• Analog Header
    version
    0.2
    sample
    240802-1ge28awcrf
    task
    240802-1ge28awcrf-behavioral2
    backend
    sbx4m65
    resource
    win10v2004-20240802-en
    platform
    windows10-2004_x64
  • Process Create
    proc
    9
    time
    156
    kind
    Existing
    image
    C:\Windows\system32\fontdrvhost.exe
    cmd
    "fontdrvhost.exe"
    pid
    800
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    13
    time
    156
    kind
    Existing
    image
    C:\Windows\system32\dwm.exe
    cmd
    "dwm.exe"
    pid
    340
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    12
    time
    156
    kind
    Existing
    image
    C:\Windows\system32\svchost.exe
    cmd
    C:\Windows\system32\svchost.exe -k DcomLaunch -p -s LSM
    pid
    956
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    11
    time
    156
    kind
    Existing
    image
    C:\Windows\system32\svchost.exe
    cmd
    C:\Windows\system32\svchost.exe -k RPCSS -p
    pid
    908
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    10
    time
    156
    kind
    Existing
    image
    C:\Windows\system32\fontdrvhost.exe
    cmd
    "fontdrvhost.exe"
    pid
    796
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    15
    time
    156
    kind
    Existing
    image
    C:\Windows\system32\svchost.exe
    cmd
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork -p
    pid
    516
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    20
    time
    156
    kind
    Existing
    image
    C:\Windows\System32\svchost.exe
    cmd
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s EventLog
    pid
    1176
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    19
    time
    156
    kind
    Existing
    image
    C:\Windows\system32\svchost.exe
    cmd
    C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s TimeBrokerSvc
    pid
    1136
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    21
    time
    172
    kind
    Existing
    image
    C:\Windows\system32\svchost.exe
    cmd
    C:\Windows\system32\svchost.exe -k netsvcs -p -s ProfSvc
    pid
    1228
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    28
    time
    172
    kind
    Existing
    image
    C:\Windows\System32\svchost.exe
    cmd
    C:\Windows\System32\svchost.exe -k NetworkService -p -s NlaSvc
    pid
    1676
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    33
    time
    172
    kind
    Existing
    image
    C:\Windows\System32\svchost.exe
    cmd
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p
    pid
    1908
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    38
    time
    172
    kind
    Existing
    image
    C:\Windows\system32\svchost.exe
    cmd
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetworkFirewall -p
    pid
    2056
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    39
    time
    172
    kind
    Existing
    image
    C:\Windows\System32\svchost.exe
    cmd
    C:\Windows\System32\svchost.exe -k NetworkService -p -s LanmanWorkstation
    pid
    2120
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    42
    time
    172
    kind
    Existing
    image
    C:\Windows\system32\svchost.exe
    cmd
    C:\Windows\system32\svchost.exe -k netsvcs -p -s IKEEXT
    pid
    2412
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    46
    time
    172
    kind
    Existing
    image
    C:\Windows\System32\svchost.exe
    cmd
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s TrkWks
    pid
    2500
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    79
    time
    172
    kind
    Existing
    image
    C:\Windows\system32\backgroundTaskHost.exe
    cmd
    "C:\Windows\system32\backgroundTaskHost.exe" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca
    pid
    4032
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    78
    time
    172
    kind
    Existing
    image
    C:\Windows\system32\backgroundTaskHost.exe
    cmd
    "C:\Windows\system32\backgroundTaskHost.exe" -ServerName:CortanaUI.AppX3bn25b6f886wmg6twh46972vprk9tnbf.mca
    pid
    1816
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    77
    time
    172
    kind
    Hidden
    image
    C:\Users\Admin\AppData\Local\Temp\3698490538\zmstage.exe
    cmd
    C:\Users\Admin\AppData\Local\Temp\3698490538\zmstage.exe
    pid
    4496
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    76
    time
    172
    kind
    Existing
    image
    C:\Windows\System32\RuntimeBroker.exe
    cmd
    C:\Windows\System32\RuntimeBroker.exe -Embedding
    pid
    1940
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    75
    time
    172
    kind
    Existing
    image
    C:\Windows\system32\svchost.exe
    cmd
    C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc
    pid
    3596
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    74
    time
    172
    kind
    Existing
    image
    C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe
    cmd
    "C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe" -ServerName:InputApp.AppX9jnwykgrccxc8by3hsrsh07r423xzvav.mca
    pid
    1776
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    73
    time
    172
    kind
    Existing
    image
    C:\Windows\system32\DllHost.exe
    cmd
    C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
    pid
    948
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    72
    time
    172
    kind
    Existing
    image
    C:\Windows\System32\svchost.exe
    cmd
    C:\Windows\System32\svchost.exe -k LocalService -p -s LicenseManager
    pid
    5024
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    71
    time
    172
    kind
    Existing
    image
    C:\Windows\system32\SppExtComObj.exe
    cmd
    C:\Windows\system32\SppExtComObj.exe -Embedding
    pid
    3124
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    70
    time
    172
    kind
    Existing
    image
    C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
    cmd
    "C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service
    pid
    1608
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    69
    time
    172
    kind
    Existing
    image
    C:\Windows\system32\svchost.exe
    cmd
    C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s WinHttpAutoProxySvc
    pid
    3656
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    68
    time
    172
    kind
    Existing
    image
    C:\Windows\system32\svchost.exe
    cmd
    C:\Windows\system32\svchost.exe -k netsvcs -p -s wlidsvc
    pid
    556
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    67
    time
    172
    kind
    Existing
    image
    C:\Windows\system32\svchost.exe
    cmd
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p -s SSDPSRV
    pid
    520
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    66
    time
    172
    kind
    Existing
    image
    C:\Windows\System32\svchost.exe
    cmd
    C:\Windows\System32\svchost.exe -k wsappx -p -s ClipSVC
    pid
    2156
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    65
    time
    172
    kind
    Existing
    image
    C:\Windows\System32\svchost.exe
    cmd
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s StorSvc
    pid
    4212
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    64
    time
    172
    kind
    Existing
    image
    C:\Windows\system32\sppsvc.exe
    cmd
    C:\Windows\system32\sppsvc.exe
    pid
    4312
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    63
    time
    172
    kind
    Hidden
    image
    C:\Windows\System32\rdvidg.exe
    cmd
    "C:\Windows\System32\rdvidg.exe"
    pid
    4316
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    62
    time
    172
    kind
    Existing
    image
    C:\Windows\System32\RuntimeBroker.exe
    cmd
    C:\Windows\System32\RuntimeBroker.exe -Embedding
    pid
    4100
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    61
    time
    172
    kind
    Existing
    image
    C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    cmd
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    pid
    4012
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    60
    time
    172
    kind
    Existing
    image
    C:\Windows\System32\RuntimeBroker.exe
    cmd
    C:\Windows\System32\RuntimeBroker.exe -Embedding
    pid
    3928
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    59
    time
    172
    kind
    Existing
    image
    C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    cmd
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    pid
    3864
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    58
    time
    172
    kind
    Existing
    image
    C:\Windows\system32\DllHost.exe
    cmd
    C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
    pid
    3768
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    57
    time
    172
    kind
    Existing
    image
    C:\Windows\system32\svchost.exe
    cmd
    C:\Windows\system32\svchost.exe -k ClipboardSvcGroup -p -s cbdhsvc
    pid
    3588
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    56
    time
    172
    kind
    Existing
    image
    C:\Windows\Explorer.EXE
    cmd
    C:\Windows\Explorer.EXE
    pid
    3472
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    55
    time
    172
    kind
    Existing
    image
    C:\Windows\system32\svchost.exe
    cmd
    C:\Windows\system32\svchost.exe -k LocalService -p -s CDPSvc
    pid
    3384
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    54
    time
    172
    kind
    Existing
    image
    C:\Windows\system32\svchost.exe
    cmd
    C:\Windows\system32\svchost.exe -k wsappx -p -s AppXSvc
    pid
    1240
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    53
    time
    172
    kind
    Existing
    image
    C:\Windows\system32\svchost.exe
    cmd
    C:\Windows\system32\svchost.exe -k netsvcs -p -s TokenBroker
    pid
    2736
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    52
    time
    172
    kind
    Existing
    image
    C:\Windows\system32\taskhostw.exe
    cmd
    taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}
    pid
    3032
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    51
    time
    172
    kind
    Existing
    image
    C:\Windows\system32\wbem\unsecapp.exe
    cmd
    C:\Windows\system32\wbem\unsecapp.exe -Embedding
    pid
    2992
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    50
    time
    172
    kind
    Existing
    image
    C:\Windows\system32\svchost.exe
    cmd
    C:\Windows\system32\svchost.exe -k UnistackSvcGroup -s CDPUserSvc
    pid
    2888
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    80
    time
    172
    kind
    Create
    image
    C:\Users\Admin\AppData\Local\Temp\073c36763e37966ab3a0021e8baba350N.exe
    cmd
    "C:\Users\Admin\AppData\Local\Temp\073c36763e37966ab3a0021e8baba350N.exe"
    pid
    1340
    parent_proc
    56
    status
    0x00000000
  • Process Create
    proc
    49
    time
    172
    kind
    Existing
    image
    C:\Windows\system32\sihost.exe
    cmd
    sihost.exe
    pid
    2860
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    48
    time
    172
    kind
    Existing
    image
    C:\Windows\system32\svchost.exe
    cmd
    C:\Windows\system32\svchost.exe -k netsvcs -p -s LanmanServer
    pid
    2624
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    47
    time
    172
    kind
    Existing
    image
    C:\Windows\system32\svchost.exe
    cmd
    C:\Windows\system32\svchost.exe -k netsvcs -p -s WpnService
    pid
    2536
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    45
    time
    172
    kind
    Existing
    image
    C:\Windows\sysmon.exe
    cmd
    C:\Windows\sysmon.exe
    pid
    2488
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    44
    time
    172
    kind
    Existing
    image
    C:\Windows\system32\svchost.exe
    cmd
    C:\Windows\system32\svchost.exe -k NetworkService -p -s CryptSvc
    pid
    2448
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    43
    time
    172
    kind
    Existing
    image
    C:\Windows\system32\svchost.exe
    cmd
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted -p -s PolicyAgent
    pid
    2420
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    41
    time
    172
    kind
    Existing
    image
    C:\Windows\system32\svchost.exe
    cmd
    C:\Windows\system32\svchost.exe -k netsvcs -p -s Winmgmt
    pid
    2264
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    40
    time
    172
    kind
    Existing
    image
    C:\Windows\System32\svchost.exe
    cmd
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -s RmSvc
    pid
    2244
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    37
    time
    172
    kind
    Existing
    image
    C:\Windows\System32\spoolsv.exe
    cmd
    C:\Windows\System32\spoolsv.exe
    pid
    1724
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    36
    time
    172
    kind
    Existing
    image
    C:\Windows\System32\svchost.exe
    cmd
    C:\Windows\System32\svchost.exe -k netsvcs -p -s ShellHWDetection
    pid
    2000
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    35
    time
    172
    kind
    Existing
    image
    C:\Windows\system32\svchost.exe
    cmd
    C:\Windows\system32\svchost.exe -k appmodel -p -s StateRepository
    pid
    1980
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    34
    time
    172
    kind
    Existing
    image
    C:\Windows\system32\svchost.exe
    cmd
    C:\Windows\system32\svchost.exe -k NetworkService -p -s Dnscache
    pid
    1924
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    32
    time
    172
    kind
    Existing
    image
    C:\Windows\System32\svchost.exe
    cmd
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p
    pid
    1828
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    31
    time
    172
    kind
    Existing
    image
    C:\Windows\System32\svchost.exe
    cmd
    C:\Windows\System32\svchost.exe -k LocalService -p -s netprofm
    pid
    1796
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    30
    time
    172
    kind
    Existing
    image
    C:\Windows\System32\svchost.exe
    cmd
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s AudioEndpointBuilder
    pid
    1744
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    29
    time
    172
    kind
    Existing
    image
    C:\Windows\system32\svchost.exe
    cmd
    C:\Windows\system32\svchost.exe -k netsvcs -p -s SENS
    pid
    1704
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    27
    time
    172
    kind
    Existing
    image
    C:\Windows\System32\svchost.exe
    cmd
    C:\Windows\System32\svchost.exe -k netsvcs -p -s Themes
    pid
    1588
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    26
    time
    172
    kind
    Existing
    image
    C:\Windows\system32\svchost.exe
    cmd
    C:\Windows\system32\svchost.exe -k LocalService -p -s EventSystem
    pid
    1580
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    25
    time
    172
    kind
    Existing
    image
    C:\Windows\system32\svchost.exe
    cmd
    C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s Dhcp
    pid
    1424
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    24
    time
    172
    kind
    Existing
    image
    C:\Windows\system32\svchost.exe
    cmd
    C:\Windows\system32\svchost.exe -k netsvcs -p -s UserManager
    pid
    1412
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    23
    time
    172
    kind
    Existing
    image
    C:\Windows\system32\svchost.exe
    cmd
    C:\Windows\system32\svchost.exe -k LocalService -p -s nsi
    pid
    1368
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    22
    time
    172
    kind
    Existing
    image
    C:\Windows\system32\svchost.exe
    cmd
    C:\Windows\system32\svchost.exe -k LocalService -p -s DispBrokerDesktopSvc
    pid
    1304
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    18
    time
    156
    kind
    Existing
    image
    C:\Windows\System32\svchost.exe
    cmd
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s NcbService
    pid
    1120
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    17
    time
    156
    kind
    Existing
    image
    C:\Windows\system32\svchost.exe
    cmd
    C:\Windows\system32\svchost.exe -k netsvcs -p -s Schedule
    pid
    1100
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    16
    time
    156
    kind
    Existing
    image
    C:\Windows\System32\svchost.exe
    cmd
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s lmhosts
    pid
    1028
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    14
    time
    156
    kind
    Existing
    image
    C:\Windows\system32\svchost.exe
    cmd
    C:\Windows\system32\svchost.exe -k netsvcs -p -s gpsvc
    pid
    744
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    8
    time
    156
    kind
    Existing
    image
    C:\Windows\system32\svchost.exe
    cmd
    C:\Windows\system32\svchost.exe -k DcomLaunch -p
    pid
    788
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    7
    time
    156
    kind
    Existing
    image
    C:\Windows\system32\lsass.exe
    cmd
    C:\Windows\system32\lsass.exe
    pid
    676
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    6
    time
    156
    kind
    Existing
    image
    C:\Windows\system32\services.exe
    cmd
    C:\Windows\system32\services.exe
    pid
    660
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    5
    time
    156
    kind
    Existing
    image
    C:\Windows\system32\winlogon.exe
    cmd
    winlogon.exe
    pid
    616
    parent_proc
    15
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    4
    time
    156
    kind
    Existing
    image
    C:\Windows\system32\csrss.exe
    cmd
    %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
    pid
    532
    parent_proc
    15
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    3
    time
    156
    kind
    Existing
    image
    C:\Windows\system32\wininit.exe
    cmd
    wininit.exe
    pid
    524
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    2
    time
    156
    kind
    Existing
    image
    C:\Windows\system32\csrss.exe
    cmd
    %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
    pid
    448
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    1
    time
    156
    kind
    Existing
    image
    C:\Windows\System32\smss.exe
    cmd
    \SystemRoot\System32\smss.exe
    pid
    360
    orig
    true
    status
    0x00000000
  • Registry Read
    proc
    80
    op
    OpenKeyEx
    status
    0x00000104
    path
    HKLM\SYSTEM\ControlSet001\Control\Session Manager
  • Registry Read
    proc
    80
    op
    OpenKeyEx
    status
    0x00000000
    path
    HKLM\SYSTEM\ControlSet001\Control\Session Manager
  • Registry Read
    proc
    80
    op
    QueryValueKey
    status
    0xc0000034
    path
    HKLM\SYSTEM\ControlSet001\Control\Session Manager\RaiseExceptionOnPossibleDeadlock
  • Registry Read
    proc
    80
    op
    OpenKeyEx
    status
    0x00000104
    path
    HKLM\SYSTEM\ControlSet001\Control\Session Manager\Segment Heap
  • Registry Read
    proc
    80
    op
    OpenKeyEx
    status
    0xc0000034
    path
    HKLM\SYSTEM\ControlSet001\Control\Session Manager\Segment Heap
  • Registry Read
    proc
    80
    op
    OpenKeyEx
    status
    0x00000104
    path
    HKLM\SYSTEM\ControlSet001\Control\Session Manager
  • Registry Read
    proc
    80
    op
    OpenKeyEx
    status
    0x00000000
    path
    HKLM\SYSTEM\ControlSet001\Control\Session Manager
  • Registry Read
    proc
    80
    op
    QueryValueKey
    status
    0xc0000034
    path
    HKLM\SYSTEM\ControlSet001\Control\Session Manager\ResourcePolicies
  • File Read
    proc
    80
    path
    C:\Windows
    op
    Unknown
    status
    0x00000000
  • File Read
    proc
    80
    path
    C:\Windows
    op
    OpenRead
    status
    0x00000000
  • Registry Read
    proc
    80
    op
    OpenKeyEx
    status
    0x00000000
    path
    HKLM\Software\Microsoft\Wow64\x86
  • Registry Read
    proc
    80
    op
    QueryValueKey
    status
    0xc0000034
    path
    HKLM\SOFTWARE\Microsoft\Wow64\x86\073c36763e37966ab3a0021e8baba350N.exe
  • Registry Read
    proc
    80
    op
    QueryValueKey
    status
    0x00000000
    path
    HKLM\SOFTWARE\Microsoft\Wow64\x86\
  • Registry Read
    proc
    80
    op
    OpenKeyEx
    status
    0x00000104
    path
    HKLM\SYSTEM\ControlSet001\Control\Session Manager
  • Registry Read
    proc
    80
    op
    OpenKeyEx
    status
    0x00000000
    path
    HKLM\SYSTEM\ControlSet001\Control\Session Manager
  • Registry Read
    proc
    80
    op
    QueryValueKey
    status
    0xc0000034
    path
    HKLM\SYSTEM\ControlSet001\Control\Session Manager\RaiseExceptionOnPossibleDeadlock
  • Registry Read
    proc
    80
    op
    OpenKeyEx
    status
    0x00000104
    path
    HKLM\SYSTEM\ControlSet001\Control\Session Manager\Segment Heap
  • Registry Read
    proc
    80
    op
    OpenKeyEx
    status
    0xc0000034
    path
    HKLM\SYSTEM\ControlSet001\Control\Session Manager\Segment Heap
  • Registry Read
    proc
    80
    op
    OpenKeyEx
    status
    0x00000104
    path
    HKLM\SYSTEM\ControlSet001\Control\Session Manager

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.