Advertisement
unixfreaxjp

DFIR - TcpAdaptorService.exe - Daemon/Net start

Jan 31st, 2013
114
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. TcpAdaptorService.exe - Daemon/Net start
  2. =============================================
  3. "21:05:42.9172890","TcpAdaptorService.exe","3752","Thread Create","","SUCCESS","Thread ID: 3852"
  4. "21:05:42.9194021","TcpAdaptorService.exe","3752","QueryNameInformationFile","C:\Documents and Settings\%USER%\%DESKTOP%\TcpAdaptorService0.exe","SUCCESS","Name: \Documents and Settings\%USER%\%DESKTOP%\TcpAdaptorService.exe"
  5. "21:05:42.9196627","TcpAdaptorService.exe","3752","Load Image","C:\Documents and Settings\%USER%\%DESKTOP%\TcpAdaptorService.exe","SUCCESS","Image Base: 0x400000, Image Size: 0x14000"
  6. "21:05:42.9198636","TcpAdaptorService.exe","3752","Load Image","C:\WINDOWS\System32\ntdll.dll","SUCCESS","Image Base: 0x7c940000, Image Size: 0x9c000"
  7. "21:05:42.9198845","TcpAdaptorService.exe","3752","QueryNameInformationFile","C:\Documents and Settings\%USER%\%DESKTOP%\TcpAdaptorService0.exe","SUCCESS","Name: \Documents and Settings\%USER%\%DESKTOP%\TcpAdaptorService.exe"
  8. "21:05:42.9200837","TcpAdaptorService.exe","3752","CreateFile","C:\WINDOWS\Prefetch\TCPADAPTORSERVICE.EXE-2EED8274.pf","NAME NOT FOUND","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Attributes: n/a, ShareMode: None, AllocationSize: n/a"
  9. "21:05:42.9203776","TcpAdaptorService.exe","3752","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TcpAdaptorService.exe","NAME NOT FOUND","Desired Access: Read"
  10. "21:05:42.9206665","TcpAdaptorService.exe","3752","CreateFile","C:\WINDOWS\system32","SUCCESS","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
  11. "21:05:42.9235074","TcpAdaptorService.exe","3752","FileSystemControl","C:\WINDOWS\system32","SUCCESS","Control: FSCTL_IS_VOLUME_MOUNTED"
  12. "21:05:42.9239778","TcpAdaptorService.exe","3752","CreateFile","C:\Documents and Settings\%USER%\%DESKTOP%\TcpAdaptorService.exe.Local","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
  13. "21:05:42.9242658","TcpAdaptorService.exe","3752","Load Image","C:\WINDOWS\System32\KERNEL32.DLL","SUCCESS","Image Base: 0x7c800000, Image Size: 0x133000"
  14. "21:05:42.9245737","TcpAdaptorService.exe","3752","RegOpenKey","HKLM\System\CurrentControlSet\Control\Terminal Server","SUCCESS","Desired Access: Read"
  15. "21:05:42.9246164","TcpAdaptorService.exe","3752","RegQueryValue","HKLM\System\CurrentControlSet\Control\Terminal Server\TSAppCompat","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
  16. "21:05:42.9246514","TcpAdaptorService.exe","3752","RegCloseKey","HKLM\System\CurrentControlSet\Control\Terminal Server","SUCCESS",""
  17. "21:05:42.9489167","TcpAdaptorService.exe","3752","Load Image","C:\WINDOWS\System32\ADVAPI32.DLL","SUCCESS","Image Base: 0x77d80000, Image Size: 0xa9000"
  18. "21:05:42.9492293","TcpAdaptorService.exe","3752","Load Image","C:\WINDOWS\System32\RPCRT4.DLL","SUCCESS","Image Base: 0x77e30000, Image Size: 0x92000"
  19. "21:05:42.9495095","TcpAdaptorService.exe","3752","Load Image","C:\WINDOWS\System32\SECUR32.DLL","SUCCESS","Image Base: 0x77fa0000, Image Size: 0x11000"
  20. "21:05:42.9516838","TcpAdaptorService.exe","3752","CreateFile","C:\Documents and Settings\%USER%\%DESKTOP%\PSAPI.DLL","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
  21. "21:05:42.9521216","TcpAdaptorService.exe","3752","CreateFile","C:\WINDOWS\system32\psapi.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  22. "21:05:42.9540760","TcpAdaptorService.exe","3752","QueryBasicInformationFile","C:\WINDOWS\system32\psapi.dll","SUCCESS","CreationTime: 2008/08/20 12:00:00, LastAccessTime: 2013/01/31 0:00:00, LastWriteTime: 2008/08/20 12:00:00, ChangeTime: 1601/01/01 9:00:00, FileAttributes: A"
  23. "21:05:42.9542470","TcpAdaptorService.exe","3752","CloseFile","C:\WINDOWS\system32\psapi.dll","SUCCESS",""
  24. "21:05:42.9544870","TcpAdaptorService.exe","3752","CreateFile","C:\WINDOWS\system32\psapi.dll","SUCCESS","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
  25. "21:05:42.9558441","TcpAdaptorService.exe","3752","CreateFileMapping","C:\WINDOWS\system32\psapi.dll","SUCCESS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE"
  26. "21:05:42.9559000","TcpAdaptorService.exe","3752","CreateFileMapping","C:\WINDOWS\SYSTEM32\PSAPI.DLL","SUCCESS","SyncType: SyncTypeOther"
  27. "21:05:42.9560981","TcpAdaptorService.exe","3752","CloseFile","C:\WINDOWS\system32\psapi.dll","SUCCESS",""
  28. "21:05:42.9563428","TcpAdaptorService.exe","3752","Load Image","C:\WINDOWS\System32\PSAPI.DLL","SUCCESS","Image Base: 0x76ba0000, Image Size: 0xb000"
  29. "21:05:42.9611378","TcpAdaptorService.exe","3752","CreateFile","C:\Documents and Settings\%USER%\%DESKTOP%\WS2_32.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
  30. "21:05:42.9615544","TcpAdaptorService.exe","3752","CreateFile","C:\WINDOWS\system32\ws2_32.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  31. "21:05:42.9636365","TcpAdaptorService.exe","3752","QueryBasicInformationFile","C:\WINDOWS\system32\ws2_32.dll","SUCCESS","CreationTime: 2008/08/20 12:00:00, LastAccessTime: 2013/01/31 0:00:00, LastWriteTime: 2008/08/20 12:00:00, ChangeTime: 1601/01/01 9:00:00, FileAttributes: A"
  32. "21:05:42.9637979","TcpAdaptorService.exe","3752","CloseFile","C:\WINDOWS\system32\ws2_32.dll","SUCCESS",""
  33. "21:05:42.9657443","TcpAdaptorService.exe","3752","CreateFile","C:\WINDOWS\system32\ws2_32.dll","SUCCESS","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
  34. "21:05:42.9659186","TcpAdaptorService.exe","3752","CreateFileMapping","C:\WINDOWS\system32\ws2_32.dll","SUCCESS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE"
  35. "21:05:42.9659711","TcpAdaptorService.exe","3752","CreateFileMapping","C:\WINDOWS\SYSTEM32\WS2_32.DLL","SUCCESS","SyncType: SyncTypeOther"
  36. "21:05:42.9661491","TcpAdaptorService.exe","3752","CloseFile","C:\WINDOWS\system32\ws2_32.dll","SUCCESS",""
  37. "21:05:42.9685692","TcpAdaptorService.exe","3752","Load Image","C:\WINDOWS\System32\WS2_32.DLL","SUCCESS","Image Base: 0x719e0000, Image Size: 0x17000"
  38. "21:05:42.9688659","TcpAdaptorService.exe","3752","Load Image","C:\WINDOWS\System32\MSVCRT.DLL","SUCCESS","Image Base: 0x77bc0000, Image Size: 0x58000"
  39. "21:05:42.9692992","TcpAdaptorService.exe","3752","CreateFile","C:\Documents and Settings\%USER%\%DESKTOP%\WS2HELP.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
  40. "21:05:42.9711777","TcpAdaptorService.exe","3752","CreateFile","C:\WINDOWS\system32\ws2help.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  41. "21:05:42.9713472","TcpAdaptorService.exe","3752","QueryBasicInformationFile","C:\WINDOWS\system32\ws2help.dll","SUCCESS","CreationTime: 2008/08/20 12:00:00, LastAccessTime: 2013/01/31 0:00:00, LastWriteTime: 2008/08/20 12:00:00, ChangeTime: 1601/01/01 9:00:00, FileAttributes: A"
  42. "21:05:42.9715076","TcpAdaptorService.exe","3752","CloseFile","C:\WINDOWS\system32\ws2help.dll","SUCCESS",""
  43. "21:05:43.0051979","TcpAdaptorService.exe","3752","CreateFile","C:\WINDOWS\system32\ws2help.dll","SUCCESS","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
  44. "21:05:43.0053789","TcpAdaptorService.exe","3752","CreateFileMapping","C:\WINDOWS\system32\ws2help.dll","SUCCESS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE"
  45. "21:05:43.0054359","TcpAdaptorService.exe","3752","CreateFileMapping","C:\WINDOWS\SYSTEM32\WS2HELP.DLL","SUCCESS","SyncType: SyncTypeOther"
  46. "21:05:43.0056158","TcpAdaptorService.exe","3752","CloseFile","C:\WINDOWS\system32\ws2help.dll","SUCCESS",""
  47. "21:05:43.0079625","TcpAdaptorService.exe","3752","Load Image","C:\WINDOWS\System32\WS2HELP.DLL","SUCCESS","Image Base: 0x719d0000, Image Size: 0x8000"
  48. "21:05:43.0084176","TcpAdaptorService.exe","3752","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Secur32.dll","NAME NOT FOUND","Desired Access: Read"
  49. "21:05:43.0107729","TcpAdaptorService.exe","3752","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RPCRT4.dll","NAME NOT FOUND","Desired Access: Read"
  50. "21:05:43.0108039","TcpAdaptorService.exe","3752","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ADVAPI32.dll","NAME NOT FOUND","Desired Access: Read"
  51. "21:05:43.0108338","TcpAdaptorService.exe","3752","RegOpenKey","HKLM\System\CurrentControlSet\Control\Terminal Server","SUCCESS","Desired Access: Read"
  52. "21:05:43.0108718","TcpAdaptorService.exe","3752","RegQueryValue","HKLM\System\CurrentControlSet\Control\Terminal Server\TSAppCompat","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
  53. "21:05:43.0108905","TcpAdaptorService.exe","3752","RegQueryValue","HKLM\System\CurrentControlSet\Control\Terminal Server\TSUserEnabled","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
  54. "21:05:43.0109171","TcpAdaptorService.exe","3752","RegCloseKey","HKLM\System\CurrentControlSet\Control\Terminal Server","SUCCESS",""
  55. "21:05:43.0109308","TcpAdaptorService.exe","3752","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon","SUCCESS","Desired Access: Read"
  56. "21:05:43.0109606","TcpAdaptorService.exe","3752","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\LeakTrack","NAME NOT FOUND","Length: 144"
  57. "21:05:43.0109883","TcpAdaptorService.exe","3752","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon","SUCCESS",""
  58. "21:05:43.0109981","TcpAdaptorService.exe","3752","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed"
  59. "21:05:43.0110190","TcpAdaptorService.exe","3752","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Diagnostics","NAME NOT FOUND","Desired Access: Read"
  60. "21:05:43.0110540","TcpAdaptorService.exe","3752","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PSAPI.DLL","NAME NOT FOUND","Desired Access: Read"
  61. "21:05:43.0110743","TcpAdaptorService.exe","3752","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msvcrt.dll","NAME NOT FOUND","Desired Access: Read"
  62. "21:05:43.0114696","TcpAdaptorService.exe","3752","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WS2HELP.dll","NAME NOT FOUND","Desired Access: Read"
  63. "21:05:43.0114923","TcpAdaptorService.exe","3752","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WS2_32.dll","NAME NOT FOUND","Desired Access: Read"
  64. "21:05:43.0115205","TcpAdaptorService.exe","3752","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ntdll.dll","NAME NOT FOUND","Desired Access: Read"
  65. "21:05:43.0115398","TcpAdaptorService.exe","3752","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kernel32.dll","NAME NOT FOUND","Desired Access: Read"
  66. "21:05:43.0117800","TcpAdaptorService.exe","3752","RegOpenKey","HKLM\System\CurrentControlSet\Control\ServiceCurrent","SUCCESS","Desired Access: Query Value"
  67. "21:05:43.0118130","TcpAdaptorService.exe","3752","RegQueryValue","HKLM\System\CurrentControlSet\Control\ServiceCurrent\(Default)","SUCCESS","Type: REG_DWORD, Length: 4, Data: 15"
  68. "21:05:43.0118370","TcpAdaptorService.exe","3752","RegCloseKey","HKLM\System\CurrentControlSet\Control\ServiceCurrent","SUCCESS",""
  69. "21:05:43.0119717","TcpAdaptorService.exe","3752","RegOpenKey","HKLM\Software\Microsoft\Rpc\PagedBuffers","NAME NOT FOUND","Desired Access: Read"
  70. "21:05:43.0119907","TcpAdaptorService.exe","3752","RegOpenKey","HKLM\Software\Microsoft\Rpc","SUCCESS","Desired Access: Read"
  71. "21:05:43.0120133","TcpAdaptorService.exe","3752","RegQueryValue","HKLM\SOFTWARE\Microsoft\Rpc\MaxRpcSize","NAME NOT FOUND","Length: 144"
  72. "21:05:43.0120759","TcpAdaptorService.exe","3752","RegCloseKey","HKLM\SOFTWARE\Microsoft\Rpc","SUCCESS",""
  73. "21:05:43.0120910","TcpAdaptorService.exe","3752","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TcpAdaptorService.exe\RpcThreadPoolThrottle","NAME NOT FOUND","Desired Access: Read"
  74. "21:05:43.0121502","TcpAdaptorService.exe","3752","RegOpenKey","HKLM\Software\Policies\Microsoft\Windows NT\Rpc","NAME NOT FOUND","Desired Access: Read"
  75. "21:05:43.0121918","TcpAdaptorService.exe","3752","RegOpenKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS","Desired Access: Query Value"
  76. "21:05:43.0122220","TcpAdaptorService.exe","3752","RegQueryValue","HKLM\System\CurrentControlSet\Control\Session Manager\SafeDllSearchMode","NAME NOT FOUND","Length: 16"
  77. "21:05:43.0122485","TcpAdaptorService.exe","3752","RegCloseKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS",""
  78. "21:05:43.0137646","TcpAdaptorService.exe","3752","QueryNameInformationFile","C:\Documents and Settings\%USER%\%DESKTOP%\TcpAdaptorService0.exe","BUFFER OVERFLOW","Name: \D"
  79. "21:05:43.0137901","TcpAdaptorService.exe","3752","QueryNameInformationFile","C:\Documents and Settings\%USER%\%DESKTOP%\TcpAdaptorService0.exe","SUCCESS","Name: \Documents and Settings\%USER%\%DESKTOP%\TcpAdaptorService.exe"
  80. "21:05:43.0139021","TcpAdaptorService.exe","3752","RegSetValue","HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed","SUCCESS","Type: REG_BINARY, Length: 80, Data: 61 4E C6 74 C2 3E 6C 9F D1 7B 7B C4 F1 E0 92 2F"
  81. "21:05:43.0147678","TcpAdaptorService.exe","3752","Thread Create","","SUCCESS","Thread ID: 3856"
  82. "21:05:43.0175341","TcpAdaptorService.exe","3752","RegOpenKey","HKLM\System\CurrentControlSet\Control\ComputerName","SUCCESS","Desired Access: Read"
  83. "21:05:43.0175701","TcpAdaptorService.exe","3752","RegOpenKey","HKLM\System\CurrentControlSet\Control\ComputerName\ActiveComputerName","SUCCESS","Desired Access: Read"
  84. "21:05:43.0175922","TcpAdaptorService.exe","3752","RegQueryValue","HKLM\System\CurrentControlSet\Control\ComputerName\ActiveComputerName\ComputerName","SUCCESS","Type: REG_SZ, Length: 32, Data: %USER%-1379CF37C25"
  85. "21:05:43.0224574","TcpAdaptorService.exe","3752","RegCloseKey","HKLM\System\CurrentControlSet\Control\ComputerName\ActiveComputerName","SUCCESS",""
  86. "21:05:43.0226451","TcpAdaptorService.exe","3752","RegCloseKey","HKLM\System\CurrentControlSet\Control\ComputerName","SUCCESS",""
  87. "21:05:43.0248940","TcpAdaptorService.exe","3752","RegOpenKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters","SUCCESS","Desired Access: Maximum Allowed"
  88. "21:05:43.0249325","TcpAdaptorService.exe","3752","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\WinSock_Registry_Version","SUCCESS","Type: REG_SZ, Length: 8, Data: 2.0"
  89. "21:05:43.0249499","TcpAdaptorService.exe","3752","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\WinSock_Registry_Version","SUCCESS","Type: REG_SZ, Length: 8, Data: 2.0"
  90. "21:05:43.0249758","TcpAdaptorService.exe","3752","RegOpenKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9","SUCCESS","Desired Access: Maximum Allowed"
  91. "21:05:43.0250004","TcpAdaptorService.exe","3752","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num","SUCCESS","Type: REG_DWORD, Length: 4, Data: 9"
  92. "21:05:43.0250328","TcpAdaptorService.exe","3752","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num","SUCCESS","Type: REG_DWORD, Length: 4, Data: 9"
  93. "21:05:43.0250658","TcpAdaptorService.exe","3752","RegOpenKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\00000009","NAME NOT FOUND","Desired Access: Maximum Allowed"
  94. "21:05:43.0250837","TcpAdaptorService.exe","3752","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Next_Catalog_Entry_ID","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1025"
  95. "21:05:43.0250993","TcpAdaptorService.exe","3752","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Num_Catalog_Entries","SUCCESS","Type: REG_DWORD, Length: 4, Data: 14"
  96. "21:05:43.0251147","TcpAdaptorService.exe","3752","RegOpenKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries","SUCCESS","Desired Access: Maximum Allowed"
  97. "21:05:43.0251418","TcpAdaptorService.exe","3752","RegOpenKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001","SUCCESS","Desired Access: Read"
  98. "21:05:43.0251678","TcpAdaptorService.exe","3752","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001\PackedCatalogItem","BUFFER OVERFLOW","Length: 144"
  99. "21:05:43.0251865","TcpAdaptorService.exe","3752","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001\PackedCatalogItem","BUFFER OVERFLOW","Length: 144"
  100. "21:05:43.0252032","TcpAdaptorService.exe","3752","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001\PackedCatalogItem","SUCCESS","Type: REG_BINARY, Length: 888, Data: 25 53 79 73 74 65 6D 52 6F 6F 74 25 5C 73 79 73"
  101. "21:05:43.0252317","TcpAdaptorService.exe","3752","RegCloseKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001","SUCCESS",""
  102. "21:05:43.0252471","TcpAdaptorService.exe","3752","RegOpenKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002","SUCCESS","Desired Access: Read"
  103. "21:05:43.0252708","TcpAdaptorService.exe","3752","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002\PackedCatalogItem","BUFFER OVERFLOW","Length: 144"
  104. "21:05:43.0252887","TcpAdaptorService.exe","3752","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002\PackedCatalogItem","BUFFER OVERFLOW","Length: 144"
  105. "21:05:43.0253100","TcpAdaptorService.exe","3752","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002\PackedCatalogItem","SUCCESS","Type: REG_BINARY, Length: 888, Data: 25 53 79 73 74 65 6D 52 6F 6F 74 25 5C 73 79 73"
  106. "21:05:43.0253376","TcpAdaptorService.exe","3752","RegCloseKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002","SUCCESS",""
  107. "21:05:43.0253527","TcpAdaptorService.exe","3752","RegOpenKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003","SUCCESS","Desired Access: Read"
  108. "21:05:43.0253764","TcpAdaptorService.exe","3752","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003\PackedCatalogItem","BUFFER OVERFLOW","Length: 144"
  109. "21:05:43.0253943","TcpAdaptorService.exe","3752","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003\PackedCatalogItem","BUFFER OVERFLOW","Length: 144"
  110. "21:05:43.0254111","TcpAdaptorService.exe","3752","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003\PackedCatalogItem","SUCCESS","Type: REG_BINARY, Length: 888, Data: 25 53 79 73 74 65 6D 52 6F 6F 74 25 5C 73 79 73"
  111. "21:05:43.0254379","TcpAdaptorService.exe","3752","RegCloseKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003","SUCCESS",""
  112. "21:05:43.0254527","TcpAdaptorService.exe","3752","RegOpenKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004","SUCCESS","Desired Access: Read"
  113. "21:05:43.0254762","TcpAdaptorService.exe","3752","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004\PackedCatalogItem","BUFFER OVERFLOW","Length: 144"
  114. "21:05:43.0254938","TcpAdaptorService.exe","3752","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004\PackedCatalogItem","BUFFER OVERFLOW","Length: 144"
  115. "21:05:43.0255105","TcpAdaptorService.exe","3752","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004\PackedCatalogItem","SUCCESS","Type: REG_BINARY, Length: 888, Data: 25 53 79 73 74 65 6D 52 6F 6F 74 25 5C 73 79 73"
  116. "21:05:43.0255371","TcpAdaptorService.exe","3752","RegCloseKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004","SUCCESS",""
  117. "21:05:43.0255519","TcpAdaptorService.exe","3752","RegOpenKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005","SUCCESS","Desired Access: Read"
  118. "21:05:43.0255762","TcpAdaptorService.exe","3752","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005\PackedCatalogItem","BUFFER OVERFLOW","Length: 144"
  119. "21:05:43.0255941","TcpAdaptorService.exe","3752","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005\PackedCatalogItem","BUFFER OVERFLOW","Length: 144"
  120. "21:05:43.0256108","TcpAdaptorService.exe","3752","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005\PackedCatalogItem","SUCCESS","Type: REG_BINARY, Length: 888, Data: 25 53 79 73 74 65 6D 52 6F 6F 74 25 5C 73 79 73"
  121. "21:05:43.0256371","TcpAdaptorService.exe","3752","RegCloseKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005","SUCCESS",""
  122. "21:05:43.0256519","TcpAdaptorService.exe","3752","RegOpenKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006","SUCCESS","Desired Access: Read"
  123. "21:05:43.0256759","TcpAdaptorService.exe","3752","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006\PackedCatalogItem","BUFFER OVERFLOW","Length: 144"
  124. "21:05:43.0256935","TcpAdaptorService.exe","3752","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006\PackedCatalogItem","BUFFER OVERFLOW","Length: 144"
  125. "21:05:43.0257103","TcpAdaptorService.exe","3752","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006\PackedCatalogItem","SUCCESS","Type: REG_BINARY, Length: 888, Data: 25 53 79 73 74 65 6D 52 6F 6F 74 25 5C 73 79 73"
  126. "21:05:43.0257371","TcpAdaptorService.exe","3752","RegCloseKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006","SUCCESS",""
  127. "21:05:43.0257519","TcpAdaptorService.exe","3752","RegOpenKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007","SUCCESS","Desired Access: Read"
  128. "21:05:43.0257757","TcpAdaptorService.exe","3752","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007\PackedCatalogItem","BUFFER OVERFLOW","Length: 144"
  129. "21:05:43.0257933","TcpAdaptorService.exe","3752","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007\PackedCatalogItem","BUFFER OVERFLOW","Length: 144"
  130. "21:05:43.0258142","TcpAdaptorService.exe","3752","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007\PackedCatalogItem","SUCCESS","Type: REG_BINARY, Length: 888, Data: 25 53 79 73 74 65 6D 52 6F 6F 74 25 5C 73 79 73"
  131. "21:05:43.0258410","TcpAdaptorService.exe","3752","RegCloseKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007","SUCCESS",""
  132. "21:05:43.0258558","TcpAdaptorService.exe","3752","RegOpenKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008","SUCCESS","Desired Access: Read"
  133. "21:05:43.0258799","TcpAdaptorService.exe","3752","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008\PackedCatalogItem","BUFFER OVERFLOW","Length: 144"
  134. "21:05:43.0258975","TcpAdaptorService.exe","3752","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008\PackedCatalogItem","BUFFER OVERFLOW","Length: 144"
  135. "21:05:43.0259145","TcpAdaptorService.exe","3752","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008\PackedCatalogItem","SUCCESS","Type: REG_BINARY, Length: 888, Data: 25 53 79 73 74 65 6D 52 6F 6F 74 25 5C 73 79 73"
  136. "21:05:43.0287392","TcpAdaptorService.exe","3752","RegCloseKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008","SUCCESS",""
  137. "21:05:43.0287582","TcpAdaptorService.exe","3752","RegOpenKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009","SUCCESS","Desired Access: Read"
  138. "21:05:43.0287875","TcpAdaptorService.exe","3752","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009\PackedCatalogItem","BUFFER OVERFLOW","Length: 144"
  139. "21:05:43.0288070","TcpAdaptorService.exe","3752","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009\PackedCatalogItem","BUFFER OVERFLOW","Length: 144"
  140. "21:05:43.0288244","TcpAdaptorService.exe","3752","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009\PackedCatalogItem","SUCCESS","Type: REG_BINARY, Length: 888, Data: 25 53 79 73 74 65 6D 52 6F 6F 74 25 5C 73 79 73"
  141. "21:05:43.0288540","TcpAdaptorService.exe","3752","RegCloseKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009","SUCCESS",""
  142. "21:05:43.0288693","TcpAdaptorService.exe","3752","RegOpenKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010","SUCCESS","Desired Access: Read"
  143. "21:05:43.0288942","TcpAdaptorService.exe","3752","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010\PackedCatalogItem","BUFFER OVERFLOW","Length: 144"
  144. "21:05:43.0289126","TcpAdaptorService.exe","3752","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010\PackedCatalogItem","BUFFER OVERFLOW","Length: 144"
  145. "21:05:43.0289294","TcpAdaptorService.exe","3752","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010\PackedCatalogItem","SUCCESS","Type: REG_BINARY, Length: 888, Data: 25 53 79 73 74 65 6D 52 6F 6F 74 25 5C 73 79 73"
  146. "21:05:43.0289565","TcpAdaptorService.exe","3752","RegCloseKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010","SUCCESS",""
  147. "21:05:43.0289716","TcpAdaptorService.exe","3752","RegOpenKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011","SUCCESS","Desired Access: Read"
  148. "21:05:43.0289967","TcpAdaptorService.exe","3752","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011\PackedCatalogItem","BUFFER OVERFLOW","Length: 144"
  149. "21:05:43.0290149","TcpAdaptorService.exe","3752","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011\PackedCatalogItem","BUFFER OVERFLOW","Length: 144"
  150. "21:05:43.0290364","TcpAdaptorService.exe","3752","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011\PackedCatalogItem","SUCCESS","Type: REG_BINARY, Length: 888, Data: 25 53 79 73 74 65 6D 52 6F 6F 74 25 5C 73 79 73"
  151. "21:05:43.0290641","TcpAdaptorService.exe","3752","RegCloseKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011","SUCCESS",""
  152. "21:05:43.0290791","TcpAdaptorService.exe","3752","RegOpenKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012","SUCCESS","Desired Access: Read"
  153. "21:05:43.0291035","TcpAdaptorService.exe","3752","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012\PackedCatalogItem","BUFFER OVERFLOW","Length: 144"
  154. "21:05:43.0291211","TcpAdaptorService.exe","3752","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012\PackedCatalogItem","BUFFER OVERFLOW","Length: 144"
  155. "21:05:43.0291381","TcpAdaptorService.exe","3752","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012\PackedCatalogItem","SUCCESS","Type: REG_BINARY, Length: 888, Data: 25 53 79 73 74 65 6D 52 6F 6F 74 25 5C 73 79 73"
  156. "21:05:43.0291655","TcpAdaptorService.exe","3752","RegCloseKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012","SUCCESS",""
  157. "21:05:43.0291803","TcpAdaptorService.exe","3752","RegOpenKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000013","SUCCESS","Desired Access: Read"
  158. "21:05:43.0292046","TcpAdaptorService.exe","3752","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000013\PackedCatalogItem","BUFFER OVERFLOW","Length: 144"
  159. "21:05:43.0292225","TcpAdaptorService.exe","3752","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000013\PackedCatalogItem","BUFFER OVERFLOW","Length: 144"
  160. "21:05:43.0292392","TcpAdaptorService.exe","3752","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000013\PackedCatalogItem","SUCCESS","Type: REG_BINARY, Length: 888, Data: 25 53 79 73 74 65 6D 52 6F 6F 74 25 5C 73 79 73"
  161. "21:05:43.0292660","TcpAdaptorService.exe","3752","RegCloseKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000013","SUCCESS",""
  162. "21:05:43.0292808","TcpAdaptorService.exe","3752","RegOpenKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000014","SUCCESS","Desired Access: Read"
  163. "21:05:43.0293049","TcpAdaptorService.exe","3752","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000014\PackedCatalogItem","BUFFER OVERFLOW","Length: 144"
  164. "21:05:43.0293225","TcpAdaptorService.exe","3752","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000014\PackedCatalogItem","BUFFER OVERFLOW","Length: 144"
  165. "21:05:43.0293392","TcpAdaptorService.exe","3752","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000014\PackedCatalogItem","SUCCESS","Type: REG_BINARY, Length: 888, Data: 25 53 79 73 74 65 6D 52 6F 6F 74 25 5C 73 79 73"
  166. "21:05:43.0310269","TcpAdaptorService.exe","3752","RegCloseKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000014","SUCCESS",""
  167. "21:05:43.0310512","TcpAdaptorService.exe","3752","RegCloseKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries","SUCCESS",""
  168. "21:05:43.0310744","TcpAdaptorService.exe","3752","RegOpenKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5","SUCCESS","Desired Access: Maximum Allowed"
  169. "21:05:43.0311015","TcpAdaptorService.exe","3752","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num","SUCCESS","Type: REG_DWORD, Length: 4, Data: 4"
  170. "21:05:43.0311294","TcpAdaptorService.exe","3752","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num","SUCCESS","Type: REG_DWORD, Length: 4, Data: 4"
  171. "21:05:43.0311487","TcpAdaptorService.exe","3752","RegOpenKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\00000004","NAME NOT FOUND","Desired Access: Maximum Allowed"
  172. "21:05:43.0311666","TcpAdaptorService.exe","3752","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Num_Catalog_Entries","SUCCESS","Type: REG_DWORD, Length: 4, Data: 3"
  173. "21:05:43.0311819","TcpAdaptorService.exe","3752","RegOpenKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries","SUCCESS","Desired Access: Maximum Allowed"
  174. "21:05:43.0312082","TcpAdaptorService.exe","3752","RegOpenKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001","SUCCESS","Desired Access: Read"
  175. "21:05:43.0312322","TcpAdaptorService.exe","3752","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001\LibraryPath","SUCCESS","Type: REG_SZ, Length: 68, Data: %SystemRoot%\System32\mswsock.dll"
  176. "21:05:43.0312507","TcpAdaptorService.exe","3752","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001\LibraryPath","SUCCESS","Type: REG_SZ, Length: 68, Data: %SystemRoot%\System32\mswsock.dll"
  177. "21:05:43.0312713","TcpAdaptorService.exe","3752","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001\DisplayString","SUCCESS","Type: REG_SZ, Length: 12, Data: Tcpip"
  178. "21:05:43.0312884","TcpAdaptorService.exe","3752","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001\DisplayString","SUCCESS","Type: REG_SZ, Length: 12, Data: Tcpip"
  179. "21:05:43.0313060","TcpAdaptorService.exe","3752","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001\DisplayString","SUCCESS","Type: REG_SZ, Length: 12, Data: Tcpip"
  180. "21:05:43.0313233","TcpAdaptorService.exe","3752","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001\DisplayString","SUCCESS","Type: REG_SZ, Length: 12, Data: Tcpip"
  181. "21:05:43.0313406","TcpAdaptorService.exe","3752","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001\ProviderId","SUCCESS","Type: REG_BINARY, Length: 16, Data: 40 9D 05 22 9E 7E CF 11 AE 5A 00 AA 00 A7 11 2B"
  182. "21:05:43.0313579","TcpAdaptorService.exe","3752","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001\AddressFamily","NAME NOT FOUND","Length: 144"
  183. "21:05:43.0313755","TcpAdaptorService.exe","3752","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001\SupportedNameSpace","SUCCESS","Type: REG_DWORD, Length: 4, Data: 12"
  184. "21:05:43.0313931","TcpAdaptorService.exe","3752","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001\Enabled","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
  185. "21:05:43.0314099","TcpAdaptorService.exe","3752","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001\Version","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
  186. "21:05:43.0314269","TcpAdaptorService.exe","3752","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001\StoresServiceClassInfo","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
  187. "21:05:43.0314526","TcpAdaptorService.exe","3752","RegCloseKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001","SUCCESS",""
  188. "21:05:43.0314739","TcpAdaptorService.exe","3752","RegOpenKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002","SUCCESS","Desired Access: Read"
  189. "21:05:43.0314984","TcpAdaptorService.exe","3752","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002\LibraryPath","SUCCESS","Type: REG_SZ, Length: 66, Data: %SystemRoot%\System32\winrnr.dll"
  190. "21:05:43.0315155","TcpAdaptorService.exe","3752","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002\LibraryPath","SUCCESS","Type: REG_SZ, Length: 66, Data: %SystemRoot%\System32\winrnr.dll"
  191. "21:05:43.0315342","TcpAdaptorService.exe","3752","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002\DisplayString","SUCCESS","Type: REG_SZ, Length: 10, Data: NTDS"
  192. "21:05:43.0315512","TcpAdaptorService.exe","3752","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002\DisplayString","SUCCESS","Type: REG_SZ, Length: 10, Data: NTDS"
  193. "21:05:43.0315686","TcpAdaptorService.exe","3752","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002\DisplayString","SUCCESS","Type: REG_SZ, Length: 10, Data: NTDS"
  194. "21:05:43.0315856","TcpAdaptorService.exe","3752","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002\DisplayString","SUCCESS","Type: REG_SZ, Length: 10, Data: NTDS"
  195. "21:05:43.0316029","TcpAdaptorService.exe","3752","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002\ProviderId","SUCCESS","Type: REG_BINARY, Length: 16, Data: EE 37 26 3B 80 E5 CF 11 A5 55 00 C0 4F D8 D4 AC"
  196. "21:05:43.0316197","TcpAdaptorService.exe","3752","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002\AddressFamily","NAME NOT FOUND","Length: 144"
  197. "21:05:43.0316437","TcpAdaptorService.exe","3752","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002\SupportedNameSpace","SUCCESS","Type: REG_DWORD, Length: 4, Data: 32"
  198. "21:05:43.0316610","TcpAdaptorService.exe","3752","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002\Enabled","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
  199. "21:05:43.0316778","TcpAdaptorService.exe","3752","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002\Version","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
  200. "21:05:43.0316951","TcpAdaptorService.exe","3752","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002\StoresServiceClassInfo","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
  201. "21:05:43.0317200","TcpAdaptorService.exe","3752","RegCloseKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002","SUCCESS",""
  202. "21:05:43.0317356","TcpAdaptorService.exe","3752","RegOpenKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003","SUCCESS","Desired Access: Read"
  203. "21:05:43.0317597","TcpAdaptorService.exe","3752","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003\LibraryPath","SUCCESS","Type: REG_SZ, Length: 68, Data: %SystemRoot%\System32\mswsock.dll"
  204. "21:05:43.0317767","TcpAdaptorService.exe","3752","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003\LibraryPath","SUCCESS","Type: REG_SZ, Length: 68, Data: %SystemRoot%\System32\mswsock.dll"
  205. "21:05:43.0317954","TcpAdaptorService.exe","3752","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003\DisplayString","SUCCESS","Type: REG_SZ, Length: 86, Data: Network Location Awareness (NLA) Namespace"
  206. "21:05:43.0318133","TcpAdaptorService.exe","3752","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003\DisplayString","SUCCESS","Type: REG_SZ, Length: 86, Data: Network Location Awareness (NLA) Namespace"
  207. "21:05:43.0318309","TcpAdaptorService.exe","3752","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003\DisplayString","SUCCESS","Type: REG_SZ, Length: 86, Data: Network Location Awareness (NLA) Namespace"
  208. "21:05:43.0318482","TcpAdaptorService.exe","3752","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003\DisplayString","SUCCESS","Type: REG_SZ, Length: 86, Data: Network Location Awareness (NLA) Namespace"
  209. "21:05:43.0318669","TcpAdaptorService.exe","3752","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003\ProviderId","SUCCESS","Type: REG_BINARY, Length: 16, Data: 3A 24 42 66 A8 3B A6 4A BA A5 2E 0B D7 1F DD 83"
  210. "21:05:43.0318843","TcpAdaptorService.exe","3752","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003\AddressFamily","NAME NOT FOUND","Length: 144"
  211. "21:05:43.0319013","TcpAdaptorService.exe","3752","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003\SupportedNameSpace","SUCCESS","Type: REG_DWORD, Length: 4, Data: 15"
  212. "21:05:43.0319183","TcpAdaptorService.exe","3752","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003\Enabled","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
  213. "21:05:43.0319351","TcpAdaptorService.exe","3752","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003\Version","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
  214. "21:05:43.0319524","TcpAdaptorService.exe","3752","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003\StoresServiceClassInfo","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
  215. "21:05:43.0319784","TcpAdaptorService.exe","3752","RegCloseKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003","SUCCESS",""
  216. "21:05:43.0330584","TcpAdaptorService.exe","3752","RegCloseKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries","SUCCESS",""
  217. "21:05:43.0330833","TcpAdaptorService.exe","3752","RegCloseKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters","SUCCESS",""
  218. "21:05:43.0331006","TcpAdaptorService.exe","3752","RegOpenKey","HKLM\System\CurrentControlSet\Services\Winsock2\Parameters","SUCCESS","Desired Access: Query Value"
  219. "21:05:43.0331352","TcpAdaptorService.exe","3752","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Ws2_32NumHandleBuckets","NAME NOT FOUND","Length: 144"
  220. "21:05:43.0331584","TcpAdaptorService.exe","3752","RegCloseKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters","SUCCESS",""
  221. "21:07:41.6060212","TcpAdaptorService.exe","3752","QueryNameInformationFile","C:\WINDOWS\system32\net.exe","BUFFER OVERFLOW","Name: \W"
  222. "21:07:41.6060441","TcpAdaptorService.exe","3752","QueryNameInformationFile","C:\WINDOWS\system32\net.exe","SUCCESS","Name: \WINDOWS\System32\NET.EXE"
  223. "21:07:43.0896125","TcpAdaptorService.exe","3752","QueryNameInformationFile","C:\WINDOWS\system32\net1.exe","BUFFER OVERFLOW","Name: \W"
  224. "21:07:43.0896366","TcpAdaptorService.exe","3752","QueryNameInformationFile","C:\WINDOWS\system32\net1.exe","SUCCESS","Name: \WINDOWS\System32\net1.exe"
  225. "21:07:43.9572656","TcpAdaptorService.exe","3752","Thread Exit","","SUCCESS","Thread ID: 3852, User Time: 0.0000000, Kernel Time: 0.0312500"
  226. "21:07:43.9573617","TcpAdaptorService.exe","3752","Thread Exit","","SUCCESS","Thread ID: 3856, User Time: 15.7968750, Kernel Time: 60.6718750"
  227. "21:07:43.9576547","TcpAdaptorService.exe","3752","Process Exit","","SUCCESS","Exit Status: 1, User Time: 15.8125000 seconds, Kernel Time: 49.8906250 seconds, Private Bytes: 10,395,648, Peak Private Bytes: 10,403,840, Working Set: 1,363,968, Peak Working Set: 1,372,160"
  228. "21:07:43.9577589","TcpAdaptorService.exe","3752","CloseFile","C:\WINDOWS\system32","SUCCESS",""
Advertisement
RAW Paste Data Copied
Advertisement