===================================
REGISTRY & FILE I/O
Moritoring: C:\TcpAdaptorService.exe (EXEC)
==================================
30:55.1,Thread Create,,SUCCESS,Thread ID: 3364
30:55.1,QueryNameInformationFile,C:\TcpAdaptorService.exe,SUCCESS,Name: \TcpAdaptorService.exe
30:55.1,Load Image,C:\TcpAdaptorService.exe,SUCCESS,"Image Base: 0x400000, Image Size: 0x14000"
30:55.1,Load Image,C:\WINDOWS\System32\ntdll.dll,SUCCESS,"Image Base: 0x7c940000, Image Size: 0x9c000"
30:55.1,QueryNameInformationFile,C:\TcpAdaptorService.exe,SUCCESS,Name: \TcpAdaptorService.exe
30:55.1,CreateFile,C:\WINDOWS\Prefetch\TCPADAPTORSERVICE.EXE-14C2CEA3.pf,NAME NOT FOUND,"Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Attributes: n/a, ShareMode: None, AllocationSize: n/a"
30:55.1,RegOpenKey,HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TcpAdaptorService.exe,NAME NOT FOUND,Desired Access: Read
30:55.1,CreateFile,C:\,SUCCESS,"Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
30:55.1,FileSystemControl,C:\,SUCCESS,Control: FSCTL_IS_VOLUME_MOUNTED
30:55.1,CreateFile,C:\TcpAdaptorService.exe.Local,NAME NOT FOUND,"Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
30:55.1,Load Image,C:\WINDOWS\System32\KERNEL32.DLL,SUCCESS,"Image Base: 0x7c800000, Image Size: 0x133000"
30:55.1,RegOpenKey,HKLM\System\CurrentControlSet\Control\Terminal Server,SUCCESS,Desired Access: Read
30:55.1,RegQueryValue,HKLM\System\CurrentControlSet\Control\Terminal Server\TSAppCompat,SUCCESS,"Type: REG_DWORD, Length: 4, Data: 0"
30:55.1,RegCloseKey,HKLM\System\CurrentControlSet\Control\Terminal Server,SUCCESS,
30:55.1,Load Image,C:\WINDOWS\System32\ADVAPI32.DLL,SUCCESS,"Image Base: 0x77d80000, Image Size: 0xa9000"
30:55.1,Load Image,C:\WINDOWS\System32\RPCRT4.DLL,SUCCESS,"Image Base: 0x77e30000, Image Size: 0x92000"
30:55.1,Load Image,C:\WINDOWS\System32\SECUR32.DLL,SUCCESS,"Image Base: 0x77fa0000, Image Size: 0x11000"
30:55.1,CreateFile,C:\PSAPI.DLL,NAME NOT FOUND,"Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
30:55.1,CreateFile,C:\WINDOWS\system32\psapi.dll,SUCCESS,"Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
30:55.1,QueryBasicInformationFile,C:\WINDOWS\system32\psapi.dll,SUCCESS,"CreationTime: 2008/08/20 12:00:00, LastAccessTime: 2013/02/01 0:00:00, LastWriteTime: 2008/08/20 12:00:00, ChangeTime: 1601/01/01 9:00:00, FileAttributes: A"
30:55.1,CloseFile,C:\WINDOWS\system32\psapi.dll,SUCCESS,
30:55.1,CreateFile,C:\WINDOWS\system32\psapi.dll,SUCCESS,"Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
30:55.1,CreateFileMapping,C:\WINDOWS\system32\psapi.dll,SUCCESS,"SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE"
30:55.1,CreateFileMapping,C:\WINDOWS\SYSTEM32\PSAPI.DLL,SUCCESS,SyncType: SyncTypeOther
30:55.1,RegOpenKey,HKLM\System\CurrentControlSet\Control\SafeBoot\Option,NAME NOT FOUND,"Desired Access: Query Value, Set Value"
30:55.1,RegOpenKey,HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers,SUCCESS,Desired Access: Query Value
30:55.1,RegQueryValue,HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\TransparentEnabled,SUCCESS,"Type: REG_DWORD, Length: 4, Data: 1"
30:55.1,RegCloseKey,HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers,SUCCESS,
30:55.1,RegOpenKey,HKCU\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers,NAME NOT FOUND,Desired Access: Query Value
30:55.1,CloseFile,C:\WINDOWS\system32\psapi.dll,SUCCESS,
30:55.1,Load Image,C:\WINDOWS\System32\PSAPI.DLL,SUCCESS,"Image Base: 0x76ba0000, Image Size: 0xb000"
30:55.1,CreateFile,C:\WS2_32.dll,NAME NOT FOUND,"Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
30:55.1,CreateFile,C:\WINDOWS\system32\ws2_32.dll,SUCCESS,"Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
30:55.1,QueryBasicInformationFile,C:\WINDOWS\system32\ws2_32.dll,SUCCESS,"CreationTime: 2008/08/20 12:00:00, LastAccessTime: 2013/02/01 0:00:00, LastWriteTime: 2008/08/20 12:00:00, ChangeTime: 1601/01/01 9:00:00, FileAttributes: A"
30:55.1,CloseFile,C:\WINDOWS\system32\ws2_32.dll,SUCCESS,
30:55.1,CreateFile,C:\WINDOWS\system32\ws2_32.dll,SUCCESS,"Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
30:55.1,CreateFileMapping,C:\WINDOWS\system32\ws2_32.dll,SUCCESS,"SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE"
30:55.1,CreateFileMapping,C:\WINDOWS\SYSTEM32\WS2_32.DLL,SUCCESS,SyncType: SyncTypeOther
30:55.1,CloseFile,C:\WINDOWS\system32\ws2_32.dll,SUCCESS,
30:55.1,Load Image,C:\WINDOWS\System32\WS2_32.DLL,SUCCESS,"Image Base: 0x719e0000, Image Size: 0x17000"
30:55.1,Load Image,C:\WINDOWS\System32\MSVCRT.DLL,SUCCESS,"Image Base: 0x77bc0000, Image Size: 0x58000"
30:55.1,CreateFile,C:\WS2HELP.dll,NAME NOT FOUND,"Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
30:55.1,CreateFile,C:\WINDOWS\system32\ws2help.dll,SUCCESS,"Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
30:55.1,QueryBasicInformationFile,C:\WINDOWS\system32\ws2help.dll,SUCCESS,"CreationTime: 2008/08/20 12:00:00, LastAccessTime: 2013/02/01 0:00:00, LastWriteTime: 2008/08/20 12:00:00, ChangeTime: 1601/01/01 9:00:00, FileAttributes: A"
30:55.1,CloseFile,C:\WINDOWS\system32\ws2help.dll,SUCCESS,
30:55.1,CreateFile,C:\WINDOWS\system32\ws2help.dll,SUCCESS,"Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
30:55.1,CreateFileMapping,C:\WINDOWS\system32\ws2help.dll,SUCCESS,"SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE"
30:55.1,CreateFileMapping,C:\WINDOWS\SYSTEM32\WS2HELP.DLL,SUCCESS,SyncType: SyncTypeOther
30:55.1,CloseFile,C:\WINDOWS\system32\ws2help.dll,SUCCESS,
30:55.1,Load Image,C:\WINDOWS\System32\WS2HELP.DLL,SUCCESS,"Image Base: 0x719d0000, Image Size: 0x8000"
30:55.1,RegOpenKey,HKLM\System\CurrentControlSet\Control\Terminal Server,SUCCESS,Desired Access: Read
30:55.1,RegQueryValue,HKLM\System\CurrentControlSet\Control\Terminal Server\TSAppCompat,SUCCESS,"Type: REG_DWORD, Length: 4, Data: 0"
30:55.1,RegCloseKey,HKLM\System\CurrentControlSet\Control\Terminal Server,SUCCESS,
30:55.1,RegOpenKey,HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Secur32.dll,NAME NOT FOUND,Desired Access: Read
30:55.1,RegOpenKey,HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RPCRT4.dll,NAME NOT FOUND,Desired Access: Read
30:55.1,RegOpenKey,HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ADVAPI32.dll,NAME NOT FOUND,Desired Access: Read
30:55.1,RegOpenKey,HKLM\System\CurrentControlSet\Control\Terminal Server,SUCCESS,Desired Access: Read
30:55.1,RegQueryValue,HKLM\System\CurrentControlSet\Control\Terminal Server\TSAppCompat,SUCCESS,"Type: REG_DWORD, Length: 4, Data: 0"
30:55.1,RegQueryValue,HKLM\System\CurrentControlSet\Control\Terminal Server\TSUserEnabled,SUCCESS,"Type: REG_DWORD, Length: 4, Data: 0"
30:55.1,RegCloseKey,HKLM\System\CurrentControlSet\Control\Terminal Server,SUCCESS,
30:55.1,RegOpenKey,HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon,SUCCESS,Desired Access: Read
30:55.1,RegQueryValue,HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\LeakTrack,NAME NOT FOUND,Length: 144
30:55.1,RegCloseKey,HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon,SUCCESS,
30:55.1,RegOpenKey,HKLM,SUCCESS,Desired Access: Maximum Allowed
30:55.1,RegOpenKey,HKLM\Software\Microsoft\Windows NT\CurrentVersion\Diagnostics,NAME NOT FOUND,Desired Access: Read
30:55.1,RegOpenKey,HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PSAPI.DLL,NAME NOT FOUND,Desired Access: Read
30:55.1,RegOpenKey,HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msvcrt.dll,NAME NOT FOUND,Desired Access: Read
30:55.1,RegOpenKey,HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WS2HELP.dll,NAME NOT FOUND,Desired Access: Read
30:55.1,RegOpenKey,HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WS2_32.dll,NAME NOT FOUND,Desired Access: Read
30:55.1,RegOpenKey,HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ntdll.dll,NAME NOT FOUND,Desired Access: Read
30:55.1,RegOpenKey,HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kernel32.dll,NAME NOT FOUND,Desired Access: Read
30:55.1,RegOpenKey,HKLM\System\CurrentControlSet\Control\ServiceCurrent,SUCCESS,Desired Access: Query Value
30:55.1,RegQueryValue,HKLM\System\CurrentControlSet\Control\ServiceCurrent\(Default),SUCCESS,"Type: REG_DWORD, Length: 4, Data: 14"
30:55.1,RegCloseKey,HKLM\System\CurrentControlSet\Control\ServiceCurrent,SUCCESS,
31:10.1,RegOpenKey,HKLM\Software\Microsoft\Rpc\PagedBuffers,NAME NOT FOUND,Desired Access: Read
31:10.1,RegOpenKey,HKLM\Software\Microsoft\Rpc,SUCCESS,Desired Access: Read
31:10.1,RegQueryValue,HKLM\SOFTWARE\Microsoft\Rpc\MaxRpcSize,NAME NOT FOUND,Length: 144
31:10.1,RegCloseKey,HKLM\SOFTWARE\Microsoft\Rpc,SUCCESS,
31:10.1,RegOpenKey,HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TcpAdaptorService.exe\RpcThreadPoolThrottle,NAME NOT FOUND,Desired Access: Read
31:10.1,RegOpenKey,HKLM\Software\Policies\Microsoft\Windows NT\Rpc,NAME NOT FOUND,Desired Access: Read
31:10.1,RegOpenKey,HKLM\System\CurrentControlSet\Control\Session Manager,SUCCESS,Desired Access: Query Value
31:10.1,RegQueryValue,HKLM\System\CurrentControlSet\Control\Session Manager\SafeDllSearchMode,NAME NOT FOUND,Length: 16
31:10.1,RegCloseKey,HKLM\System\CurrentControlSet\Control\Session Manager,SUCCESS,
31:10.1,RegSetValue,HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed,SUCCESS,"Type: REG_BINARY, Length: 80, Data: 0D 11 81 18 98 14 E6 59 8D E7 21 3B EF F3 C6 79"
31:10.3,SetEndOfFileInformationFile,C:\WINDOWS\system32\config\software.LOG,SUCCESS,"EndOfFile: 8,192"
31:10.3,SetEndOfFileInformationFile,C:\WINDOWS\system32\config\software.LOG,SUCCESS,"EndOfFile: 8,192"
31:10.3,Thread Exit,,SUCCESS,"Thread ID: 3364, User Time: 0.0000000, Kernel Time: 0.0000000"
31:10.3,Process Exit,,SUCCESS,"Exit Status: 0, User Time: 0.0156250 seconds, Kernel Time: 0.0000000 seconds, Private Bytes: 278,528, Peak Private Bytes: 282,624, Working Set: 1,175,552, Peak Working Set: 1,179,648"
31:10.3,CloseFile,C:\,SUCCESS,