\msctfime.ime Type: commit Baseaddress: 00950000 Entrypoint: F7841000 Mapped to pid: own pid Size: 2B400 success or wait 1703298288
    Section opened Access: map write Baseaddress: 00950000 Size: E000 Mapped to pid: own pid Path: \BaseNamedObjects\ShimSharedMemory success or wait 1703301530
    Key opened Path: HKEY_USERS\S-1-5-18\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers Access: query value and enumerate sub key and notify and read or execute and write and read control object name not found 1703303150
    Section created Access: map write and map read and map execute Protection: execute Attributes: commit Path: C:\WINDOWS\system32\msctfime.ime Type: commit Baseaddress: 00960000 Entrypoint: F7841000 Mapped to pid: own pid Size: 2B400 success or wait 1703304396
    Section created Access: query and map write and map read and map execute Protection: execute Attributes: image Path: C:\WINDOWS\system32\msctfime.ime Type: image Baseaddress: 755C0000 Entrypoint: 755D9FE1 Mapped to pid: own pid Size: 2E000 success or wait 1703306278
    Key opened Path: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msctfime.ime Access: generic read object name not found 1703312780
    Section created Access: map write and map read and map execute Protection: execute Attributes: commit Path: C:\WINDOWS\system32\ole32.dll Type: commit Baseaddress: 00960000 Entrypoint: F7841000 Mapped to pid: own pid Size: 13A400 success or wait 1703314643
    Section created Access: query and map write and map read and map execute Protection: execute Attributes: image Path: C:\WINDOWS\system32\ole32.dll Type: image Baseaddress: 774E0000 Entrypoint: 774FD0B9 Mapped to pid: own pid Size: 13D000 success or wait 1703317601
    Key opened Path: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ole32.dll Access: generic read object name not found 1703325546
    System info queried Type: BasicInformation success or wait 1703331027
    System info queried Type: ProcessorInformation success or wait 1703331290
    Key opened Path: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager Access: query value and enumerate sub key and notify and read or execute and write and read control success or wait 1703331701
    Key value queried Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager Name: CriticalSectionTimeout success or wait 1703332011
    Key opened Path: HKEY_LOCAL_MACHINE\Software\Microsoft\Ole Access: query value and enumerate sub key and notify and read or execute and write and read control success or wait 1703332932
    Key value queried Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole Name: RWLockResourceTimeOut object name not found 1703333262
    System info queried Type: BasicInformation success or wait 1703334187
    System info queried Type: ProcessorInformation success or wait 1703334447
    System info queried Type: BasicInformation success or wait 1703334655
    System info queried Type: ProcessorInformation success or wait 1703334910
    Key opened Path: HKEY_LOCAL_MACHINE\Software\Classes\Interface Access: query value and enumerate sub key and notify and read or execute and write and read control success or wait 1703335199
    Key value queried Path: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface Name: InterfaceHelperDisableAll object name not found 1703335503
    Key value queried Path: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface Name: InterfaceHelperDisableAllForOle32 object name not found 1703335744
    Key value queried Path: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface Name: InterfaceHelperDisableTypeLib object name not found 1703335981
    Key opened Path: HKEY_LOCAL_MACHINE\Software\Classes\Interface\{00020400-0000-0000-C000-000000000046} Access: query value and enumerate sub key and notify and read or execute and write and read control success or wait 1703336438
    Key value queried Path: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00020400-0000-0000-C000-000000000046} Name: InterfaceHelperDisableAll object name not found 1703336750
    Key value queried Path: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00020400-0000-0000-C000-000000000046} Name: InterfaceHelperDisableAllForOle32 object name not found 1703336989
    Key opened Path: HKEY_USERS\S-1-5-21-220523388-1935655697-1343024091-1003\SOFTWARE\Microsoft\CTF Access: maximum allowed success or wait 1703338715
    Key value queried Path: HKEY_USERS\S-1-5-21-220523388-1935655697-1343024091-1003\Software\Microsoft\CTF Name: Disable Thread Input Manager object name not found 1703338962
    Key opened Path: HKEY_USERS\S-1-5-18\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers Access: query value and enumerate sub key and notify and read or execute and write and read control object name not found 1703341817
    Windows hook set Window Name: 6.0.2600.5512!Static Class Name: no string success 1703344056
    Section opened Access: map write and map read and map execute Baseaddress: not known Size: not known Mapped to pid: own pid Path: \KnownDlls\UxTheme.dll object name not found 1703344394
    Section created Access: query and map write and map read and map execute Protection: execute Attributes: image Path: C:\WINDOWS\system32\uxtheme.dll Type: image Baseaddress: 5AD70000 Entrypoint: 5AD71626 Mapped to pid: own pid Size: 38000 success or wait 1703345756
    Key opened Path: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UxTheme.dll Access: generic read object name not found 1703351678
    Key opened Path: HKEY_USERS\S-1-5-18 Access: query value and set value and create sub key and enumerate sub key and notify and read or execute and write and read control success or wait 1703353140
    Key opened Path: HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\ThemeManager Access: query value and read or execute success or wait 1703353448
    Key value queried Path: HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\ThemeManager Name: Compositing object name not found 1703354198
    Key opened Path: HKEY_USERS\S-1-5-18 Access: query value and enumerate sub key and notify and read or execute and write and read control success or wait 1703356405
    Key opened Path: HKEY_USERS\.DEFAULT\Control Panel\Desktop Access: query value and read or execute success or wait 1703356708
    Key value queried Path: HKEY_USERS\.DEFAULT\Control Panel\Desktop Name: LameButtonText object name not found 1703357022
    Windows hook set Window Name: 6.0.2600.5512!msctls_progress32 Class Name: msctls_progress32 success 1703358639
    Windows hook set Window Name: 6.0.2600.5512!Static Class Name: no string success 1703360590
    Section created Access: map write and map read and map execute Protection: execute Attributes: commit Path: C:\WINDOWS\system32\mswsock.dll Type: commit Baseaddress: 00960000 Entrypoint: F7841A00 Mapped to pid: own pid Size: 3BE00 success or wait 1703366606
    Section created Access: query and map write and map read and map execute Protection: execute Attributes: image Path: C:\WINDOWS\system32\mswsock.dll Type: image Baseaddress: 71A50000 Entrypoint: 71A514CD Mapped to pid: own pid Size: 3F000 success or wait 1703368978
    Key opened Path: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mswsock.dll Access: generic read object name not found 1703377101
    System info queried Type: BasicInformation success or wait 1703377403
    System info queried Type: ProcessorInformation success or wait 1703377692
    Section opened Access: map write and map read and map execute Baseaddress: not known Size: not known Mapped to pid: own pid Path: \KnownDlls\DNSAPI.dll object name not found 1703378454
    Section created Access: query and map write and map read and map execute Protection: execute Attributes: image Path: C:\WINDOWS\system32\dnsapi.dll Type: image Baseaddress: 76F20000 Entrypoint: 76F2AC82 Mapped to pid: own pid Size: 27000 success or wait 1703379857
    Key opened Path: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DNSAPI.dll Access: generic read object name not found 1703387388
    Key created Path: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters Access: query value and enumerate sub key and notify and read or execute and write and read control Options: non volatile success or wait 1703388161
    Key opened Path: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DnsCache\Parameters Access: query value and enumerate sub key and notify and read or execute and write and read control success or wait 1703388510
    Key opened Path: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\DnsClient Access: query value and enumerate sub key and notify and read or execute and write and read control object name not found 1703388910
    Key value queried Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters Name: QueryAdapterName object name not found 1703389156
    Key value queried Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters Name: DisableAdapterDomainName object name not found 1703392471
    Key value queried Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters Name: UseDomainNameDevolution object name not found 1703393408
    Key value queried Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters Name: UseDomainNameDevolution success or wait 1703394171
    Key value queried Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters Name: PrioritizeRecordData object name not found 1703394883
    Key value queried Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters Name: PrioritizeRecordData object name not found 1703395598
    Key value queried Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters Name: AllowUnqualifiedQuery object name not found 1703396307
    Key value queried Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters Name: AllowUnqualifiedQuery object name not found 1703397010
    Key value queried Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters Name: AppendToMultiLabelName object name not found 1703397765
    Key value queried Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters Name: ScreenBadTlds object name not found 1703398471
    Key value queried Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters Name: ScreenUnreachableServers object name not found 1703399177
    Key value queried Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters Name: FilterClusterIp object name not found 1703399882
    Key value queried Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters Name: WaitForNameErrorOnAll object name not found 1703400590
    Key value queried Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters Name: UseEdns object name not found 1703401326
    Key value queried Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters Name: QueryIpMatching object name not found 1703402031
    Key value queried Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters Name: UseHostsFile object name not found 1703402736
    Key value queried Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters Name: RegistrationEnabled object name not found 1703403439
    Key value queried Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters Name: DisableDynamicUpdate object name not found 1703404145
    Key value queried Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters Name: RegisterPrimaryName object name not found 1703404889
    Key value queried Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters Name: RegisterAdapterName object name not found 1703405596
    Key value queried Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters Name: EnableAdapterDomainNameRegistration object name not found 1703406307
    Key value queried Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters Name: RegisterReverseLookup object name not found 1703407016
    Key value queried Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters Name: DisableReverseAddressRegistrations object name not found 1703407723
    Key value queried Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters Name: RegisterWanAdapters object name not found 1703408467
    Key value queried Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters Name: DisableWanDynamicUpdate object name not found 1703409175
    Key value queried Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters Name: RegistrationTtl object name not found 1703409883
    Key value queried Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters Name: DefaultRegistrationTTL object name not found 1703410590
    Key value queried Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters Name: RegistrationRefreshInterval object name not found 1703411297
    Key value queried Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters Name: DefaultRegistrationRefreshInterval object name not found 1703412041
    Key value queried Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters Name: RegistrationMaxAddressCount object name not found 1703412750
    Key value queried Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters Name: MaxNumberOfAddressesToRegister object name not found 1703413460
    Key value queried Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters Name: UpdateSecurityLevel object name not found 1703414167
    Key value queried Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters Name: UpdateSecurityLevel object name not found 1703414874
    Key value queried Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters Name: UpdateZoneExcludeFile object name not found 1703415621
    Key value queried Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters Name: UpdateTopLevelDomainZones object name not found 1703416328
    Key value queried Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters Name: DnsTest object name not found 1703417059
    Key value queried Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters Name: MaxCacheSize object name not found 1703417883
    Key value queried Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters Name: MaxCacheTtl object name not found 1703418632
    Key value queried Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters Name: MaxNegativeCacheTtl object name not found 1703419342
    Key value queried Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters Name: AdapterTimeoutLimit object name not found 1703420049
    Key value queried Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters Name: ServerPriorityTimeLimit object name not found 1703420755
    Key value queried Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters Name: MaxCachedSockets object name not found 1703421464
    Key value queried Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters Name: MulticastListenLevel object name not found 1703422198
    Key value queried Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters Name: MulticastSendLevel object name not found 1703422903
    Key opened Path: HKEY_LOCAL_MACHINE\System\Setup Access: query value and read or execute success or wait 1703423643
    Key value queried Path: HKEY_LOCAL_MACHINE\SYSTEM\Setup Name: SystemSetupInProgress success or wait 1703423920
    Key opened Path: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters Access: query value and read or execute success or wait 1703425142
    Key value queried Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters Name: DnsQueryTimeouts object name not found 1703426104
    Key value queried Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters Name: DnsQuickQueryTimeouts object name not found 1703426819
    Key value queried Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters Name: DnsMulticastQueryTimeouts object name not found 1703427530
    System info queried Type: BasicInformation success or wait 1703429141
    Key opened Path: HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\PagedBuffers Access: query value and enumerate sub key and notify and read or execute and write and read control object name not found 1703429563
    Key opened Path: HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc Access: query value and enumerate sub key and notify and read or execute and write and read control success or wait 1703429847
    Key value queried Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc Name: MaxRpcSize object name not found 1703430159
    Key opened Path: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install_Digital-Access_v.9251.exe\RpcThreadPoolThrottle Access: query value and enumerate sub key and notify and read or execute and write and read control object name not found 1703431105
    System time queried Time: 129134103397228480 success or wait 1703432224
    Key opened Path: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Rpc Access: query value and enumerate sub key and notify and read or execute and write and read control object name not found 1703432873
    System info queried Type: PerformanceInformation success or wait 1703433133
    Key created Path: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters Access: query value and enumerate sub key and notify and read or execute and write and read control Options: non volatile success or wait 1703467782
    Key opened Path: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DnsCache\Parameters Access: query value and enumerate sub key and notify and read or execute and write and read control success or wait 1703468204
    Key opened Path: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\DnsClient Access: query value and enumerate sub key and notify and read or execute and write and read control object name not found 1703468577
    Key value queried Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters Name: Hostname success or wait 1703468815
    Key value queried Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters Name: Hostname success or wait 1703469525
    Key created Path: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters Access: query value and enumerate sub key and notify and read or execute and write and read control Options: non volatile success or wait 1703473819
    Key opened Path: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DnsCache\Parameters Access: query value and enumerate sub key and notify and read or execute and write and read control success or wait 1703474162
    Key opened Path: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\DnsClient Access: query value and enumerate sub key and notify and read or execute and write and read control object name not found 1703474486
    Key opened Path: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\System\DNSClient Access: query value and read or execute object name not found 1703474763
    Key value queried Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters Name: Domain success or wait 1703475001
    Key value queried Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters Name: Domain success or wait 1703475750
    Key opened Path: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters Access: query value and read or execute success or wait 1703476854
    Key value queried Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters Name: DnsNbtLookupOrder object name not found 1703477127
    Section created Access: map write and map read and map execute Protection: execute Attributes: commit Path: C:\WINDOWS\system32\winrnr.dll Type: commit Baseaddress: 00960000 Entrypoint: F7841A00 Mapped to pid: own pid Size: 4200 success or wait 1703478847
    Section created Access: query and map write and map read and map execute Protection: execute Attributes: image Path: C:\WINDOWS\system32\winrnr.dll Type: image Baseaddress: 76FB0000 Entrypoint: 76FB115D Mapped to pid: own pid Size: 8000 success or wait 1703481588
    Section opened Access: map write and map read and map execute Baseaddress: 76F60000 Size: 2C000 Mapped to pid: own pid Path: \KnownDlls\WLDAP32.dll success or wait 1703485747
    Key opened Path: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WLDAP32.dll Access: generic read object name not found 1703490060
    Key opened Path: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LDAP Access: query value and enumerate sub key and notify and read or execute and write and read control success or wait 1703490649
    Key value queried Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ldap Name: LdapClientIntegrity success or wait 1703490976
    Key opened Path: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winrnr.dll Access: generic read object name not found 1703491951
    Performance counter queried Count: 1703492405 Frequency: 3579545 success or wait 1703492383
    System info queried Type: BasicInformation success or wait 1703493099
    Key opened Path: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Linkage Access: query value and enumerate sub key and notify and read or execute and write and read control success or wait 1703745038
    Key value queried Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NetBT\Linkage Name: Export buffer overflow 1703745852
    Key value queried Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NetBT\Linkage Name: Export buffer overflow 1703746583
    Key value queried Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NetBT\Linkage Name: Export success or wait 1703747261
    File overwritten Path: \Device\NetBT_Tcpip_{47A92F1D-762B-4D26-B738-80E5927050D1} Access: synchronize and generic execute Disposition: open if exists Options: no options Attributes: none success or wait 1703752816
    File overwritten Path: \Device\NetBT_Tcpip_{18A9CD70-4305-4C71-B17A-9770CD1408D4} Access: synchronize and generic execute Disposition: open if exists Options: no options Attributes: none success or wait 1703753362
    File overwritten Path: \Device\NetBT_Tcpip_{71174492-2DC9-4A53-90A5-5A404C91D131} Access: synchronize and generic execute Disposition: open if exists Options: no options Attributes: none object name not found 1703753789
    File overwritten Path: \Device\NetBT_Tcpip_{841AE918-5873-43F0-B832-8DB0F994E31E} Access: synchronize and generic execute Disposition: open if exists Options: no options Attributes: none object name not found 1703754215
    Key opened Path: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\WinSock2\Parameters Access: maximum allowed success or wait 1711816055
    Key value queried Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters Name: WinSock_Registry_Version success or wait 1711816658
    Key value queried Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters Name: WinSock_Registry_Version success or wait 1711817437
    Key value queried Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters Name: AutodialDLL object name not found 1711818157
    Section opened Access: map write and map read and map execute Baseaddress: not known Size: not known Mapped to pid: own pid Path: \KnownDlls\rasadhlp.dll object name not found 1711819451
    Section created Access: query and map write and map read and map execute Protection: execute Attributes: image Path: C:\WINDOWS\system32\rasadhlp.dll Type: image Baseaddress: 76FC0000 Entrypoint: 76FC142F Mapped to pid: own pid Size: 6000 success or wait 1711821062
    Key opened Path: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rasadhlp.dll Access: generic read object name not found 1711826856
    Performance counter queried Count: 1711827495 Frequency: 3579545 success or wait 1711827474
    File overwritten Path: \Device\RasAcd Access: read data or list directory and write data or add file Disposition: open if exists Options: no options Attributes: normale success or wait 1711828076
    Windows hook set Window Name: no string Class Name: no string success 1712634729
    Windows hook set Module: C:\WINDOWS\system32\MSCTF.dll TID: 1476 Hook ID: keyboard success 1712634964
    Windows hook set Module: C:\WINDOWS\system32\MSCTF.dll TID: 1476 Hook ID: mouse success 1712635176
    Key opened Path: HKEY_USERS\S-1-5-21-220523388-1935655697-1343024091-1003\SOFTWARE\Microsoft\CTF Access: maximum allowed success or wait 1712635521
    Key value queried Path: HKEY_USERS\S-1-5-21-220523388-1935655697-1343024091-1003\Software\Microsoft\CTF Name: Disable Thread Input Manager object name not found 1712635912
    Windows hook set Window Name: 6.0.2600.5512!Button Class Name: no string success 1712637818
    Windows hook set Window Name: 6.0.2600.5512!Static Class Name: no string success 1712639165
    Windows hook set Window Name: 6.0.2600.5512!Static Class Name: no string success 1712646411
    Windows hook set Window Name: CicDUmmyWndForDefIMEWnd Class Name: CicDUmmyWndForDefIMEWnd success 1712647552
    Key opened Path: HKEY_USERS\S-1-5-21-220523388-1935655697-1343024091-1003\SOFTWARE\Microsoft\CTF Access: maximum allowed success or wait 1712934905
    Key value queried Path: HKEY_USERS\S-1-5-21-220523388-1935655697-1343024091-1003\Software\Microsoft\CTF Name: Disable Thread Input Manager object name not found 1712935465
    Windows hook set Window Name: MSCTFIME UI Class Name: MSCTFIME UI error 1712939063
    Windows found Window Name: no string Class Name: Shell_TrayWnd success 1713220086
    Section opened Access: query and map write and map read and map execute and extend size Baseaddress: 009F0000 Size: 1000 Mapped to pid: own pid Path: \BaseNamedObjects\CTF.AsmListCache.FMPDefaultS-1-5-21-220523388-1935655697-1343024091-1003 success or wait 1713501244
    Windows hook set Window Name: CicMarshalWndClass Class Name: CicMarshalWndClass success 1713505872
    Key opened Path: HKEY_USERS\S-1-5-21-220523388-1935655697-1343024091-1003\Keyboard Layout\Toggle Access: query value and enumerate sub key and notify and read or execute and write and read control success or wait 1713512559
    Key value queried Path: HKEY_USERS\S-1-5-21-220523388-1935655697-1343024091-1003\Keyboard Layout\Toggle Name: Language Hotkey success or wait 1713512891
    Key value queried Path: HKEY_USERS\S-1-5-21-220523388-1935655697-1343024091-1003\Keyboard Layout\Toggle Name: Language Hotkey success or wait 1713513597
    Key value queried Path: HKEY_USERS\S-1-5-21-220523388-1935655697-1343024091-1003\Keyboard Layout\Toggle Name: Layout Hotkey success or wait 1713514274
    Key value queried Path: HKEY_USERS\S-1-5-21-220523388-1935655697-1343024091-1003\Keyboard Layout\Toggle Name: Layout Hotkey success or wait 1713514947
    Key opened Path: HKEY_USERS\S-1-5-21-220523388-1935655697-1343024091-1003\SOFTWARE\Microsoft\CTF\LangBarAddIn\ Access: query value and enumerate sub key and notify and read or execute and write and read control object name not found 1713526106
    Key opened Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\LangBarAddIn\ Access: query value and enumerate sub key and notify and read or execute and write and read control object name not found 1713526376
    Section created Access: query and map write and map read Protection: read write Attributes: commit Path: \BaseNamedObjects\MSCTF.MarshalInterface.FileMap.EMF..GIEDH Type: commit Baseaddress: 009F0000 Entrypoint: 0 Mapped to pid: own pid Size: 1000 success or wait 1713528602
    Section created Access: query and map write and map read Protection: read write Attributes: commit Path: \BaseNamedObjects\MSCTF.MarshalInterface.FileMap.EMF.B.BJEDH Type: commit Baseaddress: 00A00000 Entrypoint: 0 Mapped to pid: own pid Size: 1000 success or wait 1713554251
    Analysis File: smss.exe PID: 368 Parent PID: 1040 Run ID: 0
    Sections
    General
    Start time: 19:25:39
    Start date: 18/03/2010
    Path: C:\WINDOWS\system32\smss.exe
    File size: 50688 bytes
    MD5 hash: 5F816C1F539266D2D4C78694239DA0B5
    File Activities:
    File opened
    File Path Access Options Completion Count
    File created
    File Path Access Attributes Options Completion Count
    File overwritten
    File Path Access Options Completion Count
    File deleted
    File Path Completion Count
    File renamed
    Old File Path New File Path Completion Count
    File written
    File Path Completion Count
    Other file operations
    File Path Disposition Data Completion Count
    Section Activities:
    Section opened
    File Path Access Base Entrypoint Size Mapped to pid Completion Count
    Section created
    File Path Access Attributes Base Entrypoint Size Protection Mapped to pid Completion Count
    Registry Activities:
    Key opened
    Key Path Access Completion Count
    Key created
    Key Path Access Options Completion Count
    Key deleted
    Key Path Completion Count
    Key value deleted
    Key Path Key Value Name Completion Count
    Key value set
    Key Path Name Type Data Completion Count
    Key value replaced with new
    Key Path Name Type Old Data New Data Completion Count
    Key value replaced with same
    Key Path Name Type Data Completion Count
    Key value queried
    Key Path Name Completion Count
    Mutant Activities:
    Mutant opened
    Name Completion Count
    Mutant created
    Name Completion Count
    Mutant released
    Name Completion Count
    Process Activities:
    Process started
    PID Access Flags System Completion Count
    Process opened
    PID Access Filename Cmdline Completion Count
    Process suspended
    PID Filename Cmdline Completion Count
    Process terminated
    PID Filename Cmdline Completion Count
    Thread Activities:
    Thread opened
    TID PID Access Completion Count
    Thread created
    TID PID Process Path Cmdline Access Completion Count
    Thread queued
    TID PID Completion Count
    Thread set
    TID PID Completion Count
    Thread delayed
    TID Delay Completion Count
    Thread terminated
    TID PID Completion Count
    Memory Activities:
    Memory read
    PID Filename Cmdline Base Completion Count
    Memory written
    PID Filename Cmdline Base Completion Count
    Driver Activities:
    Driver loaded
    Service name path Completion Count
    Driver unloaded
    Service name path Completion Count
    System Activities:
    System information set
    System info class Data Completion Count
    System information queried
    System info class Completion Count
    Time Activities:
    Performance counter queried
    Count Frequency Completion Count
    System resolution queried
    Minimum resolution Maximum resolution Current resolution Completion Count
    System time queried
    Time Completion Count
    User Activities:
    Window created
    Window name Class name Completion Count
    Window found
    Window name Class name Completion Count
    Window hook set
    Module Thread id Hook code Completion Count
    Key async got
    Virtual key code Key state Count
    Keyboard state got
    Completion Count
    Key state got
    Virtual key code State Count
    Debug Activities:
    System debug info set
    Debug info class Input data Output data Completion Count
    Exception Activities:
    Exception raised
    Exception code Address Completion Count
    Chronological sections
    Operation Data Completion Time
    Network Data
    All TCP, UDP, ICMP
    Timestamp Source Port Dest Port Source IP Dest IP Protocol
    Mar 18, 2010 19:25:39.747534000 64022 53 192.168.111.6 192.168.111.1 udp
    Mar 18, 2010 19:25:39.821335000 137 137 192.168.111.6 192.168.111.255 udp
    Mar 18, 2010 19:25:40.563605000 137 137 192.168.111.6 192.168.111.255 udp
    Mar 18, 2010 19:25:41.314560000 137 137 192.168.111.6 192.168.111.255 udp
    DNS
    Timestamp Source IP Dest IP Type Data
    Mar 18, 2010 19:25:39.747534000 192.168.111.6 192.168.111.1 Query shellupdate.com: type A, class IN
    HTTP
    Timestamp Source IP Dest IP Data
    Copyright 2010 Joe Security | All rights reserved | This page is optimized for firefox - 1024x786