Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Time of Day,"Process Name","PID","Operation","Path","Result","Detail"
- 9:28:25,6880077,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\Session Manager\RaiseExceptionOnPossibleDeadlock","NAME NOT FOUND","Length: 80"
- 9:28:25,6881378,"PsExec.exe","8044","RegOpenKey","HKLM\System\CurrentControlSet\Control\Session Manager\Segment Heap","NAME NOT FOUND","Desired Access: Query Value"
- 9:28:25,6882959,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\Session Manager\ResourcePolicies","NAME NOT FOUND","Length: 24"
- 9:28:25,6900255,"PsExec.exe","8044","CreateFile","C:\Windows\System32\wow64log.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
- 9:28:25,6906912,"PsExec.exe","8044","RegQueryValue","HKLM\SOFTWARE\Microsoft\Wow64\x86\PsExec.exe","NAME NOT FOUND","Length: 520"
- 9:28:25,6917203,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\Session Manager\RaiseExceptionOnPossibleDeadlock","NAME NOT FOUND","Length: 80"
- 9:28:25,6918532,"PsExec.exe","8044","RegOpenKey","HKLM\System\CurrentControlSet\Control\Session Manager\Segment Heap","NAME NOT FOUND","Desired Access: Query Value"
- 9:28:25,6920339,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\Session Manager\ResourcePolicies","NAME NOT FOUND","Length: 24"
- 9:28:25,6949908,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\3c74afb9-8d82-44e3-b52c-365dbf48382a","NAME NOT FOUND","Length: 528"
- 9:28:25,6952104,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\05f95efe-7f75-49c7-a994-60a55cc09571","NAME NOT FOUND","Length: 528"
- 9:28:25,6956716,"PsExec.exe","8044","RegOpenKey","HKLM\System\CurrentControlSet\Control\SafeBoot\Option","NAME NOT FOUND","Desired Access: Query Value, Set Value"
- 9:28:25,6958054,"PsExec.exe","8044","RegOpenKey","HKLM\System\CurrentControlSet\Control\Srp\GP\DLL","NAME NOT FOUND","Desired Access: Read"
- 9:28:25,6960301,"PsExec.exe","8044","RegQueryValue","HKLM\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\TransparentEnabled","NAME NOT FOUND","Length: 80"
- 9:28:25,6961132,"PsExec.exe","8044","RegOpenKey","HKCU\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers","NAME NOT FOUND","Desired Access: Query Value"
- 9:28:25,6965029,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\FileSystem\LPGO","NAME NOT FOUND","Length: 20"
- 9:28:25,6975419,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\Session Manager\SafeDllSearchMode","NAME NOT FOUND","Length: 16"
- 9:28:25,6981142,"PsExec.exe","8044","CreateFile","C:\Windows\NETAPI32.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
- 9:28:25,6981234,"PsExec.exe","8044","CreateFile","C:\Windows\VERSION.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
- 9:28:25,6992139,"PsExec.exe","8044","CreateFileMapping","C:\Windows\SysWOW64\netapi32.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READWRITE|PAGE_NOCACHE"
- 9:28:25,6992297,"PsExec.exe","8044","CreateFileMapping","C:\Windows\SysWOW64\version.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READWRITE|PAGE_NOCACHE"
- 9:28:25,6993805,"PsExec.exe","8044","CreateFile","C:\Windows\MPR.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
- 9:28:25,6993848,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20"
- 9:28:25,6994521,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20"
- 9:28:25,6995712,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80"
- 9:28:25,6996815,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80"
- 9:28:25,7002738,"PsExec.exe","8044","CreateFileMapping","C:\Windows\SysWOW64\mpr.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READWRITE|PAGE_NOCACHE"
- 9:28:25,7004776,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20"
- 9:28:25,7006736,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80"
- 9:28:25,7007884,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\Session Manager\ResourcePolicies","NAME NOT FOUND","Length: 24"
- 9:28:25,7042731,"PsExec.exe","8044","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots","NAME NOT FOUND","Desired Access: Enumerate Sub Keys"
- 9:28:25,7047450,"PsExec.exe","8044","CreateFile","C:\Windows\PsExec.exe.Local","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
- 9:28:25,7059551,"PsExec.exe","8044","CreateFileMapping","C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.488_none_89e6152f0b32762e\comctl32.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READWRITE|PAGE_NOCACHE"
- 9:28:25,7061871,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20"
- 9:28:25,7063635,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80"
- 9:28:25,7069830,"PsExec.exe","8044","CreateFile","C:\Windows\NETUTILS.DLL","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
- 9:28:25,7079678,"PsExec.exe","8044","CreateFileMapping","C:\Windows\SysWOW64\netutils.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READWRITE|PAGE_NOCACHE"
- 9:28:25,7081540,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20"
- 9:28:25,7083240,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80"
- 9:28:25,7099687,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\d0f1a5c6-fc43-48ae-99bf-efb1c38be9d1","NAME NOT FOUND","Length: 528"
- 9:28:25,7106695,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\5eb60b36-6206-5538-e60a-0a7af8a1e59d","NAME NOT FOUND","Length: 528"
- 9:28:25,7112655,"PsExec.exe","8044","RegQueryValue","HKLM\SOFTWARE\Microsoft\Ole\PageAllocatorUseSystemHeap","NAME NOT FOUND","Length: 20"
- 9:28:25,7115133,"PsExec.exe","8044","RegQueryValue","HKLM\SOFTWARE\Microsoft\Ole\PageAllocatorSystemHeapIsPrivate","NAME NOT FOUND","Length: 20"
- 9:28:25,7118003,"PsExec.exe","8044","RegQueryValue","HKLM\SOFTWARE\Microsoft\Ole\AggressiveMTATesting","NAME NOT FOUND","Length: 16"
- 9:28:25,7121371,"PsExec.exe","8044","RegOpenKey","HKLM\Software\Microsoft\Ole\FeatureDevelopmentProperties","NAME NOT FOUND","Desired Access: Read"
- 9:28:25,7121905,"PsExec.exe","8044","RegOpenKey","HKLM\SOFTWARE\Microsoft\AppModel\Lookaside\Packages","NAME NOT FOUND","Desired Access: Read"
- 9:28:25,7122775,"PsExec.exe","8044","RegOpenKey","HKLM\Software\Microsoft\Ole\FeatureDevelopmentProperties","NAME NOT FOUND","Desired Access: Read"
- 9:28:25,7126037,"PsExec.exe","8044","RegOpenKey","HKLM\SOFTWARE\Microsoft\Ole\Tracing","NAME NOT FOUND","Desired Access: Read"
- 9:28:25,7127370,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\1aff6089-e863-4d36-bdfd-3581f07440be","NAME NOT FOUND","Length: 528"
- 9:28:25,7129043,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\f0558438-f56a-5987-47da-040ca75aef05","NAME NOT FOUND","Length: 528"
- 9:28:25,7131472,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\c7e09e2a-c663-5399-af79-2fccd321d19a","NAME NOT FOUND","Length: 528"
- 9:28:25,7133116,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\703fcc13-b66f-5868-ddd9-e2db7f381ffb","NAME NOT FOUND","Length: 528"
- 9:28:25,7149724,"PsExec.exe","8044","CreateFileMapping","C:\Windows\SysWOW64\imm32.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READWRITE|PAGE_NOCACHE"
- 9:28:25,7165574,"PsExec.exe","8044","RegOpenKey","HKLM\System\CurrentControlSet\Control\Error Message Instrument","NAME NOT FOUND","Desired Access: Read"
- 9:28:25,7166974,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\f25bcd2e-2690-55dc-3bc4-07b65b1b41c9","NAME NOT FOUND","Length: 528"
- 9:28:25,7170879,"PsExec.exe","8044","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PsExec.exe","NAME NOT FOUND","Desired Access: Query Value, Enumerate Sub Keys"
- 9:28:25,7171878,"PsExec.exe","8044","RegOpenKey","HKLM\SOFTWARE\Policies\Microsoft\Windows\Display","NAME NOT FOUND","Desired Access: Read"
- 9:28:25,7173000,"PsExec.exe","8044","RegOpenKey","HKLM\SOFTWARE\Policies\Microsoft\Windows\Display","NAME NOT FOUND","Desired Access: Read"
- 9:28:25,7173683,"PsExec.exe","8044","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PsExec.exe","NAME NOT FOUND","Desired Access: Query Value, Enumerate Sub Keys"
- 9:28:25,7174532,"PsExec.exe","8044","RegOpenKey","HKLM\SOFTWARE\Policies\Microsoft\Windows\Display","NAME NOT FOUND","Desired Access: Read"
- 9:28:25,7175444,"PsExec.exe","8044","RegOpenKey","HKLM\SOFTWARE\Policies\Microsoft\Windows\Display","NAME NOT FOUND","Desired Access: Read"
- 9:28:25,7177094,"PsExec.exe","8044","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles","NAME NOT FOUND","Length: 20"
- 9:28:25,7178286,"PsExec.exe","8044","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PsExec.exe","NAME NOT FOUND","Desired Access: Read"
- 9:28:25,7179086,"PsExec.exe","8044","RegOpenKey","HKLM\Software\Policies\Microsoft\Windows\Control Panel\Desktop","NAME NOT FOUND","Desired Access: Read"
- 9:28:25,7179736,"PsExec.exe","8044","RegOpenKey","HKCU\Software\Policies\Microsoft\Windows\Control Panel\Desktop","NAME NOT FOUND","Desired Access: Read"
- 9:28:25,7180876,"PsExec.exe","8044","RegQueryValue","HKCU\Control Panel\Desktop\EnablePerProcessSystemDPI","NAME NOT FOUND","Length: 20"
- 9:28:25,7183744,"PsExec.exe","8044","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Compatibility32\PsExec","NAME NOT FOUND","Length: 172"
- 9:28:25,7184568,"PsExec.exe","8044","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\IME Compatibility","NAME NOT FOUND","Desired Access: Read"
- 9:28:25,7192600,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\EMPTY","NAME NOT FOUND","Length: 120"
- 9:28:25,7193268,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\EMPTY","NAME NOT FOUND","Length: 120"
- 9:28:25,7195936,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\Language\InstallLanguageFallback","BUFFER OVERFLOW","Length: 16"
- 9:28:25,7196757,"PsExec.exe","8044","RegOpenKey","HKLM\OSDATA\System\CurrentControlSet\Control\MUI\UILanguages","NAME NOT FOUND","Desired Access: Read"
- 9:28:25,7202492,"PsExec.exe","8044","RegEnumValue","HKLM\System\CurrentControlSet\Control\MUI\UILanguages\ru-RU","NO MORE ENTRIES","Index: 4, Length: 512"
- 9:28:25,7202872,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\MUI\UILanguages\ru-RU\AlternateCodePage","NAME NOT FOUND","Length: 12"
- 9:28:25,7203529,"PsExec.exe","8044","RegEnumKey","HKLM\System\CurrentControlSet\Control\MUI\UILanguages","NO MORE ENTRIES","Index: 1, Length: 512"
- 9:28:25,7204678,"PsExec.exe","8044","RegOpenKey","HKLM\System\CurrentControlSet\Control\MUI\UILanguages\PendingDelete","NAME NOT FOUND","Desired Access: Read"
- 9:28:25,7205685,"PsExec.exe","8044","RegOpenKey","HKLM\SOFTWARE\Policies\Microsoft\MUI\Settings","NAME NOT FOUND","Desired Access: Read"
- 9:28:25,7207457,"PsExec.exe","8044","RegOpenKey","HKCU\Control Panel\Desktop\MuiCached\MachineLanguageConfiguration","NAME NOT FOUND","Desired Access: Read"
- 9:28:25,7209303,"PsExec.exe","8044","RegEnumValue","HKLM\System\CurrentControlSet\Control\MUI\Settings\LanguageConfiguration","NO MORE ENTRIES","Index: 0, Length: 512"
- 9:28:25,7210947,"PsExec.exe","8044","RegOpenKey","HKLM\SOFTWARE\Policies\Microsoft\MUI\Settings","NAME NOT FOUND","Desired Access: Read"
- 9:28:25,7212941,"PsExec.exe","8044","RegOpenKey","HKCU\Software\Policies\Microsoft\Control Panel\Desktop","NAME NOT FOUND","Desired Access: Read"
- 9:28:25,7215580,"PsExec.exe","8044","RegEnumValue","HKCU\Control Panel\Desktop\LanguageConfiguration","NO MORE ENTRIES","Index: 1, Length: 512"
- 9:28:25,7216920,"PsExec.exe","8044","RegOpenKey","HKLM\SOFTWARE\Policies\Microsoft\MUI\Settings","NAME NOT FOUND","Desired Access: Read"
- 9:28:25,7218810,"PsExec.exe","8044","RegOpenKey","HKCU\Software\Policies\Microsoft\Control Panel\Desktop","NAME NOT FOUND","Desired Access: Read"
- 9:28:25,7221031,"PsExec.exe","8044","RegQueryValue","HKCU\Control Panel\Desktop\PreferredUILanguages","BUFFER OVERFLOW","Length: 12"
- 9:28:25,7223026,"PsExec.exe","8044","RegOpenKey","HKLM\SOFTWARE\Policies\Microsoft\MUI\Settings","NAME NOT FOUND","Desired Access: Read"
- 9:28:25,7225764,"PsExec.exe","8044","RegQueryValue","HKCU\Control Panel\Desktop\MuiCached\MachinePreferredUILanguages","BUFFER OVERFLOW","Length: 12"
- 9:28:25,7233359,"PsExec.exe","8044","CreateFile","C:\Windows\SysWOW64\edgegdi.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
- 9:28:25,7239090,"PsExec.exe","8044","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Windows\RequireSignedAppInit_DLLs","NAME NOT FOUND","Length: 16"
- 9:28:25,7248874,"PsExec.exe","8044","CreateFileMapping","C:\Program Files\Agnitum\Outpost Firewall Pro\wl_hook.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_WRITECOPY"
- 9:28:25,7250713,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20"
- 9:28:25,7252625,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80"
- 9:28:25,7261966,"PsExec.exe","8044","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest","NAME NOT FOUND","Length: 20"
- 9:28:25,7275911,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\ca967c75-04bf-40b5-9a16-98b5f9332a92","NAME NOT FOUND","Length: 528"
- 9:28:25,7278117,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\b6fd710b-f783-4b1c-ab9c-c68099dcc0c7","NAME NOT FOUND","Length: 528"
- 9:28:25,7279875,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\c1376338-0984-48b8-b933-9c7d779fd84d","NAME NOT FOUND","Length: 528"
- 9:28:25,7292990,"PsExec.exe","8044","CreateFileMapping","C:\Program Files\Agnitum\Outpost Firewall Pro\machine.ini","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_WRITECOPY"
- 9:28:25,7297947,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\ru-RU","NAME NOT FOUND","Length: 532"
- 9:28:25,7299866,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\ru-RU","NAME NOT FOUND","Length: 532"
- 9:28:25,7304569,"PsExec.exe","8044","CreateFileMapping","C:\Windows\Globalization\Sorting\SortDefault.nls","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_WRITECOPY"
- 9:28:25,7308782,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\Sorting\Ids\ru-RU","NAME NOT FOUND","Length: 90"
- 9:28:25,7335843,"PsExec.exe","8044","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PsExec.exe","NAME NOT FOUND","Desired Access: Query Value, Enumerate Sub Keys"
- 9:28:25,7345851,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\30336ed4-e327-447c-9de0-51b652c86108","NAME NOT FOUND","Length: 528"
- 9:28:25,7347445,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\32980f26-c8f5-5767-6b26-635b3fa83c61","NAME NOT FOUND","Length: 528"
- 9:28:25,7348508,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\703fcc13-b66f-5868-ddd9-e2db7f381ffb","NAME NOT FOUND","Length: 528"
- 9:28:25,7355392,"PsExec.exe","8044","RegOpenKey","HKLM\Software\Sysinternals","NAME NOT FOUND","Desired Access: Query Value"
- 9:28:25,7357647,"PsExec.exe","8044","RegQueryValue","HKCU\SOFTWARE\Sysinternals\EulaAccepted","NAME NOT FOUND","Length: 16"
- 9:28:25,7373960,"PsExec.exe","8044","RegOpenKey","HKLM\Software\Sysinternals","NAME NOT FOUND","Desired Access: Query Value"
- 9:28:25,7375677,"PsExec.exe","8044","RegQueryValue","HKCU\SOFTWARE\Sysinternals\EulaAccepted","NAME NOT FOUND","Length: 16"
- 9:28:25,7392511,"PsExec.exe","8044","CreateFile","C:\Windows\LOGONCLI.DLL","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
- 9:28:25,7402102,"PsExec.exe","8044","CreateFileMapping","C:\Windows\SysWOW64\logoncli.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READWRITE|PAGE_NOCACHE"
- 9:28:25,7406052,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20"
- 9:28:25,7407959,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80"
- 9:28:25,7429081,"PsExec.exe","8044","RegOpenKey","HKLM\SOFTWARE\Policies\Microsoft\Netlogon\Parameters","NAME NOT FOUND","Desired Access: Query Value"
- 9:28:25,7431516,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Netlogon\Parameters\DCLocatorLdapConnectionCacheEnabled","NAME NOT FOUND","Length: 16"
- 9:28:25,7436614,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\WinSock_Registry_Version","BUFFER OVERFLOW","Length: 16"
- 9:28:25,7438903,"PsExec.exe","8044","RegOpenKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\AppId_Catalog\37923DCE-3B65DE3D","NAME NOT FOUND","Desired Access: Read"
- 9:28:25,7439755,"PsExec.exe","8044","RegOpenKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\AppId_Catalog\37923DCE","NAME NOT FOUND","Desired Access: Read"
- 9:28:25,7440473,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Callout","BUFFER OVERFLOW","Length: 12"
- 9:28:25,7444047,"PsExec.exe","8044","RegOpenKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\0000001B","NAME NOT FOUND","Desired Access: Read"
- 9:28:25,7447247,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001\PackedCatalogItem","BUFFER OVERFLOW","Length: 144"
- 9:28:25,7449721,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002\PackedCatalogItem","BUFFER OVERFLOW","Length: 144"
- 9:28:25,7451713,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003\PackedCatalogItem","BUFFER OVERFLOW","Length: 144"
- 9:28:25,7453916,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004\PackedCatalogItem","BUFFER OVERFLOW","Length: 144"
- 9:28:25,7455993,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005\PackedCatalogItem","BUFFER OVERFLOW","Length: 144"
- 9:28:25,7458774,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006\PackedCatalogItem","BUFFER OVERFLOW","Length: 144"
- 9:28:25,7461249,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007\PackedCatalogItem","BUFFER OVERFLOW","Length: 144"
- 9:28:25,7463097,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008\PackedCatalogItem","BUFFER OVERFLOW","Length: 144"
- 9:28:25,7465052,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009\PackedCatalogItem","BUFFER OVERFLOW","Length: 144"
- 9:28:25,7467074,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010\PackedCatalogItem","BUFFER OVERFLOW","Length: 144"
- 9:28:25,7469367,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011\PackedCatalogItem","BUFFER OVERFLOW","Length: 144"
- 9:28:25,7471334,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012\PackedCatalogItem","BUFFER OVERFLOW","Length: 144"
- 9:28:25,7473020,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000013\PackedCatalogItem","BUFFER OVERFLOW","Length: 144"
- 9:28:25,7474990,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000014\PackedCatalogItem","BUFFER OVERFLOW","Length: 144"
- 9:28:25,7476826,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000015\PackedCatalogItem","BUFFER OVERFLOW","Length: 144"
- 9:28:25,7478543,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000016\PackedCatalogItem","BUFFER OVERFLOW","Length: 144"
- 9:28:25,7480273,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000017\PackedCatalogItem","BUFFER OVERFLOW","Length: 144"
- 9:28:25,7482564,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000018\PackedCatalogItem","BUFFER OVERFLOW","Length: 144"
- 9:28:25,7484559,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000019\PackedCatalogItem","BUFFER OVERFLOW","Length: 144"
- 9:28:25,7488968,"PsExec.exe","8044","RegOpenKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\0000001A","NAME NOT FOUND","Desired Access: Read"
- 9:28:25,7492328,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001\DisplayString","BUFFER OVERFLOW","Length: 12"
- 9:28:25,7494387,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\Session Manager\ResourcePolicies","NAME NOT FOUND","Length: 24"
- 9:28:25,7496374,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001\AddressFamily","NAME NOT FOUND","Length: 16"
- 9:28:25,7500794,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002\DisplayString","BUFFER OVERFLOW","Length: 12"
- 9:28:25,7502584,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002\AddressFamily","NAME NOT FOUND","Length: 16"
- 9:28:25,7507620,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003\DisplayString","BUFFER OVERFLOW","Length: 12"
- 9:28:25,7509735,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003\AddressFamily","NAME NOT FOUND","Length: 16"
- 9:28:25,7513770,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004\DisplayString","BUFFER OVERFLOW","Length: 12"
- 9:28:25,7515565,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004\AddressFamily","NAME NOT FOUND","Length: 16"
- 9:28:25,7520082,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000005\DisplayString","BUFFER OVERFLOW","Length: 12"
- 9:28:25,7521679,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000005\AddressFamily","NAME NOT FOUND","Length: 16"
- 9:28:25,7525994,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000006\DisplayString","BUFFER OVERFLOW","Length: 12"
- 9:28:25,7527869,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000006\AddressFamily","NAME NOT FOUND","Length: 16"
- 9:28:25,7532233,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000007\DisplayString","BUFFER OVERFLOW","Length: 12"
- 9:28:25,7534192,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000007\AddressFamily","NAME NOT FOUND","Length: 16"
- 9:28:25,7538342,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000008\DisplayString","BUFFER OVERFLOW","Length: 12"
- 9:28:25,7540072,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000008\AddressFamily","NAME NOT FOUND","Length: 16"
- 9:28:25,7545268,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Ws2_32NumHandleBuckets","NAME NOT FOUND","Length: 16"
- 9:28:25,7545611,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Ws2_32SpinCount","NAME NOT FOUND","Length: 16"
- 9:28:25,7556165,"PsExec.exe","8044","CreateFileMapping","C:\Windows\SysWOW64\PrxerNsp.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READWRITE|PAGE_NOCACHE"
- 9:28:25,7557852,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20"
- 9:28:25,7559506,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80"
- 9:28:25,7570879,"PsExec.exe","8044","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest","NAME NOT FOUND","Length: 20"
- 9:28:25,7593503,"PsExec.exe","8044","CreateFileMapping","C:\Windows\SysWOW64\mswsock.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READWRITE|PAGE_NOCACHE"
- 9:28:25,7595573,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20"
- 9:28:25,7597449,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80"
- 9:28:25,7613041,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\DisableSockPollConnFailureReturn","NAME NOT FOUND","Length: 16"
- 9:28:25,7624536,"PsExec.exe","8044","CreateFileMapping","C:\Windows\SysWOW64\dnsapi.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READWRITE|PAGE_NOCACHE"
- 9:28:25,7626136,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20"
- 9:28:25,7627947,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80"
- 9:28:25,7641684,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\9ca335ed-c0a6-4b4d-b084-9c9b5143aff0","NAME NOT FOUND","Length: 528"
- 9:28:25,7643356,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\703fcc13-b66f-5868-ddd9-e2db7f381ffb","NAME NOT FOUND","Length: 528"
- 9:28:25,7652162,"PsExec.exe","8044","CreateFileMapping","C:\Windows\SysWOW64\IPHLPAPI.DLL","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READWRITE|PAGE_NOCACHE"
- 9:28:25,7654029,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20"
- 9:28:25,7655809,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80"
- 9:28:25,7675192,"PsExec.exe","8044","RegOpenKey","HKLM\System\CurrentControlSet\Control\StateSeparation\RedirectionMap\Keys","NAME NOT FOUND","Desired Access: Read"
- 9:28:25,7687850,"PsExec.exe","8044","RegOpenKey","HKLM\SOFTWARE\Policies\Microsoft\Windows NT\DnsClient","NAME NOT FOUND","Desired Access: Read"
- 9:28:25,7688476,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Hostname","BUFFER OVERFLOW","Length: 12"
- 9:28:25,7696001,"PsExec.exe","8044","RegOpenKey","HKLM\SOFTWARE\Policies\Microsoft\Windows NT\DnsClient","NAME NOT FOUND","Desired Access: Read"
- 9:28:25,7696445,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Hostname","BUFFER OVERFLOW","Length: 12"
- 9:28:25,7704058,"PsExec.exe","8044","RegOpenKey","HKLM\SOFTWARE\Policies\Microsoft\Windows NT\DnsClient","NAME NOT FOUND","Desired Access: Read"
- 9:28:25,7705975,"PsExec.exe","8044","RegOpenKey","HKLM\SOFTWARE\Policies\Microsoft\System\DNSClient","NAME NOT FOUND","Desired Access: Query Value"
- 9:28:25,7706449,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Domain","BUFFER OVERFLOW","Length: 12"
- 9:28:25,7717363,"PsExec.exe","8044","CreateFileMapping","C:\Windows\SysWOW64\NapiNSP.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READWRITE|PAGE_NOCACHE"
- 9:28:25,7719248,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20"
- 9:28:25,7720837,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80"
- 9:28:25,7739134,"PsExec.exe","8044","RegQueryValue","HKLM\SOFTWARE\Microsoft\Rpc\MaxRpcSize","NAME NOT FOUND","Length: 16"
- 9:28:25,7740839,"PsExec.exe","8044","RegOpenKey","HKLM\System\CurrentControlSet\Services\CCG","NAME NOT FOUND","Desired Access: Read"
- 9:28:25,7741916,"PsExec.exe","8044","RegOpenKey","HKLM\System\CurrentControlSet\Services\CCG","NAME NOT FOUND","Desired Access: Read"
- 9:28:25,7743175,"PsExec.exe","8044","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PsExec.exe","NAME NOT FOUND","Desired Access: Query Value, Enumerate Sub Keys"
- 9:28:25,7746259,"PsExec.exe","8044","RegOpenKey","HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Rpc","NAME NOT FOUND","Desired Access: Read"
- 9:28:25,7749399,"PsExec.exe","8044","RegQueryValue","HKLM\SOFTWARE\Microsoft\Rpc\IdleTimerWindow","NAME NOT FOUND","Length: 16"
- 9:28:25,7764989,"PsExec.exe","8044","CreateFileMapping","C:\Windows\SysWOW64\pnrpnsp.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READWRITE|PAGE_NOCACHE"
- 9:28:25,7766705,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20"
- 9:28:25,7768504,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80"
- 9:28:25,7790752,"PsExec.exe","8044","CreateFileMapping","C:\Windows\SysWOW64\wshbth.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READWRITE|PAGE_NOCACHE"
- 9:28:25,7792637,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20"
- 9:28:25,7794418,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80"
- 9:28:25,7814113,"PsExec.exe","8044","CreateFileMapping","C:\Windows\SysWOW64\nlaapi.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READWRITE|PAGE_NOCACHE"
- 9:28:25,7815920,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20"
- 9:28:25,7817604,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80"
- 9:28:25,7830429,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\6ff5771a-f64e-473f-a2e8-4654c218ff3a","NAME NOT FOUND","Length: 528"
- 9:28:25,7832097,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\703fcc13-b66f-5868-ddd9-e2db7f381ffb","NAME NOT FOUND","Length: 528"
- 9:28:25,7841244,"PsExec.exe","8044","CreateFileMapping","C:\Windows\SysWOW64\winrnr.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READWRITE|PAGE_NOCACHE"
- 9:28:25,7843031,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20"
- 9:28:25,7844606,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80"
- 9:28:25,7864877,"PsExec.exe","8044","RegOpenKey","HKLM\SOFTWARE\Policies\Microsoft\Windows NT\DnsClient","NAME NOT FOUND","Desired Access: Read"
- 9:28:25,7865332,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Hostname","BUFFER OVERFLOW","Length: 12"
- 9:28:25,7873799,"PsExec.exe","8044","RegOpenKey","HKLM\SOFTWARE\Policies\Microsoft\Windows NT\DnsClient","NAME NOT FOUND","Desired Access: Read"
- 9:28:25,7875442,"PsExec.exe","8044","RegOpenKey","HKLM\System\CurrentControlSet\Services\DNS","NAME NOT FOUND","Desired Access: Query Value"
- 9:28:25,7875945,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\QueryAdapterName","NAME NOT FOUND","Length: 16"
- 9:28:25,7876382,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DisableAdapterDomainName","NAME NOT FOUND","Length: 16"
- 9:28:25,7876744,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\UseDomainNameDevolution","NAME NOT FOUND","Length: 16"
- 9:28:25,7877486,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\DomainNameDevolutionLevel","NAME NOT FOUND","Length: 16"
- 9:28:25,7877815,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\PrioritizeRecordData","NAME NOT FOUND","Length: 16"
- 9:28:25,7878186,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\PrioritizeRecordData","NAME NOT FOUND","Length: 16"
- 9:28:25,7878546,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\AllowUnqualifiedQuery","NAME NOT FOUND","Length: 16"
- 9:28:25,7878885,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\AllowUnqualifiedQuery","NAME NOT FOUND","Length: 16"
- 9:28:25,7879300,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\AppendToMultiLabelName","NAME NOT FOUND","Length: 16"
- 9:28:25,7879677,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\ScreenBadTlds","NAME NOT FOUND","Length: 16"
- 9:28:25,7880039,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\ScreenUnreachableServers","NAME NOT FOUND","Length: 16"
- 9:28:25,7880375,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\ScreenDefaultServers","NAME NOT FOUND","Length: 16"
- 9:28:25,7880683,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\DynamicServerQueryOrder","NAME NOT FOUND","Length: 16"
- 9:28:25,7881005,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\FilterClusterIp","NAME NOT FOUND","Length: 16"
- 9:28:25,7881297,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\WaitForNameErrorOnAll","NAME NOT FOUND","Length: 16"
- 9:28:25,7881590,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\UseEdns","NAME NOT FOUND","Length: 16"
- 9:28:25,7881896,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\DnsSecureNameQueryFallback","NAME NOT FOUND","Length: 16"
- 9:28:25,7882219,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\EnableDAForAllNetworks","NAME NOT FOUND","Length: 16"
- 9:28:25,7882556,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\DirectAccessQueryOrder","NAME NOT FOUND","Length: 16"
- 9:28:25,7882861,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\QueryIpMatching","NAME NOT FOUND","Length: 16"
- 9:28:25,7883155,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\UseHostsFile","NAME NOT FOUND","Length: 16"
- 9:28:25,7883406,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\AddrConfigControl","NAME NOT FOUND","Length: 16"
- 9:28:25,7883654,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\DisableSmartNameResolution","NAME NOT FOUND","Length: 16"
- 9:28:25,7883923,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\PreferLocalOverLowerBindingDNS","NAME NOT FOUND","Length: 16"
- 9:28:25,7884196,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\QueryNetBTFQDN","NAME NOT FOUND","Length: 16"
- 9:28:25,7884520,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\DisableSmartProtocolReordering","NAME NOT FOUND","Length: 16"
- 9:28:25,7884785,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\UdpRecvBufferSize","NAME NOT FOUND","Length: 16"
- 9:28:25,7885075,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\DisableParallelAandAAAA","NAME NOT FOUND","Length: 16"
- 9:28:25,7885385,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\DisableCoalescing","NAME NOT FOUND","Length: 16"
- 9:28:25,7885643,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\FilterVPNTrigger","NAME NOT FOUND","Length: 16"
- 9:28:25,7885916,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\EnableMultiHomedRouteConflicts","NAME NOT FOUND","Length: 16"
- 9:28:25,7886207,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\ForceQueriesOverTcp","NAME NOT FOUND","Length: 16"
- 9:28:25,7886515,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\ShareTcpConnections","NAME NOT FOUND","Length: 16"
- 9:28:25,7886778,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\RegistrationEnabled","NAME NOT FOUND","Length: 16"
- 9:28:25,7887066,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DisableDynamicUpdate","NAME NOT FOUND","Length: 16"
- 9:28:25,7887355,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\RegisterPrimaryName","NAME NOT FOUND","Length: 16"
- 9:28:25,7887612,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\RegisterAdapterName","NAME NOT FOUND","Length: 16"
- 9:28:25,7887986,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\EnableAdapterDomainNameRegistration","NAME NOT FOUND","Length: 16"
- 9:28:25,7888415,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\RegisterReverseLookup","NAME NOT FOUND","Length: 16"
- 9:28:25,7888791,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DisableReverseAddressRegistrations","NAME NOT FOUND","Length: 16"
- 9:28:25,7889208,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\RegisterWanAdapters","NAME NOT FOUND","Length: 16"
- 9:28:25,7889617,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DisableWanDynamicUpdate","NAME NOT FOUND","Length: 16"
- 9:28:25,7890042,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\RegistrationTtl","NAME NOT FOUND","Length: 16"
- 9:28:25,7890408,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DefaultRegistrationTTL","NAME NOT FOUND","Length: 16"
- 9:28:25,7890780,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\RegistrationRefreshInterval","NAME NOT FOUND","Length: 16"
- 9:28:25,7891114,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DefaultRegistrationRefreshInterval","NAME NOT FOUND","Length: 16"
- 9:28:25,7891477,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\RegistrationMaxAddressCount","NAME NOT FOUND","Length: 16"
- 9:28:25,7891798,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\MaxNumberOfAddressesToRegister","NAME NOT FOUND","Length: 16"
- 9:28:25,7892177,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\UpdateSecurityLevel","NAME NOT FOUND","Length: 16"
- 9:28:25,7892498,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\UpdateSecurityLevel","NAME NOT FOUND","Length: 16"
- 9:28:25,7892851,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\UpdateTopLevelDomainZones","NAME NOT FOUND","Length: 16"
- 9:28:25,7893187,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\DowncaseSpnCauseApiOwnerIsTooLazy","NAME NOT FOUND","Length: 16"
- 9:28:25,7893504,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\RegistrationOverwrite","NAME NOT FOUND","Length: 16"
- 9:28:25,7893850,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\MaxCacheSize","NAME NOT FOUND","Length: 16"
- 9:28:25,7894122,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\MaxCacheTtl","NAME NOT FOUND","Length: 16"
- 9:28:25,7894397,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\MaxNegativeCacheTtl","NAME NOT FOUND","Length: 16"
- 9:28:25,7894678,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\AdapterTimeoutLimit","NAME NOT FOUND","Length: 16"
- 9:28:25,7894978,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\ServerPriorityTimeLimit","NAME NOT FOUND","Length: 16"
- 9:28:25,7895258,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\MaxCachedSockets","NAME NOT FOUND","Length: 16"
- 9:28:25,7895522,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\DisableServerUnreachability","NAME NOT FOUND","Length: 16"
- 9:28:25,7895819,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\EnableMulticast","NAME NOT FOUND","Length: 16"
- 9:28:25,7896117,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\MulticastResponderFlags","NAME NOT FOUND","Length: 16"
- 9:28:25,7896386,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\MulticastSenderFlags","NAME NOT FOUND","Length: 16"
- 9:28:25,7896666,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\MulticastSenderMaxTimeout","NAME NOT FOUND","Length: 16"
- 9:28:25,7896928,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\EnableMDNS","NAME NOT FOUND","Length: 16"
- 9:28:25,7897181,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\DnsTest","NAME NOT FOUND","Length: 16"
- 9:28:25,7897463,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\UseCompartments","NAME NOT FOUND","Length: 16"
- 9:28:25,7897755,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\CacheAllCompartments","NAME NOT FOUND","Length: 16"
- 9:28:25,7898003,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\UseNewRegistration","NAME NOT FOUND","Length: 16"
- 9:28:25,7898304,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\ResolverRegistration","NAME NOT FOUND","Length: 16"
- 9:28:25,7898613,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\ResolverRegistrationOnly","NAME NOT FOUND","Length: 16"
- 9:28:25,7898905,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\NewDhcpSrvRegistration","NAME NOT FOUND","Length: 16"
- 9:28:25,7899170,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\DirectAccessPreferLocal","NAME NOT FOUND","Length: 16"
- 9:28:25,7899441,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\DisableIdnEncoding","NAME NOT FOUND","Length: 16"
- 9:28:25,7899715,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\EnableIdnMapping","NAME NOT FOUND","Length: 16"
- 9:28:25,7900060,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\ShortnameProxyDefault","NAME NOT FOUND","Length: 16"
- 9:28:25,7900380,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\DisableNRPTForAdapterRegistration","NAME NOT FOUND","Length: 16"
- 9:28:25,7900679,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\TestMode_AdaptiveTimeoutHistoryLength","NAME NOT FOUND","Length: 16"
- 9:28:25,7900980,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\TestMode_AdaptiveTimeoutRecalculationInterval","NAME NOT FOUND","Length: 16"
- 9:28:25,7901335,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\DnsQueryTimeouts","NAME NOT FOUND","Length: 12"
- 9:28:25,7901686,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DnsQueryTimeouts","NAME NOT FOUND","Length: 12"
- 9:28:25,7901997,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\DnsQuickQueryTimeouts","NAME NOT FOUND","Length: 12"
- 9:28:25,7902272,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DnsQuickQueryTimeouts","NAME NOT FOUND","Length: 12"
- 9:28:25,7909990,"PsExec.exe","8044","RegOpenKey","HKLM\SOFTWARE\Policies\Microsoft\Windows NT\DnsClient","NAME NOT FOUND","Desired Access: Read"
- 9:28:25,7910391,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Hostname","BUFFER OVERFLOW","Length: 12"
- 9:28:25,7916713,"PsExec.exe","8044","RegOpenKey","HKLM\SOFTWARE\Policies\Microsoft\Windows NT\DnsClient","NAME NOT FOUND","Desired Access: Read"
- 9:28:25,7918007,"PsExec.exe","8044","RegOpenKey","HKLM\SOFTWARE\Policies\Microsoft\System\DNSClient","NAME NOT FOUND","Desired Access: Query Value"
- 9:28:25,7918391,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Domain","BUFFER OVERFLOW","Length: 12"
- 9:28:25,7924209,"PsExec.exe","8044","RegOpenKey","HKLM\SOFTWARE\Policies\Microsoft\Windows NT\DnsClient","NAME NOT FOUND","Desired Access: Read"
- 9:28:25,7924552,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Hostname","BUFFER OVERFLOW","Length: 12"
- 9:28:25,7937929,"PsExec.exe","8044","CreateFileMapping","C:\Windows\SysWOW64\FWPUCLNT.DLL","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READWRITE|PAGE_NOCACHE"
- 9:28:25,7939839,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20"
- 9:28:25,7941546,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80"
- 9:28:25,7960985,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\f3a71a4b-6118-4257-8ccb-39a33ba059d4","NAME NOT FOUND","Length: 528"
- 9:28:25,7963688,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\7e32a1c4-d502-5b7c-39e8-2b7b0b5f0424","NAME NOT FOUND","Length: 528"
- 9:28:25,7964658,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\703fcc13-b66f-5868-ddd9-e2db7f381ffb","NAME NOT FOUND","Length: 528"
- 9:28:25,7984566,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\WinSock_Registry_Version","BUFFER OVERFLOW","Length: 16"
- 9:28:25,7995722,"PsExec.exe","8044","CreateFileMapping","C:\Windows\SysWOW64\rasadhlp.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READWRITE|PAGE_NOCACHE"
- 9:28:25,7997394,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20"
- 9:28:25,7999208,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80"
- 9:28:26,2575975,"PsExec.exe","8044","CreateFile","C:\Windows\CRYPTBASE.DLL","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
- 9:28:26,2585523,"PsExec.exe","8044","CreateFileMapping","C:\Windows\SysWOW64\cryptbase.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READWRITE|PAGE_NOCACHE"
- 9:28:26,2587377,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20"
- 9:28:26,2589390,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80"
- 9:28:26,2612182,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy","NAME NOT FOUND","Length: 20"
- 9:28:26,2612685,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy\MDMEnabled","NAME NOT FOUND","Length: 20"
- 9:28:26,2614259,"PsExec.exe","8044","RegOpenKey","HKLM\System\CurrentControlSet\Policies\Microsoft\Cryptography\Configuration","NAME NOT FOUND","Desired Access: Query Value"
- 9:28:26,2627492,"PsExec.exe","8044","CreateFileMapping","C:\Windows\SysWOW64\ntmarta.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READWRITE|PAGE_NOCACHE"
- 9:28:26,2629904,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20"
- 9:28:26,2631748,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80"
- 9:28:26,2650913,"PsExec.exe","8044","CreateFile","C:\Windows\CSC\v2.0.6\namespace\MYCOMP","NAME NOT FOUND","Desired Access: Read EA, Write EA, Read Attributes, Write Attributes, Delete, Read Control, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
- 9:28:26,2651806,"PsExec.exe","8044","CreateFile","\\MYCOMP\admin$\PSEXEC-MYCOMP-78B0AE2E.key","BAD NETWORK PATH","Desired Access: Generic Write, Read Attributes, Disposition: OverwriteIf, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: 0"
- 9:28:26,2654191,"PsExec.exe","8044","CreateFile","C:\Windows\CSC\v2.0.6\namespace\MYCOMP","NAME NOT FOUND","Desired Access: Read EA, Write EA, Read Attributes, Write Attributes, Delete, Read Control, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
- 9:28:26,2657058,"PsExec.exe","8044","CreateFile","C:\Windows\CSC\v2.0.6\namespace\MYCOMP","NAME NOT FOUND","Desired Access: Read EA, Write EA, Read Attributes, Write Attributes, Delete, Read Control, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
- 9:28:26,2660304,"PsExec.exe","8044","CreateFile","C:\Windows\CSC\v2.0.6\namespace\MYCOMP","NAME NOT FOUND","Desired Access: Read EA, Write EA, Read Attributes, Write Attributes, Delete, Read Control, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
- 9:28:26,2663944,"PsExec.exe","8044","CreateFile","C:\Windows\CSC\v2.0.6\namespace\MYCOMP","NAME NOT FOUND","Desired Access: Read EA, Write EA, Read Attributes, Write Attributes, Delete, Read Control, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
- 9:28:26,2667002,"PsExec.exe","8044","CreateFile","C:\Windows\CSC\v2.0.6\namespace\MYCOMP","NAME NOT FOUND","Desired Access: Read EA, Write EA, Read Attributes, Write Attributes, Delete, Read Control, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
- 9:28:26,2669347,"PsExec.exe","8044","CreateFile","C:\Windows\CSC\v2.0.6\namespace\MYCOMP","NAME NOT FOUND","Desired Access: Read EA, Write EA, Read Attributes, Write Attributes, Delete, Read Control, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
- 9:28:26,2743799,"PsExec.exe","8044","RegOpenKey","HKLM\SOFTWARE\Microsoft\LanguageOverlay\OverlayPackages\ru-RU","NAME NOT FOUND","Desired Access: Read"
- 9:28:26,2747004,"PsExec.exe","8044","CreateFile","C:\Windows\SysWOW64\ru-RU\KERNELBASE.dll.mui","NAME NOT FOUND","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a"
- 9:28:26,2750867,"PsExec.exe","8044","CreateFileMapping","C:\Windows\System32\ru-RU\KernelBase.dll.mui","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READWRITE|PAGE_NOCACHE"
- 9:28:26,2758980,"PsExec.exe","8044","CreateFile","C:\Windows\CSC\v2.0.6\namespace\MYCOMP","NAME NOT FOUND","Desired Access: Read EA, Write EA, Read Attributes, Write Attributes, Delete, Read Control, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
- 9:28:26,2759784,"PsExec.exe","8044","CreateFile","\\MYCOMP\admin$\PSEXEC-MYCOMP-78B0AE2E.key","BAD NETWORK PATH","Desired Access: Read Attributes, Delete, Disposition: Open, Options: Non-Directory File, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
- 9:28:26,2761844,"PsExec.exe","8044","CreateFile","C:\Windows\CSC\v2.0.6\namespace\MYCOMP","NAME NOT FOUND","Desired Access: Read EA, Write EA, Read Attributes, Write Attributes, Delete, Read Control, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
- 9:28:26,2770422,"PsExec.exe","8044","CreateFileMapping","C:\Windows\SysWOW64\kernel.appcore.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READWRITE|PAGE_NOCACHE"
- 9:28:26,2772473,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20"
- 9:28:26,2774864,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80"
- 9:28:26,2796769,"PsExec.exe","8044","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles","NAME NOT FOUND","Length: 20"
- 9:28:26,2871999,"PsExec.exe","8044","RegQueryValue","HKLM\System\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-1677885551-301352413-4112317786-1001\\Device\HarddiskVolume3\Windows\PsExec.exe","NAME NOT FOUND","Length: 40"
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement