API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jul 3rd, 2022
135
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 58.25 KB | None | 0 0
raw download clone embed print report
  1. Time of Day,"Process Name","PID","Operation","Path","Result","Detail"
  2. 9:28:25,6880077,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\Session Manager\RaiseExceptionOnPossibleDeadlock","NAME NOT FOUND","Length: 80"
  3. 9:28:25,6881378,"PsExec.exe","8044","RegOpenKey","HKLM\System\CurrentControlSet\Control\Session Manager\Segment Heap","NAME NOT FOUND","Desired Access: Query Value"
  4. 9:28:25,6882959,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\Session Manager\ResourcePolicies","NAME NOT FOUND","Length: 24"
  5. 9:28:25,6900255,"PsExec.exe","8044","CreateFile","C:\Windows\System32\wow64log.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
  6. 9:28:25,6906912,"PsExec.exe","8044","RegQueryValue","HKLM\SOFTWARE\Microsoft\Wow64\x86\PsExec.exe","NAME NOT FOUND","Length: 520"
  7. 9:28:25,6917203,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\Session Manager\RaiseExceptionOnPossibleDeadlock","NAME NOT FOUND","Length: 80"
  8. 9:28:25,6918532,"PsExec.exe","8044","RegOpenKey","HKLM\System\CurrentControlSet\Control\Session Manager\Segment Heap","NAME NOT FOUND","Desired Access: Query Value"
  9. 9:28:25,6920339,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\Session Manager\ResourcePolicies","NAME NOT FOUND","Length: 24"
  10. 9:28:25,6949908,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\3c74afb9-8d82-44e3-b52c-365dbf48382a","NAME NOT FOUND","Length: 528"
  11. 9:28:25,6952104,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\05f95efe-7f75-49c7-a994-60a55cc09571","NAME NOT FOUND","Length: 528"
  12. 9:28:25,6956716,"PsExec.exe","8044","RegOpenKey","HKLM\System\CurrentControlSet\Control\SafeBoot\Option","NAME NOT FOUND","Desired Access: Query Value, Set Value"
  13. 9:28:25,6958054,"PsExec.exe","8044","RegOpenKey","HKLM\System\CurrentControlSet\Control\Srp\GP\DLL","NAME NOT FOUND","Desired Access: Read"
  14. 9:28:25,6960301,"PsExec.exe","8044","RegQueryValue","HKLM\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\TransparentEnabled","NAME NOT FOUND","Length: 80"
  15. 9:28:25,6961132,"PsExec.exe","8044","RegOpenKey","HKCU\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers","NAME NOT FOUND","Desired Access: Query Value"
  16. 9:28:25,6965029,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\FileSystem\LPGO","NAME NOT FOUND","Length: 20"
  17. 9:28:25,6975419,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\Session Manager\SafeDllSearchMode","NAME NOT FOUND","Length: 16"
  18. 9:28:25,6981142,"PsExec.exe","8044","CreateFile","C:\Windows\NETAPI32.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
  19. 9:28:25,6981234,"PsExec.exe","8044","CreateFile","C:\Windows\VERSION.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
  20. 9:28:25,6992139,"PsExec.exe","8044","CreateFileMapping","C:\Windows\SysWOW64\netapi32.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READWRITE|PAGE_NOCACHE"
  21. 9:28:25,6992297,"PsExec.exe","8044","CreateFileMapping","C:\Windows\SysWOW64\version.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READWRITE|PAGE_NOCACHE"
  22. 9:28:25,6993805,"PsExec.exe","8044","CreateFile","C:\Windows\MPR.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
  23. 9:28:25,6993848,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20"
  24. 9:28:25,6994521,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20"
  25. 9:28:25,6995712,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80"
  26. 9:28:25,6996815,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80"
  27. 9:28:25,7002738,"PsExec.exe","8044","CreateFileMapping","C:\Windows\SysWOW64\mpr.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READWRITE|PAGE_NOCACHE"
  28. 9:28:25,7004776,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20"
  29. 9:28:25,7006736,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80"
  30. 9:28:25,7007884,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\Session Manager\ResourcePolicies","NAME NOT FOUND","Length: 24"
  31. 9:28:25,7042731,"PsExec.exe","8044","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots","NAME NOT FOUND","Desired Access: Enumerate Sub Keys"
  32. 9:28:25,7047450,"PsExec.exe","8044","CreateFile","C:\Windows\PsExec.exe.Local","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
  33. 9:28:25,7059551,"PsExec.exe","8044","CreateFileMapping","C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.488_none_89e6152f0b32762e\comctl32.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READWRITE|PAGE_NOCACHE"
  34. 9:28:25,7061871,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20"
  35. 9:28:25,7063635,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80"
  36. 9:28:25,7069830,"PsExec.exe","8044","CreateFile","C:\Windows\NETUTILS.DLL","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
  37. 9:28:25,7079678,"PsExec.exe","8044","CreateFileMapping","C:\Windows\SysWOW64\netutils.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READWRITE|PAGE_NOCACHE"
  38. 9:28:25,7081540,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20"
  39. 9:28:25,7083240,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80"
  40. 9:28:25,7099687,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\d0f1a5c6-fc43-48ae-99bf-efb1c38be9d1","NAME NOT FOUND","Length: 528"
  41. 9:28:25,7106695,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\5eb60b36-6206-5538-e60a-0a7af8a1e59d","NAME NOT FOUND","Length: 528"
  42. 9:28:25,7112655,"PsExec.exe","8044","RegQueryValue","HKLM\SOFTWARE\Microsoft\Ole\PageAllocatorUseSystemHeap","NAME NOT FOUND","Length: 20"
  43. 9:28:25,7115133,"PsExec.exe","8044","RegQueryValue","HKLM\SOFTWARE\Microsoft\Ole\PageAllocatorSystemHeapIsPrivate","NAME NOT FOUND","Length: 20"
  44. 9:28:25,7118003,"PsExec.exe","8044","RegQueryValue","HKLM\SOFTWARE\Microsoft\Ole\AggressiveMTATesting","NAME NOT FOUND","Length: 16"
  45. 9:28:25,7121371,"PsExec.exe","8044","RegOpenKey","HKLM\Software\Microsoft\Ole\FeatureDevelopmentProperties","NAME NOT FOUND","Desired Access: Read"
  46. 9:28:25,7121905,"PsExec.exe","8044","RegOpenKey","HKLM\SOFTWARE\Microsoft\AppModel\Lookaside\Packages","NAME NOT FOUND","Desired Access: Read"
  47. 9:28:25,7122775,"PsExec.exe","8044","RegOpenKey","HKLM\Software\Microsoft\Ole\FeatureDevelopmentProperties","NAME NOT FOUND","Desired Access: Read"
  48. 9:28:25,7126037,"PsExec.exe","8044","RegOpenKey","HKLM\SOFTWARE\Microsoft\Ole\Tracing","NAME NOT FOUND","Desired Access: Read"
  49. 9:28:25,7127370,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\1aff6089-e863-4d36-bdfd-3581f07440be","NAME NOT FOUND","Length: 528"
  50. 9:28:25,7129043,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\f0558438-f56a-5987-47da-040ca75aef05","NAME NOT FOUND","Length: 528"
  51. 9:28:25,7131472,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\c7e09e2a-c663-5399-af79-2fccd321d19a","NAME NOT FOUND","Length: 528"
  52. 9:28:25,7133116,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\703fcc13-b66f-5868-ddd9-e2db7f381ffb","NAME NOT FOUND","Length: 528"
  53. 9:28:25,7149724,"PsExec.exe","8044","CreateFileMapping","C:\Windows\SysWOW64\imm32.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READWRITE|PAGE_NOCACHE"
  54. 9:28:25,7165574,"PsExec.exe","8044","RegOpenKey","HKLM\System\CurrentControlSet\Control\Error Message Instrument","NAME NOT FOUND","Desired Access: Read"
  55. 9:28:25,7166974,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\f25bcd2e-2690-55dc-3bc4-07b65b1b41c9","NAME NOT FOUND","Length: 528"
  56. 9:28:25,7170879,"PsExec.exe","8044","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PsExec.exe","NAME NOT FOUND","Desired Access: Query Value, Enumerate Sub Keys"
  57. 9:28:25,7171878,"PsExec.exe","8044","RegOpenKey","HKLM\SOFTWARE\Policies\Microsoft\Windows\Display","NAME NOT FOUND","Desired Access: Read"
  58. 9:28:25,7173000,"PsExec.exe","8044","RegOpenKey","HKLM\SOFTWARE\Policies\Microsoft\Windows\Display","NAME NOT FOUND","Desired Access: Read"
  59. 9:28:25,7173683,"PsExec.exe","8044","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PsExec.exe","NAME NOT FOUND","Desired Access: Query Value, Enumerate Sub Keys"
  60. 9:28:25,7174532,"PsExec.exe","8044","RegOpenKey","HKLM\SOFTWARE\Policies\Microsoft\Windows\Display","NAME NOT FOUND","Desired Access: Read"
  61. 9:28:25,7175444,"PsExec.exe","8044","RegOpenKey","HKLM\SOFTWARE\Policies\Microsoft\Windows\Display","NAME NOT FOUND","Desired Access: Read"
  62. 9:28:25,7177094,"PsExec.exe","8044","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles","NAME NOT FOUND","Length: 20"
  63. 9:28:25,7178286,"PsExec.exe","8044","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PsExec.exe","NAME NOT FOUND","Desired Access: Read"
  64. 9:28:25,7179086,"PsExec.exe","8044","RegOpenKey","HKLM\Software\Policies\Microsoft\Windows\Control Panel\Desktop","NAME NOT FOUND","Desired Access: Read"
  65. 9:28:25,7179736,"PsExec.exe","8044","RegOpenKey","HKCU\Software\Policies\Microsoft\Windows\Control Panel\Desktop","NAME NOT FOUND","Desired Access: Read"
  66. 9:28:25,7180876,"PsExec.exe","8044","RegQueryValue","HKCU\Control Panel\Desktop\EnablePerProcessSystemDPI","NAME NOT FOUND","Length: 20"
  67. 9:28:25,7183744,"PsExec.exe","8044","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Compatibility32\PsExec","NAME NOT FOUND","Length: 172"
  68. 9:28:25,7184568,"PsExec.exe","8044","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\IME Compatibility","NAME NOT FOUND","Desired Access: Read"
  69. 9:28:25,7192600,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\EMPTY","NAME NOT FOUND","Length: 120"
  70. 9:28:25,7193268,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\EMPTY","NAME NOT FOUND","Length: 120"
  71. 9:28:25,7195936,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\Language\InstallLanguageFallback","BUFFER OVERFLOW","Length: 16"
  72. 9:28:25,7196757,"PsExec.exe","8044","RegOpenKey","HKLM\OSDATA\System\CurrentControlSet\Control\MUI\UILanguages","NAME NOT FOUND","Desired Access: Read"
  73. 9:28:25,7202492,"PsExec.exe","8044","RegEnumValue","HKLM\System\CurrentControlSet\Control\MUI\UILanguages\ru-RU","NO MORE ENTRIES","Index: 4, Length: 512"
  74. 9:28:25,7202872,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\MUI\UILanguages\ru-RU\AlternateCodePage","NAME NOT FOUND","Length: 12"
  75. 9:28:25,7203529,"PsExec.exe","8044","RegEnumKey","HKLM\System\CurrentControlSet\Control\MUI\UILanguages","NO MORE ENTRIES","Index: 1, Length: 512"
  76. 9:28:25,7204678,"PsExec.exe","8044","RegOpenKey","HKLM\System\CurrentControlSet\Control\MUI\UILanguages\PendingDelete","NAME NOT FOUND","Desired Access: Read"
  77. 9:28:25,7205685,"PsExec.exe","8044","RegOpenKey","HKLM\SOFTWARE\Policies\Microsoft\MUI\Settings","NAME NOT FOUND","Desired Access: Read"
  78. 9:28:25,7207457,"PsExec.exe","8044","RegOpenKey","HKCU\Control Panel\Desktop\MuiCached\MachineLanguageConfiguration","NAME NOT FOUND","Desired Access: Read"
  79. 9:28:25,7209303,"PsExec.exe","8044","RegEnumValue","HKLM\System\CurrentControlSet\Control\MUI\Settings\LanguageConfiguration","NO MORE ENTRIES","Index: 0, Length: 512"
  80. 9:28:25,7210947,"PsExec.exe","8044","RegOpenKey","HKLM\SOFTWARE\Policies\Microsoft\MUI\Settings","NAME NOT FOUND","Desired Access: Read"
  81. 9:28:25,7212941,"PsExec.exe","8044","RegOpenKey","HKCU\Software\Policies\Microsoft\Control Panel\Desktop","NAME NOT FOUND","Desired Access: Read"
  82. 9:28:25,7215580,"PsExec.exe","8044","RegEnumValue","HKCU\Control Panel\Desktop\LanguageConfiguration","NO MORE ENTRIES","Index: 1, Length: 512"
  83. 9:28:25,7216920,"PsExec.exe","8044","RegOpenKey","HKLM\SOFTWARE\Policies\Microsoft\MUI\Settings","NAME NOT FOUND","Desired Access: Read"
  84. 9:28:25,7218810,"PsExec.exe","8044","RegOpenKey","HKCU\Software\Policies\Microsoft\Control Panel\Desktop","NAME NOT FOUND","Desired Access: Read"
  85. 9:28:25,7221031,"PsExec.exe","8044","RegQueryValue","HKCU\Control Panel\Desktop\PreferredUILanguages","BUFFER OVERFLOW","Length: 12"
  86. 9:28:25,7223026,"PsExec.exe","8044","RegOpenKey","HKLM\SOFTWARE\Policies\Microsoft\MUI\Settings","NAME NOT FOUND","Desired Access: Read"
  87. 9:28:25,7225764,"PsExec.exe","8044","RegQueryValue","HKCU\Control Panel\Desktop\MuiCached\MachinePreferredUILanguages","BUFFER OVERFLOW","Length: 12"
  88. 9:28:25,7233359,"PsExec.exe","8044","CreateFile","C:\Windows\SysWOW64\edgegdi.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
  89. 9:28:25,7239090,"PsExec.exe","8044","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Windows\RequireSignedAppInit_DLLs","NAME NOT FOUND","Length: 16"
  90. 9:28:25,7248874,"PsExec.exe","8044","CreateFileMapping","C:\Program Files\Agnitum\Outpost Firewall Pro\wl_hook.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_WRITECOPY"
  91. 9:28:25,7250713,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20"
  92. 9:28:25,7252625,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80"
  93. 9:28:25,7261966,"PsExec.exe","8044","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest","NAME NOT FOUND","Length: 20"
  94. 9:28:25,7275911,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\ca967c75-04bf-40b5-9a16-98b5f9332a92","NAME NOT FOUND","Length: 528"
  95. 9:28:25,7278117,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\b6fd710b-f783-4b1c-ab9c-c68099dcc0c7","NAME NOT FOUND","Length: 528"
  96. 9:28:25,7279875,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\c1376338-0984-48b8-b933-9c7d779fd84d","NAME NOT FOUND","Length: 528"
  97. 9:28:25,7292990,"PsExec.exe","8044","CreateFileMapping","C:\Program Files\Agnitum\Outpost Firewall Pro\machine.ini","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_WRITECOPY"
  98. 9:28:25,7297947,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\ru-RU","NAME NOT FOUND","Length: 532"
  99. 9:28:25,7299866,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\ru-RU","NAME NOT FOUND","Length: 532"
  100. 9:28:25,7304569,"PsExec.exe","8044","CreateFileMapping","C:\Windows\Globalization\Sorting\SortDefault.nls","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_WRITECOPY"
  101. 9:28:25,7308782,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\Sorting\Ids\ru-RU","NAME NOT FOUND","Length: 90"
  102. 9:28:25,7335843,"PsExec.exe","8044","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PsExec.exe","NAME NOT FOUND","Desired Access: Query Value, Enumerate Sub Keys"
  103. 9:28:25,7345851,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\30336ed4-e327-447c-9de0-51b652c86108","NAME NOT FOUND","Length: 528"
  104. 9:28:25,7347445,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\32980f26-c8f5-5767-6b26-635b3fa83c61","NAME NOT FOUND","Length: 528"
  105. 9:28:25,7348508,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\703fcc13-b66f-5868-ddd9-e2db7f381ffb","NAME NOT FOUND","Length: 528"
  106. 9:28:25,7355392,"PsExec.exe","8044","RegOpenKey","HKLM\Software\Sysinternals","NAME NOT FOUND","Desired Access: Query Value"
  107. 9:28:25,7357647,"PsExec.exe","8044","RegQueryValue","HKCU\SOFTWARE\Sysinternals\EulaAccepted","NAME NOT FOUND","Length: 16"
  108. 9:28:25,7373960,"PsExec.exe","8044","RegOpenKey","HKLM\Software\Sysinternals","NAME NOT FOUND","Desired Access: Query Value"
  109. 9:28:25,7375677,"PsExec.exe","8044","RegQueryValue","HKCU\SOFTWARE\Sysinternals\EulaAccepted","NAME NOT FOUND","Length: 16"
  110. 9:28:25,7392511,"PsExec.exe","8044","CreateFile","C:\Windows\LOGONCLI.DLL","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
  111. 9:28:25,7402102,"PsExec.exe","8044","CreateFileMapping","C:\Windows\SysWOW64\logoncli.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READWRITE|PAGE_NOCACHE"
  112. 9:28:25,7406052,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20"
  113. 9:28:25,7407959,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80"
  114. 9:28:25,7429081,"PsExec.exe","8044","RegOpenKey","HKLM\SOFTWARE\Policies\Microsoft\Netlogon\Parameters","NAME NOT FOUND","Desired Access: Query Value"
  115. 9:28:25,7431516,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Netlogon\Parameters\DCLocatorLdapConnectionCacheEnabled","NAME NOT FOUND","Length: 16"
  116. 9:28:25,7436614,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\WinSock_Registry_Version","BUFFER OVERFLOW","Length: 16"
  117. 9:28:25,7438903,"PsExec.exe","8044","RegOpenKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\AppId_Catalog\37923DCE-3B65DE3D","NAME NOT FOUND","Desired Access: Read"
  118. 9:28:25,7439755,"PsExec.exe","8044","RegOpenKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\AppId_Catalog\37923DCE","NAME NOT FOUND","Desired Access: Read"
  119. 9:28:25,7440473,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Callout","BUFFER OVERFLOW","Length: 12"
  120. 9:28:25,7444047,"PsExec.exe","8044","RegOpenKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\0000001B","NAME NOT FOUND","Desired Access: Read"
  121. 9:28:25,7447247,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001\PackedCatalogItem","BUFFER OVERFLOW","Length: 144"
  122. 9:28:25,7449721,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002\PackedCatalogItem","BUFFER OVERFLOW","Length: 144"
  123. 9:28:25,7451713,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003\PackedCatalogItem","BUFFER OVERFLOW","Length: 144"
  124. 9:28:25,7453916,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004\PackedCatalogItem","BUFFER OVERFLOW","Length: 144"
  125. 9:28:25,7455993,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005\PackedCatalogItem","BUFFER OVERFLOW","Length: 144"
  126. 9:28:25,7458774,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006\PackedCatalogItem","BUFFER OVERFLOW","Length: 144"
  127. 9:28:25,7461249,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007\PackedCatalogItem","BUFFER OVERFLOW","Length: 144"
  128. 9:28:25,7463097,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008\PackedCatalogItem","BUFFER OVERFLOW","Length: 144"
  129. 9:28:25,7465052,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009\PackedCatalogItem","BUFFER OVERFLOW","Length: 144"
  130. 9:28:25,7467074,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010\PackedCatalogItem","BUFFER OVERFLOW","Length: 144"
  131. 9:28:25,7469367,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011\PackedCatalogItem","BUFFER OVERFLOW","Length: 144"
  132. 9:28:25,7471334,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012\PackedCatalogItem","BUFFER OVERFLOW","Length: 144"
  133. 9:28:25,7473020,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000013\PackedCatalogItem","BUFFER OVERFLOW","Length: 144"
  134. 9:28:25,7474990,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000014\PackedCatalogItem","BUFFER OVERFLOW","Length: 144"
  135. 9:28:25,7476826,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000015\PackedCatalogItem","BUFFER OVERFLOW","Length: 144"
  136. 9:28:25,7478543,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000016\PackedCatalogItem","BUFFER OVERFLOW","Length: 144"
  137. 9:28:25,7480273,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000017\PackedCatalogItem","BUFFER OVERFLOW","Length: 144"
  138. 9:28:25,7482564,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000018\PackedCatalogItem","BUFFER OVERFLOW","Length: 144"
  139. 9:28:25,7484559,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000019\PackedCatalogItem","BUFFER OVERFLOW","Length: 144"
  140. 9:28:25,7488968,"PsExec.exe","8044","RegOpenKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\0000001A","NAME NOT FOUND","Desired Access: Read"
  141. 9:28:25,7492328,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001\DisplayString","BUFFER OVERFLOW","Length: 12"
  142. 9:28:25,7494387,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\Session Manager\ResourcePolicies","NAME NOT FOUND","Length: 24"
  143. 9:28:25,7496374,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001\AddressFamily","NAME NOT FOUND","Length: 16"
  144. 9:28:25,7500794,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002\DisplayString","BUFFER OVERFLOW","Length: 12"
  145. 9:28:25,7502584,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002\AddressFamily","NAME NOT FOUND","Length: 16"
  146. 9:28:25,7507620,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003\DisplayString","BUFFER OVERFLOW","Length: 12"
  147. 9:28:25,7509735,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003\AddressFamily","NAME NOT FOUND","Length: 16"
  148. 9:28:25,7513770,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004\DisplayString","BUFFER OVERFLOW","Length: 12"
  149. 9:28:25,7515565,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004\AddressFamily","NAME NOT FOUND","Length: 16"
  150. 9:28:25,7520082,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000005\DisplayString","BUFFER OVERFLOW","Length: 12"
  151. 9:28:25,7521679,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000005\AddressFamily","NAME NOT FOUND","Length: 16"
  152. 9:28:25,7525994,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000006\DisplayString","BUFFER OVERFLOW","Length: 12"
  153. 9:28:25,7527869,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000006\AddressFamily","NAME NOT FOUND","Length: 16"
  154. 9:28:25,7532233,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000007\DisplayString","BUFFER OVERFLOW","Length: 12"
  155. 9:28:25,7534192,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000007\AddressFamily","NAME NOT FOUND","Length: 16"
  156. 9:28:25,7538342,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000008\DisplayString","BUFFER OVERFLOW","Length: 12"
  157. 9:28:25,7540072,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000008\AddressFamily","NAME NOT FOUND","Length: 16"
  158. 9:28:25,7545268,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Ws2_32NumHandleBuckets","NAME NOT FOUND","Length: 16"
  159. 9:28:25,7545611,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Ws2_32SpinCount","NAME NOT FOUND","Length: 16"
  160. 9:28:25,7556165,"PsExec.exe","8044","CreateFileMapping","C:\Windows\SysWOW64\PrxerNsp.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READWRITE|PAGE_NOCACHE"
  161. 9:28:25,7557852,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20"
  162. 9:28:25,7559506,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80"
  163. 9:28:25,7570879,"PsExec.exe","8044","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest","NAME NOT FOUND","Length: 20"
  164. 9:28:25,7593503,"PsExec.exe","8044","CreateFileMapping","C:\Windows\SysWOW64\mswsock.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READWRITE|PAGE_NOCACHE"
  165. 9:28:25,7595573,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20"
  166. 9:28:25,7597449,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80"
  167. 9:28:25,7613041,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\DisableSockPollConnFailureReturn","NAME NOT FOUND","Length: 16"
  168. 9:28:25,7624536,"PsExec.exe","8044","CreateFileMapping","C:\Windows\SysWOW64\dnsapi.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READWRITE|PAGE_NOCACHE"
  169. 9:28:25,7626136,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20"
  170. 9:28:25,7627947,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80"
  171. 9:28:25,7641684,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\9ca335ed-c0a6-4b4d-b084-9c9b5143aff0","NAME NOT FOUND","Length: 528"
  172. 9:28:25,7643356,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\703fcc13-b66f-5868-ddd9-e2db7f381ffb","NAME NOT FOUND","Length: 528"
  173. 9:28:25,7652162,"PsExec.exe","8044","CreateFileMapping","C:\Windows\SysWOW64\IPHLPAPI.DLL","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READWRITE|PAGE_NOCACHE"
  174. 9:28:25,7654029,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20"
  175. 9:28:25,7655809,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80"
  176. 9:28:25,7675192,"PsExec.exe","8044","RegOpenKey","HKLM\System\CurrentControlSet\Control\StateSeparation\RedirectionMap\Keys","NAME NOT FOUND","Desired Access: Read"
  177. 9:28:25,7687850,"PsExec.exe","8044","RegOpenKey","HKLM\SOFTWARE\Policies\Microsoft\Windows NT\DnsClient","NAME NOT FOUND","Desired Access: Read"
  178. 9:28:25,7688476,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Hostname","BUFFER OVERFLOW","Length: 12"
  179. 9:28:25,7696001,"PsExec.exe","8044","RegOpenKey","HKLM\SOFTWARE\Policies\Microsoft\Windows NT\DnsClient","NAME NOT FOUND","Desired Access: Read"
  180. 9:28:25,7696445,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Hostname","BUFFER OVERFLOW","Length: 12"
  181. 9:28:25,7704058,"PsExec.exe","8044","RegOpenKey","HKLM\SOFTWARE\Policies\Microsoft\Windows NT\DnsClient","NAME NOT FOUND","Desired Access: Read"
  182. 9:28:25,7705975,"PsExec.exe","8044","RegOpenKey","HKLM\SOFTWARE\Policies\Microsoft\System\DNSClient","NAME NOT FOUND","Desired Access: Query Value"
  183. 9:28:25,7706449,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Domain","BUFFER OVERFLOW","Length: 12"
  184. 9:28:25,7717363,"PsExec.exe","8044","CreateFileMapping","C:\Windows\SysWOW64\NapiNSP.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READWRITE|PAGE_NOCACHE"
  185. 9:28:25,7719248,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20"
  186. 9:28:25,7720837,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80"
  187. 9:28:25,7739134,"PsExec.exe","8044","RegQueryValue","HKLM\SOFTWARE\Microsoft\Rpc\MaxRpcSize","NAME NOT FOUND","Length: 16"
  188. 9:28:25,7740839,"PsExec.exe","8044","RegOpenKey","HKLM\System\CurrentControlSet\Services\CCG","NAME NOT FOUND","Desired Access: Read"
  189. 9:28:25,7741916,"PsExec.exe","8044","RegOpenKey","HKLM\System\CurrentControlSet\Services\CCG","NAME NOT FOUND","Desired Access: Read"
  190. 9:28:25,7743175,"PsExec.exe","8044","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PsExec.exe","NAME NOT FOUND","Desired Access: Query Value, Enumerate Sub Keys"
  191. 9:28:25,7746259,"PsExec.exe","8044","RegOpenKey","HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Rpc","NAME NOT FOUND","Desired Access: Read"
  192. 9:28:25,7749399,"PsExec.exe","8044","RegQueryValue","HKLM\SOFTWARE\Microsoft\Rpc\IdleTimerWindow","NAME NOT FOUND","Length: 16"
  193. 9:28:25,7764989,"PsExec.exe","8044","CreateFileMapping","C:\Windows\SysWOW64\pnrpnsp.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READWRITE|PAGE_NOCACHE"
  194. 9:28:25,7766705,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20"
  195. 9:28:25,7768504,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80"
  196. 9:28:25,7790752,"PsExec.exe","8044","CreateFileMapping","C:\Windows\SysWOW64\wshbth.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READWRITE|PAGE_NOCACHE"
  197. 9:28:25,7792637,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20"
  198. 9:28:25,7794418,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80"
  199. 9:28:25,7814113,"PsExec.exe","8044","CreateFileMapping","C:\Windows\SysWOW64\nlaapi.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READWRITE|PAGE_NOCACHE"
  200. 9:28:25,7815920,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20"
  201. 9:28:25,7817604,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80"
  202. 9:28:25,7830429,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\6ff5771a-f64e-473f-a2e8-4654c218ff3a","NAME NOT FOUND","Length: 528"
  203. 9:28:25,7832097,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\703fcc13-b66f-5868-ddd9-e2db7f381ffb","NAME NOT FOUND","Length: 528"
  204. 9:28:25,7841244,"PsExec.exe","8044","CreateFileMapping","C:\Windows\SysWOW64\winrnr.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READWRITE|PAGE_NOCACHE"
  205. 9:28:25,7843031,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20"
  206. 9:28:25,7844606,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80"
  207. 9:28:25,7864877,"PsExec.exe","8044","RegOpenKey","HKLM\SOFTWARE\Policies\Microsoft\Windows NT\DnsClient","NAME NOT FOUND","Desired Access: Read"
  208. 9:28:25,7865332,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Hostname","BUFFER OVERFLOW","Length: 12"
  209. 9:28:25,7873799,"PsExec.exe","8044","RegOpenKey","HKLM\SOFTWARE\Policies\Microsoft\Windows NT\DnsClient","NAME NOT FOUND","Desired Access: Read"
  210. 9:28:25,7875442,"PsExec.exe","8044","RegOpenKey","HKLM\System\CurrentControlSet\Services\DNS","NAME NOT FOUND","Desired Access: Query Value"
  211. 9:28:25,7875945,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\QueryAdapterName","NAME NOT FOUND","Length: 16"
  212. 9:28:25,7876382,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DisableAdapterDomainName","NAME NOT FOUND","Length: 16"
  213. 9:28:25,7876744,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\UseDomainNameDevolution","NAME NOT FOUND","Length: 16"
  214. 9:28:25,7877486,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\DomainNameDevolutionLevel","NAME NOT FOUND","Length: 16"
  215. 9:28:25,7877815,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\PrioritizeRecordData","NAME NOT FOUND","Length: 16"
  216. 9:28:25,7878186,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\PrioritizeRecordData","NAME NOT FOUND","Length: 16"
  217. 9:28:25,7878546,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\AllowUnqualifiedQuery","NAME NOT FOUND","Length: 16"
  218. 9:28:25,7878885,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\AllowUnqualifiedQuery","NAME NOT FOUND","Length: 16"
  219. 9:28:25,7879300,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\AppendToMultiLabelName","NAME NOT FOUND","Length: 16"
  220. 9:28:25,7879677,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\ScreenBadTlds","NAME NOT FOUND","Length: 16"
  221. 9:28:25,7880039,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\ScreenUnreachableServers","NAME NOT FOUND","Length: 16"
  222. 9:28:25,7880375,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\ScreenDefaultServers","NAME NOT FOUND","Length: 16"
  223. 9:28:25,7880683,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\DynamicServerQueryOrder","NAME NOT FOUND","Length: 16"
  224. 9:28:25,7881005,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\FilterClusterIp","NAME NOT FOUND","Length: 16"
  225. 9:28:25,7881297,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\WaitForNameErrorOnAll","NAME NOT FOUND","Length: 16"
  226. 9:28:25,7881590,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\UseEdns","NAME NOT FOUND","Length: 16"
  227. 9:28:25,7881896,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\DnsSecureNameQueryFallback","NAME NOT FOUND","Length: 16"
  228. 9:28:25,7882219,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\EnableDAForAllNetworks","NAME NOT FOUND","Length: 16"
  229. 9:28:25,7882556,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\DirectAccessQueryOrder","NAME NOT FOUND","Length: 16"
  230. 9:28:25,7882861,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\QueryIpMatching","NAME NOT FOUND","Length: 16"
  231. 9:28:25,7883155,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\UseHostsFile","NAME NOT FOUND","Length: 16"
  232. 9:28:25,7883406,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\AddrConfigControl","NAME NOT FOUND","Length: 16"
  233. 9:28:25,7883654,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\DisableSmartNameResolution","NAME NOT FOUND","Length: 16"
  234. 9:28:25,7883923,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\PreferLocalOverLowerBindingDNS","NAME NOT FOUND","Length: 16"
  235. 9:28:25,7884196,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\QueryNetBTFQDN","NAME NOT FOUND","Length: 16"
  236. 9:28:25,7884520,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\DisableSmartProtocolReordering","NAME NOT FOUND","Length: 16"
  237. 9:28:25,7884785,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\UdpRecvBufferSize","NAME NOT FOUND","Length: 16"
  238. 9:28:25,7885075,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\DisableParallelAandAAAA","NAME NOT FOUND","Length: 16"
  239. 9:28:25,7885385,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\DisableCoalescing","NAME NOT FOUND","Length: 16"
  240. 9:28:25,7885643,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\FilterVPNTrigger","NAME NOT FOUND","Length: 16"
  241. 9:28:25,7885916,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\EnableMultiHomedRouteConflicts","NAME NOT FOUND","Length: 16"
  242. 9:28:25,7886207,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\ForceQueriesOverTcp","NAME NOT FOUND","Length: 16"
  243. 9:28:25,7886515,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\ShareTcpConnections","NAME NOT FOUND","Length: 16"
  244. 9:28:25,7886778,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\RegistrationEnabled","NAME NOT FOUND","Length: 16"
  245. 9:28:25,7887066,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DisableDynamicUpdate","NAME NOT FOUND","Length: 16"
  246. 9:28:25,7887355,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\RegisterPrimaryName","NAME NOT FOUND","Length: 16"
  247. 9:28:25,7887612,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\RegisterAdapterName","NAME NOT FOUND","Length: 16"
  248. 9:28:25,7887986,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\EnableAdapterDomainNameRegistration","NAME NOT FOUND","Length: 16"
  249. 9:28:25,7888415,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\RegisterReverseLookup","NAME NOT FOUND","Length: 16"
  250. 9:28:25,7888791,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DisableReverseAddressRegistrations","NAME NOT FOUND","Length: 16"
  251. 9:28:25,7889208,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\RegisterWanAdapters","NAME NOT FOUND","Length: 16"
  252. 9:28:25,7889617,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DisableWanDynamicUpdate","NAME NOT FOUND","Length: 16"
  253. 9:28:25,7890042,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\RegistrationTtl","NAME NOT FOUND","Length: 16"
  254. 9:28:25,7890408,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DefaultRegistrationTTL","NAME NOT FOUND","Length: 16"
  255. 9:28:25,7890780,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\RegistrationRefreshInterval","NAME NOT FOUND","Length: 16"
  256. 9:28:25,7891114,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DefaultRegistrationRefreshInterval","NAME NOT FOUND","Length: 16"
  257. 9:28:25,7891477,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\RegistrationMaxAddressCount","NAME NOT FOUND","Length: 16"
  258. 9:28:25,7891798,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\MaxNumberOfAddressesToRegister","NAME NOT FOUND","Length: 16"
  259. 9:28:25,7892177,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\UpdateSecurityLevel","NAME NOT FOUND","Length: 16"
  260. 9:28:25,7892498,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\UpdateSecurityLevel","NAME NOT FOUND","Length: 16"
  261. 9:28:25,7892851,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\UpdateTopLevelDomainZones","NAME NOT FOUND","Length: 16"
  262. 9:28:25,7893187,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\DowncaseSpnCauseApiOwnerIsTooLazy","NAME NOT FOUND","Length: 16"
  263. 9:28:25,7893504,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\RegistrationOverwrite","NAME NOT FOUND","Length: 16"
  264. 9:28:25,7893850,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\MaxCacheSize","NAME NOT FOUND","Length: 16"
  265. 9:28:25,7894122,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\MaxCacheTtl","NAME NOT FOUND","Length: 16"
  266. 9:28:25,7894397,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\MaxNegativeCacheTtl","NAME NOT FOUND","Length: 16"
  267. 9:28:25,7894678,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\AdapterTimeoutLimit","NAME NOT FOUND","Length: 16"
  268. 9:28:25,7894978,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\ServerPriorityTimeLimit","NAME NOT FOUND","Length: 16"
  269. 9:28:25,7895258,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\MaxCachedSockets","NAME NOT FOUND","Length: 16"
  270. 9:28:25,7895522,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\DisableServerUnreachability","NAME NOT FOUND","Length: 16"
  271. 9:28:25,7895819,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\EnableMulticast","NAME NOT FOUND","Length: 16"
  272. 9:28:25,7896117,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\MulticastResponderFlags","NAME NOT FOUND","Length: 16"
  273. 9:28:25,7896386,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\MulticastSenderFlags","NAME NOT FOUND","Length: 16"
  274. 9:28:25,7896666,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\MulticastSenderMaxTimeout","NAME NOT FOUND","Length: 16"
  275. 9:28:25,7896928,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\EnableMDNS","NAME NOT FOUND","Length: 16"
  276. 9:28:25,7897181,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\DnsTest","NAME NOT FOUND","Length: 16"
  277. 9:28:25,7897463,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\UseCompartments","NAME NOT FOUND","Length: 16"
  278. 9:28:25,7897755,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\CacheAllCompartments","NAME NOT FOUND","Length: 16"
  279. 9:28:25,7898003,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\UseNewRegistration","NAME NOT FOUND","Length: 16"
  280. 9:28:25,7898304,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\ResolverRegistration","NAME NOT FOUND","Length: 16"
  281. 9:28:25,7898613,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\ResolverRegistrationOnly","NAME NOT FOUND","Length: 16"
  282. 9:28:25,7898905,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\NewDhcpSrvRegistration","NAME NOT FOUND","Length: 16"
  283. 9:28:25,7899170,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\DirectAccessPreferLocal","NAME NOT FOUND","Length: 16"
  284. 9:28:25,7899441,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\DisableIdnEncoding","NAME NOT FOUND","Length: 16"
  285. 9:28:25,7899715,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\EnableIdnMapping","NAME NOT FOUND","Length: 16"
  286. 9:28:25,7900060,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\ShortnameProxyDefault","NAME NOT FOUND","Length: 16"
  287. 9:28:25,7900380,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\DisableNRPTForAdapterRegistration","NAME NOT FOUND","Length: 16"
  288. 9:28:25,7900679,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\TestMode_AdaptiveTimeoutHistoryLength","NAME NOT FOUND","Length: 16"
  289. 9:28:25,7900980,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\TestMode_AdaptiveTimeoutRecalculationInterval","NAME NOT FOUND","Length: 16"
  290. 9:28:25,7901335,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\DnsQueryTimeouts","NAME NOT FOUND","Length: 12"
  291. 9:28:25,7901686,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DnsQueryTimeouts","NAME NOT FOUND","Length: 12"
  292. 9:28:25,7901997,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\DnsQuickQueryTimeouts","NAME NOT FOUND","Length: 12"
  293. 9:28:25,7902272,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DnsQuickQueryTimeouts","NAME NOT FOUND","Length: 12"
  294. 9:28:25,7909990,"PsExec.exe","8044","RegOpenKey","HKLM\SOFTWARE\Policies\Microsoft\Windows NT\DnsClient","NAME NOT FOUND","Desired Access: Read"
  295. 9:28:25,7910391,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Hostname","BUFFER OVERFLOW","Length: 12"
  296. 9:28:25,7916713,"PsExec.exe","8044","RegOpenKey","HKLM\SOFTWARE\Policies\Microsoft\Windows NT\DnsClient","NAME NOT FOUND","Desired Access: Read"
  297. 9:28:25,7918007,"PsExec.exe","8044","RegOpenKey","HKLM\SOFTWARE\Policies\Microsoft\System\DNSClient","NAME NOT FOUND","Desired Access: Query Value"
  298. 9:28:25,7918391,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Domain","BUFFER OVERFLOW","Length: 12"
  299. 9:28:25,7924209,"PsExec.exe","8044","RegOpenKey","HKLM\SOFTWARE\Policies\Microsoft\Windows NT\DnsClient","NAME NOT FOUND","Desired Access: Read"
  300. 9:28:25,7924552,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Hostname","BUFFER OVERFLOW","Length: 12"
  301. 9:28:25,7937929,"PsExec.exe","8044","CreateFileMapping","C:\Windows\SysWOW64\FWPUCLNT.DLL","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READWRITE|PAGE_NOCACHE"
  302. 9:28:25,7939839,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20"
  303. 9:28:25,7941546,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80"
  304. 9:28:25,7960985,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\f3a71a4b-6118-4257-8ccb-39a33ba059d4","NAME NOT FOUND","Length: 528"
  305. 9:28:25,7963688,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\7e32a1c4-d502-5b7c-39e8-2b7b0b5f0424","NAME NOT FOUND","Length: 528"
  306. 9:28:25,7964658,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\703fcc13-b66f-5868-ddd9-e2db7f381ffb","NAME NOT FOUND","Length: 528"
  307. 9:28:25,7984566,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\WinSock_Registry_Version","BUFFER OVERFLOW","Length: 16"
  308. 9:28:25,7995722,"PsExec.exe","8044","CreateFileMapping","C:\Windows\SysWOW64\rasadhlp.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READWRITE|PAGE_NOCACHE"
  309. 9:28:25,7997394,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20"
  310. 9:28:25,7999208,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80"
  311. 9:28:26,2575975,"PsExec.exe","8044","CreateFile","C:\Windows\CRYPTBASE.DLL","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
  312. 9:28:26,2585523,"PsExec.exe","8044","CreateFileMapping","C:\Windows\SysWOW64\cryptbase.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READWRITE|PAGE_NOCACHE"
  313. 9:28:26,2587377,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20"
  314. 9:28:26,2589390,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80"
  315. 9:28:26,2612182,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy","NAME NOT FOUND","Length: 20"
  316. 9:28:26,2612685,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy\MDMEnabled","NAME NOT FOUND","Length: 20"
  317. 9:28:26,2614259,"PsExec.exe","8044","RegOpenKey","HKLM\System\CurrentControlSet\Policies\Microsoft\Cryptography\Configuration","NAME NOT FOUND","Desired Access: Query Value"
  318. 9:28:26,2627492,"PsExec.exe","8044","CreateFileMapping","C:\Windows\SysWOW64\ntmarta.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READWRITE|PAGE_NOCACHE"
  319. 9:28:26,2629904,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20"
  320. 9:28:26,2631748,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80"
  321. 9:28:26,2650913,"PsExec.exe","8044","CreateFile","C:\Windows\CSC\v2.0.6\namespace\MYCOMP","NAME NOT FOUND","Desired Access: Read EA, Write EA, Read Attributes, Write Attributes, Delete, Read Control, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
  322. 9:28:26,2651806,"PsExec.exe","8044","CreateFile","\\MYCOMP\admin$\PSEXEC-MYCOMP-78B0AE2E.key","BAD NETWORK PATH","Desired Access: Generic Write, Read Attributes, Disposition: OverwriteIf, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: 0"
  323. 9:28:26,2654191,"PsExec.exe","8044","CreateFile","C:\Windows\CSC\v2.0.6\namespace\MYCOMP","NAME NOT FOUND","Desired Access: Read EA, Write EA, Read Attributes, Write Attributes, Delete, Read Control, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
  324. 9:28:26,2657058,"PsExec.exe","8044","CreateFile","C:\Windows\CSC\v2.0.6\namespace\MYCOMP","NAME NOT FOUND","Desired Access: Read EA, Write EA, Read Attributes, Write Attributes, Delete, Read Control, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
  325. 9:28:26,2660304,"PsExec.exe","8044","CreateFile","C:\Windows\CSC\v2.0.6\namespace\MYCOMP","NAME NOT FOUND","Desired Access: Read EA, Write EA, Read Attributes, Write Attributes, Delete, Read Control, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
  326. 9:28:26,2663944,"PsExec.exe","8044","CreateFile","C:\Windows\CSC\v2.0.6\namespace\MYCOMP","NAME NOT FOUND","Desired Access: Read EA, Write EA, Read Attributes, Write Attributes, Delete, Read Control, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
  327. 9:28:26,2667002,"PsExec.exe","8044","CreateFile","C:\Windows\CSC\v2.0.6\namespace\MYCOMP","NAME NOT FOUND","Desired Access: Read EA, Write EA, Read Attributes, Write Attributes, Delete, Read Control, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
  328. 9:28:26,2669347,"PsExec.exe","8044","CreateFile","C:\Windows\CSC\v2.0.6\namespace\MYCOMP","NAME NOT FOUND","Desired Access: Read EA, Write EA, Read Attributes, Write Attributes, Delete, Read Control, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
  329. 9:28:26,2743799,"PsExec.exe","8044","RegOpenKey","HKLM\SOFTWARE\Microsoft\LanguageOverlay\OverlayPackages\ru-RU","NAME NOT FOUND","Desired Access: Read"
  330. 9:28:26,2747004,"PsExec.exe","8044","CreateFile","C:\Windows\SysWOW64\ru-RU\KERNELBASE.dll.mui","NAME NOT FOUND","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a"
  331. 9:28:26,2750867,"PsExec.exe","8044","CreateFileMapping","C:\Windows\System32\ru-RU\KernelBase.dll.mui","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READWRITE|PAGE_NOCACHE"
  332. 9:28:26,2758980,"PsExec.exe","8044","CreateFile","C:\Windows\CSC\v2.0.6\namespace\MYCOMP","NAME NOT FOUND","Desired Access: Read EA, Write EA, Read Attributes, Write Attributes, Delete, Read Control, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
  333. 9:28:26,2759784,"PsExec.exe","8044","CreateFile","\\MYCOMP\admin$\PSEXEC-MYCOMP-78B0AE2E.key","BAD NETWORK PATH","Desired Access: Read Attributes, Delete, Disposition: Open, Options: Non-Directory File, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
  334. 9:28:26,2761844,"PsExec.exe","8044","CreateFile","C:\Windows\CSC\v2.0.6\namespace\MYCOMP","NAME NOT FOUND","Desired Access: Read EA, Write EA, Read Attributes, Write Attributes, Delete, Read Control, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
  335. 9:28:26,2770422,"PsExec.exe","8044","CreateFileMapping","C:\Windows\SysWOW64\kernel.appcore.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READWRITE|PAGE_NOCACHE"
  336. 9:28:26,2772473,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20"
  337. 9:28:26,2774864,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80"
  338. 9:28:26,2796769,"PsExec.exe","8044","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles","NAME NOT FOUND","Length: 20"
  339. 9:28:26,2871999,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-1677885551-301352413-4112317786-1001\\Device\HarddiskVolume3\Windows\PsExec.exe","NAME NOT FOUND","Length: 40"
  340.  
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!