SecondWrite DeepView - d79e4c4ceb3abc8a51a01eff14a51694d7c25f9306ee71a922a01fddb48a15fe

reg.exe 2824 2560

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142699.19		GetSystemTimeAsFileTime		Status SUCCESS
1602142699.19		SetUnhandledExceptionFilter		Status FAILURE
1602142699.21		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142699.21	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142699.21		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142699.21		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142699.21		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142699.21		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 2824 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x008a0000"	Status SUCCESS
1602142699.21	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142699.21		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

d79e4c4ceb3abc8a51a01eff14a51694d7c25f9306ee71a922a01fddb48a15fe.exe 2916 2768

Time	Repeat	API	Arguments	Result
1602142699.27		NtOpenFile	file_handle: "0x0000003c" filepath: "C:\" desired_access: "0x00100000" filepath_r: "\??\C:\" status_info: 1 open_options: 16417 share_access: 0	Status SUCCESS
1602142699.27		NtQueryInformationFile	file_handle: "0x0000003c" information_class: 9	Status SUCCESS
1602142699.27		NtClose	handle: "0x0000003c"	Status SUCCESS
1602142699.27	11	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd71b48" module_address: "0x7dd60000" module: "kernel32" function_name: "GetEnvironmentVariableW"	Status SUCCESS
1602142699.29		GetSystemTimeAsFileTime		Status SUCCESS
1602142699.29	2	GetSystemInfo	processor_count: 1	Status SUCCESS
1602142699.29		LdrLoadDll	module_name: "ws2_32.dll" basename: "ws2_32" module_address: "0x41ac0000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142699.29		LdrGetProcedureAddress	ordinal: 0 function_address: "0x41ac6989" module_address: "0x41ac0000" module: "ws2_32" function_name: "select"	Status SUCCESS
1602142699.29		NtOpenKey	key_handle: "0x00000044" desired_access: "0x00020019" regkey: "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Terminal Server"	Status SUCCESS
1602142699.29		NtQueryValueKey	key_handle: "0x00000044" key_name: "" value: "" reg_type: 0 information_class: 2 regkey: "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Terminal Server\TSAppCompat"	Return Value 3221225524 Status FAILURE

reg.exe 2952 2560

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142699.3		GetSystemTimeAsFileTime		Status SUCCESS
1602142699.3		SetUnhandledExceptionFilter		Status FAILURE
1602142699.3		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142699.3	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142699.3		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142699.3		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142699.3		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142699.3		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 2952 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x007c0000"	Status SUCCESS
1602142699.3	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142699.3		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

cmd.exe 3016 2560

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	API	Arguments	Result
1602142699.38	GetSystemTimeAsFileTime		Status SUCCESS
1602142699.38	SetUnhandledExceptionFilter		Status FAILURE
1602142699.38	NtOpenThread	access: "0x001fffff" thread_name: "" thread_handle: "0x0000006c" process_identifier: 0	Status SUCCESS
1602142699.38	LdrGetDllHandle	module_name: "KERNEL32.DLL" stack_pivoted: 0 module_address: "0x7dd60000"	Status SUCCESS
1602142699.38	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd8a84f" module_address: "0x7dd60000" module: "kernel32" function_name: "SetThreadUILanguage"	Status SUCCESS
1602142699.38	RegOpenKeyExW	access: "0x00020019" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System" regkey_r: "Software\Policies\Microsoft\Windows\System" options: 0	Return Value 2 Status FAILURE
1602142699.38	RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000002" key_handle: "0x00000074" regkey: "HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor" regkey_r: "Software\Microsoft\Command Processor" options: 0	Status SUCCESS
1602142699.38	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DisableUNCCheck" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DisableUNCCheck"	Return Value 2 Status FAILURE
1602142699.38	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "EnableExtensions" reg_type: 4 value: 1 regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\EnableExtensions"	Status SUCCESS
1602142699.38	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DelayedExpansion" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DelayedExpansion"	Return Value 2 Status FAILURE

Showing 1 to 10 of 340 entries

Previous1 2 3 4 5…34Next

reg.exe 2864 2560

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142699.49		GetSystemTimeAsFileTime		Status SUCCESS
1602142699.49		SetUnhandledExceptionFilter		Status FAILURE
1602142699.49		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142699.49	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142699.49		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142699.49		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142699.49		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142699.49		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 2864 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x009b0000"	Status SUCCESS
1602142699.49	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142699.49		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

cscript.exe 2132 3016

Time	API	Arguments	Result
1602142699.58	GetSystemTimeAsFileTime		Status SUCCESS
1602142699.58	NtClose	handle: "0x00000098"	Status SUCCESS
1602142699.58	NtOpenKey	key_handle: "0x00000098" desired_access: "0x00020019" regkey: "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\CustomLocale"	Status SUCCESS
1602142699.58	NtQueryValueKey	key_handle: "0x00000098" key_name: "" value: "" reg_type: 0 information_class: 1 regkey: "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-US"	Return Value 3221225524 Status FAILURE
1602142699.58	NtClose	handle: "0x00000098"	Status SUCCESS
1602142699.58	NtOpenKey	key_handle: "0x00000098" desired_access: "0x00020019" regkey: "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\ExtendedLocale"	Status SUCCESS
1602142699.58	NtQueryValueKey	key_handle: "0x00000098" key_name: "" value: "" reg_type: 0 information_class: 1 regkey: "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-US"	Return Value 3221225524 Status FAILURE
1602142699.58	NtClose	handle: "0x00000098"	Status SUCCESS
1602142699.58	LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142699.58	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd8a84f" module_address: "0x7dd60000" module: "kernel32" function_name: "SetThreadUILanguage"	Status SUCCESS

cmd.exe 2176 2916

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	API	Arguments	Result
1602142700.08	GetSystemTimeAsFileTime		Status SUCCESS
1602142700.08	SetUnhandledExceptionFilter		Status FAILURE
1602142700.08	NtOpenThread	access: "0x001fffff" thread_name: "" thread_handle: "0x0000006c" process_identifier: 0	Status SUCCESS
1602142700.08	LdrGetDllHandle	module_name: "KERNEL32.DLL" stack_pivoted: 0 module_address: "0x7dd60000"	Status SUCCESS
1602142700.08	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd8a84f" module_address: "0x7dd60000" module: "kernel32" function_name: "SetThreadUILanguage"	Status SUCCESS
1602142700.08	RegOpenKeyExW	access: "0x00020019" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System" regkey_r: "Software\Policies\Microsoft\Windows\System" options: 0	Return Value 2 Status FAILURE
1602142700.08	RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000002" key_handle: "0x00000074" regkey: "HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor" regkey_r: "Software\Microsoft\Command Processor" options: 0	Status SUCCESS
1602142700.08	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DisableUNCCheck" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DisableUNCCheck"	Return Value 2 Status FAILURE
1602142700.08	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "EnableExtensions" reg_type: 4 value: 1 regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\EnableExtensions"	Status SUCCESS
1602142700.08	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DelayedExpansion" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DelayedExpansion"	Return Value 2 Status FAILURE

Showing 1 to 10 of 74 entries

reg.exe 1036 2916

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142700.3		GetSystemTimeAsFileTime		Status SUCCESS
1602142700.3		SetUnhandledExceptionFilter		Status FAILURE
1602142700.3		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142700.3	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142700.3		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142700.3		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142700.3		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142700.32		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 1036 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x008d0000"	Status SUCCESS
1602142700.32	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142700.32		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

d79e4c4ceb3abc8a51a01eff14a51694d7c25f9306ee71a922a01fddb48a15fe.exe 2400 2176

Time	Repeat	API	Arguments	Result
1602142700.46		NtOpenFile	file_handle: "0x0000003c" filepath: "C:\" desired_access: "0x00100000" filepath_r: "\??\C:\" status_info: 1 open_options: 16417 share_access: 0	Status SUCCESS
1602142700.46		NtQueryInformationFile	file_handle: "0x0000003c" information_class: 9	Status SUCCESS
1602142700.46		NtClose	handle: "0x0000003c"	Status SUCCESS
1602142700.46	59	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd711c0" module_address: "0x7dd60000" module: "kernel32" function_name: "GetLastError"	Status SUCCESS
1602142700.47		GetSystemTimeAsFileTime		Status SUCCESS
1602142700.47	2	GetSystemInfo	processor_count: 1	Status SUCCESS
1602142700.47		LdrLoadDll	module_name: "ws2_32.dll" basename: "ws2_32" module_address: "0x41ac0000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142700.47		LdrGetProcedureAddress	ordinal: 0 function_address: "0x41ac3ab2" module_address: "0x41ac0000" module: "ws2_32" function_name: "WSAStartup"	Status SUCCESS
1602142700.47		NtOpenKey	key_handle: "0x00000044" desired_access: "0x00020019" regkey: "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Terminal Server"	Status SUCCESS
1602142700.47		NtQueryValueKey	key_handle: "0x00000044" key_name: "" value: "" reg_type: 0 information_class: 2 regkey: "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Terminal Server\TSAppCompat"	Return Value 3221225524 Status FAILURE

reg.exe 2432 2916

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142700.53		GetSystemTimeAsFileTime		Status SUCCESS
1602142700.53		SetUnhandledExceptionFilter		Status FAILURE
1602142700.53		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142700.53	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142700.53		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142700.53		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142700.53		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142700.53		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 2432 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x00800000"	Status SUCCESS
1602142700.53	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142700.53		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

reg.exe 1880 2916

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142700.66		GetSystemTimeAsFileTime		Status SUCCESS
1602142700.66		SetUnhandledExceptionFilter		Status FAILURE
1602142700.66		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142700.66	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142700.66		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142700.66		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142700.66		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142700.66		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 1880 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x00790000"	Status SUCCESS
1602142700.66	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142700.66		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

cmd.exe 2616 2916

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	API	Arguments	Result
1602142700.78	GetSystemTimeAsFileTime		Status SUCCESS
1602142700.78	SetUnhandledExceptionFilter		Status FAILURE
1602142700.78	NtOpenThread	access: "0x001fffff" thread_name: "" thread_handle: "0x0000006c" process_identifier: 0	Status SUCCESS
1602142700.78	LdrGetDllHandle	module_name: "KERNEL32.DLL" stack_pivoted: 0 module_address: "0x7dd60000"	Status SUCCESS
1602142700.78	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd8a84f" module_address: "0x7dd60000" module: "kernel32" function_name: "SetThreadUILanguage"	Status SUCCESS
1602142700.78	RegOpenKeyExW	access: "0x00020019" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System" regkey_r: "Software\Policies\Microsoft\Windows\System" options: 0	Return Value 2 Status FAILURE
1602142700.78	RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000002" key_handle: "0x00000074" regkey: "HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor" regkey_r: "Software\Microsoft\Command Processor" options: 0	Status SUCCESS
1602142700.78	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DisableUNCCheck" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DisableUNCCheck"	Return Value 2 Status FAILURE
1602142700.78	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "EnableExtensions" reg_type: 4 value: 1 regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\EnableExtensions"	Status SUCCESS
1602142700.78	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DelayedExpansion" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DelayedExpansion"	Return Value 2 Status FAILURE

Showing 1 to 10 of 327 entries

cscript.exe 2928 2616

cmd.exe 2872 2400

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	API	Arguments	Result
1602142701.92	GetSystemTimeAsFileTime		Status SUCCESS
1602142701.92	SetUnhandledExceptionFilter		Status FAILURE
1602142701.92	NtOpenThread	access: "0x001fffff" thread_name: "" thread_handle: "0x0000006c" process_identifier: 0	Status SUCCESS
1602142701.92	LdrGetDllHandle	module_name: "KERNEL32.DLL" stack_pivoted: 0 module_address: "0x7dd60000"	Status SUCCESS
1602142701.92	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd8a84f" module_address: "0x7dd60000" module: "kernel32" function_name: "SetThreadUILanguage"	Status SUCCESS
1602142701.92	RegOpenKeyExW	access: "0x00020019" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System" regkey_r: "Software\Policies\Microsoft\Windows\System" options: 0	Return Value 2 Status FAILURE
1602142701.92	RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000002" key_handle: "0x00000074" regkey: "HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor" regkey_r: "Software\Microsoft\Command Processor" options: 0	Status SUCCESS
1602142701.92	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DisableUNCCheck" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DisableUNCCheck"	Return Value 2 Status FAILURE
1602142701.92	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "EnableExtensions" reg_type: 4 value: 1 regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\EnableExtensions"	Status SUCCESS
1602142701.92	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DelayedExpansion" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DelayedExpansion"	Return Value 2 Status FAILURE

Showing 1 to 10 of 74 entries

reg.exe 3044 2400

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142702.55		GetSystemTimeAsFileTime		Status SUCCESS
1602142702.55		SetUnhandledExceptionFilter		Status FAILURE
1602142702.55		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142702.55	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142702.55		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142702.55		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142702.55		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142702.55		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 3044 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x00790000"	Status SUCCESS
1602142702.55	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142702.55		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

d79e4c4ceb3abc8a51a01eff14a51694d7c25f9306ee71a922a01fddb48a15fe.exe 2884 2872

reg.exe 2084 2400

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142702.69		GetSystemTimeAsFileTime		Status SUCCESS
1602142702.69		SetUnhandledExceptionFilter		Status FAILURE
1602142702.69		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142702.69	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142702.69		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142702.69		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142702.69		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142702.69		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 2084 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x007d0000"	Status SUCCESS
1602142702.69	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142702.69		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

reg.exe 1908 2400

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142703.41		GetSystemTimeAsFileTime		Status SUCCESS
1602142703.41		SetUnhandledExceptionFilter		Status FAILURE
1602142703.41		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142703.41	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142703.41		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142703.41		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142703.41		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142703.41		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 1908 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x008c0000"	Status SUCCESS
1602142703.41	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142703.41		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

cmd.exe 1412 2400

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	API	Arguments	Result
1602142703.75	GetSystemTimeAsFileTime		Status SUCCESS
1602142703.75	SetUnhandledExceptionFilter		Status FAILURE
1602142703.75	NtOpenThread	access: "0x001fffff" thread_name: "" thread_handle: "0x0000006c" process_identifier: 0	Status SUCCESS
1602142703.75	LdrGetDllHandle	module_name: "KERNEL32.DLL" stack_pivoted: 0 module_address: "0x7dd60000"	Status SUCCESS
1602142703.75	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd8a84f" module_address: "0x7dd60000" module: "kernel32" function_name: "SetThreadUILanguage"	Status SUCCESS
1602142703.75	RegOpenKeyExW	access: "0x00020019" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System" regkey_r: "Software\Policies\Microsoft\Windows\System" options: 0	Return Value 2 Status FAILURE
1602142703.75	RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000002" key_handle: "0x00000074" regkey: "HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor" regkey_r: "Software\Microsoft\Command Processor" options: 0	Status SUCCESS
1602142703.75	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DisableUNCCheck" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DisableUNCCheck"	Return Value 2 Status FAILURE
1602142703.75	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "EnableExtensions" reg_type: 4 value: 1 regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\EnableExtensions"	Status SUCCESS
1602142703.75	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DelayedExpansion" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DelayedExpansion"	Return Value 2 Status FAILURE

Showing 1 to 10 of 327 entries

cmd.exe 2376 2884

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	API	Arguments	Result
1602142703.9	GetSystemTimeAsFileTime		Status SUCCESS
1602142703.9	SetUnhandledExceptionFilter		Status FAILURE
1602142703.9	NtOpenThread	access: "0x001fffff" thread_name: "" thread_handle: "0x0000006c" process_identifier: 0	Status SUCCESS
1602142703.9	LdrGetDllHandle	module_name: "KERNEL32.DLL" stack_pivoted: 0 module_address: "0x7dd60000"	Status SUCCESS
1602142703.9	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd8a84f" module_address: "0x7dd60000" module: "kernel32" function_name: "SetThreadUILanguage"	Status SUCCESS
1602142703.9	RegOpenKeyExW	access: "0x00020019" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System" regkey_r: "Software\Policies\Microsoft\Windows\System" options: 0	Return Value 2 Status FAILURE
1602142703.9	RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000002" key_handle: "0x00000074" regkey: "HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor" regkey_r: "Software\Microsoft\Command Processor" options: 0	Status SUCCESS
1602142703.9	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DisableUNCCheck" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DisableUNCCheck"	Return Value 2 Status FAILURE
1602142703.9	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "EnableExtensions" reg_type: 4 value: 1 regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\EnableExtensions"	Status SUCCESS
1602142703.9	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DelayedExpansion" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DelayedExpansion"	Return Value 2 Status FAILURE

Showing 1 to 10 of 74 entries

reg.exe 2284 2884

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142704.28		GetSystemTimeAsFileTime		Status SUCCESS
1602142704.29		SetUnhandledExceptionFilter		Status FAILURE
1602142704.29		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142704.29	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142704.29		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142704.34		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142704.34		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142704.34		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 2284 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x007c0000"	Status SUCCESS
1602142704.34	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142704.34		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

cscript.exe 2540 1412

reg.exe 2344 2884

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142705.12		GetSystemTimeAsFileTime		Status SUCCESS
1602142705.17		SetUnhandledExceptionFilter		Status FAILURE
1602142705.18		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142705.18	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142705.18		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142705.18		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142705.18		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142705.18		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 2344 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x00790000"	Status SUCCESS
1602142705.7	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142705.7		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

d79e4c4ceb3abc8a51a01eff14a51694d7c25f9306ee71a922a01fddb48a15fe.exe 2784 2376

reg.exe 2068 2884

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142710.0		GetSystemTimeAsFileTime		Status SUCCESS
1602142710.0		SetUnhandledExceptionFilter		Status FAILURE
1602142710.05		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142710.05	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142710.05		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142710.05		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142710.05		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142710.05		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 2068 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x00790000"	Status SUCCESS
1602142710.07	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142710.07		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

cmd.exe 2984 2884

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	API	Arguments	Result
1602142710.5	GetSystemTimeAsFileTime		Status SUCCESS
1602142710.66	SetUnhandledExceptionFilter		Status FAILURE
1602142710.66	NtOpenThread	access: "0x001fffff" thread_name: "" thread_handle: "0x0000006c" process_identifier: 0	Status SUCCESS
1602142710.66	LdrGetDllHandle	module_name: "KERNEL32.DLL" stack_pivoted: 0 module_address: "0x7dd60000"	Status SUCCESS
1602142710.66	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd8a84f" module_address: "0x7dd60000" module: "kernel32" function_name: "SetThreadUILanguage"	Status SUCCESS
1602142710.66	RegOpenKeyExW	access: "0x00020019" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System" regkey_r: "Software\Policies\Microsoft\Windows\System" options: 0	Return Value 2 Status FAILURE
1602142710.66	RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000002" key_handle: "0x00000074" regkey: "HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor" regkey_r: "Software\Microsoft\Command Processor" options: 0	Status SUCCESS
1602142710.66	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DisableUNCCheck" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DisableUNCCheck"	Return Value 2 Status FAILURE
1602142710.66	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "EnableExtensions" reg_type: 4 value: 1 regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\EnableExtensions"	Status SUCCESS
1602142710.66	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DelayedExpansion" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DelayedExpansion"	Return Value 2 Status FAILURE

Showing 1 to 10 of 327 entries

cmd.exe 564 2784

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	API	Arguments	Result
1602142710.5	GetSystemTimeAsFileTime		Status SUCCESS
1602142710.85	SetUnhandledExceptionFilter		Status FAILURE
1602142710.85	NtOpenThread	access: "0x001fffff" thread_name: "" thread_handle: "0x0000006c" process_identifier: 0	Status SUCCESS
1602142710.85	LdrGetDllHandle	module_name: "KERNEL32.DLL" stack_pivoted: 0 module_address: "0x7dd60000"	Status SUCCESS
1602142710.85	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd8a84f" module_address: "0x7dd60000" module: "kernel32" function_name: "SetThreadUILanguage"	Status SUCCESS
1602142710.85	RegOpenKeyExW	access: "0x00020019" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System" regkey_r: "Software\Policies\Microsoft\Windows\System" options: 0	Return Value 2 Status FAILURE
1602142710.85	RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000002" key_handle: "0x00000074" regkey: "HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor" regkey_r: "Software\Microsoft\Command Processor" options: 0	Status SUCCESS
1602142710.85	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DisableUNCCheck" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DisableUNCCheck"	Return Value 2 Status FAILURE
1602142710.85	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "EnableExtensions" reg_type: 4 value: 1 regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\EnableExtensions"	Status SUCCESS
1602142710.85	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DelayedExpansion" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DelayedExpansion"	Return Value 2 Status FAILURE

Showing 1 to 10 of 74 entries

reg.exe 1832 2784

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142712.31		GetSystemTimeAsFileTime		Status SUCCESS
1602142712.31		SetUnhandledExceptionFilter		Status FAILURE
1602142712.31		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142712.31	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142712.31		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142712.31		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142712.31		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142712.31		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 1832 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x00870000"	Status SUCCESS
1602142712.31	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142712.31		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

cscript.exe 2124 2984

d79e4c4ceb3abc8a51a01eff14a51694d7c25f9306ee71a922a01fddb48a15fe.exe 1856 564

reg.exe 2156 2784

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142714.86		GetSystemTimeAsFileTime		Status SUCCESS
1602142714.86		SetUnhandledExceptionFilter		Status FAILURE
1602142714.86		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142714.86	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142714.86		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142714.87		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142714.87		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142714.87		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 2156 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x00790000"	Status SUCCESS
1602142714.87	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142714.87		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

reg.exe 2356 2784

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142715.85		GetSystemTimeAsFileTime		Status SUCCESS
1602142715.85		SetUnhandledExceptionFilter		Status FAILURE
1602142715.85		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142715.85	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142715.85		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142715.85		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142715.85		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142715.85		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 2356 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x00950000"	Status SUCCESS
1602142715.85	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142715.85		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

cmd.exe 2412 1856

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	API	Arguments	Result
1602142717.45	GetSystemTimeAsFileTime		Status SUCCESS
1602142717.49	SetUnhandledExceptionFilter		Status FAILURE
1602142717.49	NtOpenThread	access: "0x001fffff" thread_name: "" thread_handle: "0x0000006c" process_identifier: 0	Status SUCCESS
1602142717.49	LdrGetDllHandle	module_name: "KERNEL32.DLL" stack_pivoted: 0 module_address: "0x7dd60000"	Status SUCCESS
1602142717.49	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd8a84f" module_address: "0x7dd60000" module: "kernel32" function_name: "SetThreadUILanguage"	Status SUCCESS
1602142717.49	RegOpenKeyExW	access: "0x00020019" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System" regkey_r: "Software\Policies\Microsoft\Windows\System" options: 0	Return Value 2 Status FAILURE
1602142717.51	RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000002" key_handle: "0x00000074" regkey: "HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor" regkey_r: "Software\Microsoft\Command Processor" options: 0	Status SUCCESS
1602142717.51	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DisableUNCCheck" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DisableUNCCheck"	Return Value 2 Status FAILURE
1602142717.51	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "EnableExtensions" reg_type: 4 value: 1 regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\EnableExtensions"	Status SUCCESS
1602142717.51	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DelayedExpansion" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DelayedExpansion"	Return Value 2 Status FAILURE

Showing 1 to 10 of 74 entries

cmd.exe 2380 2784

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	API	Arguments	Result
1602142717.46	GetSystemTimeAsFileTime		Status SUCCESS
1602142717.48	SetUnhandledExceptionFilter		Status FAILURE
1602142717.48	NtOpenThread	access: "0x001fffff" thread_name: "" thread_handle: "0x0000006c" process_identifier: 0	Status SUCCESS
1602142717.48	LdrGetDllHandle	module_name: "KERNEL32.DLL" stack_pivoted: 0 module_address: "0x7dd60000"	Status SUCCESS
1602142717.48	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd8a84f" module_address: "0x7dd60000" module: "kernel32" function_name: "SetThreadUILanguage"	Status SUCCESS
1602142717.48	RegOpenKeyExW	access: "0x00020019" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System" regkey_r: "Software\Policies\Microsoft\Windows\System" options: 0	Return Value 2 Status FAILURE
1602142717.48	RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000002" key_handle: "0x00000074" regkey: "HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor" regkey_r: "Software\Microsoft\Command Processor" options: 0	Status SUCCESS
1602142717.48	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DisableUNCCheck" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DisableUNCCheck"	Return Value 2 Status FAILURE
1602142717.48	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "EnableExtensions" reg_type: 4 value: 1 regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\EnableExtensions"	Status SUCCESS
1602142717.48	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DelayedExpansion" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DelayedExpansion"	Return Value 2 Status FAILURE

Showing 1 to 10 of 327 entries

reg.exe 2556 1856

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142718.51		GetSystemTimeAsFileTime		Status SUCCESS
1602142718.51		SetUnhandledExceptionFilter		Status FAILURE
1602142718.51		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142718.52	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142718.52		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142718.52		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142718.52		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142718.52		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 2556 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x00790000"	Status SUCCESS
1602142718.52	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142718.52		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

cscript.exe 2900 2380

d79e4c4ceb3abc8a51a01eff14a51694d7c25f9306ee71a922a01fddb48a15fe.exe 2168 2412

reg.exe 2816 1856

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142722.11		GetSystemTimeAsFileTime		Status SUCCESS
1602142722.11		SetUnhandledExceptionFilter		Status FAILURE
1602142722.11		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142722.11	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142722.11		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142722.11		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142722.11		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142722.11		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 2816 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x008e0000"	Status SUCCESS
1602142722.11	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142722.13		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

reg.exe 2896 1856

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142722.72		GetSystemTimeAsFileTime		Status SUCCESS
1602142722.72		SetUnhandledExceptionFilter		Status FAILURE
1602142722.72		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142722.72	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142722.72		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142722.72		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142722.72		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142722.72		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 2896 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x00900000"	Status SUCCESS
1602142722.72	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142722.73		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

cmd.exe 3036 1856

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	API	Arguments	Result
1602142723.33	GetSystemTimeAsFileTime		Status SUCCESS
1602142723.33	SetUnhandledExceptionFilter		Status FAILURE
1602142723.33	NtOpenThread	access: "0x001fffff" thread_name: "" thread_handle: "0x0000006c" process_identifier: 0	Status SUCCESS
1602142723.33	LdrGetDllHandle	module_name: "KERNEL32.DLL" stack_pivoted: 0 module_address: "0x7dd60000"	Status SUCCESS
1602142723.33	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd8a84f" module_address: "0x7dd60000" module: "kernel32" function_name: "SetThreadUILanguage"	Status SUCCESS
1602142723.33	RegOpenKeyExW	access: "0x00020019" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System" regkey_r: "Software\Policies\Microsoft\Windows\System" options: 0	Return Value 2 Status FAILURE
1602142723.33	RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000002" key_handle: "0x00000074" regkey: "HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor" regkey_r: "Software\Microsoft\Command Processor" options: 0	Status SUCCESS
1602142723.33	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DisableUNCCheck" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DisableUNCCheck"	Return Value 2 Status FAILURE
1602142723.33	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "EnableExtensions" reg_type: 4 value: 1 regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\EnableExtensions"	Status SUCCESS
1602142723.33	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DelayedExpansion" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DelayedExpansion"	Return Value 2 Status FAILURE

Showing 1 to 10 of 327 entries

cmd.exe 2088 2168

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	API	Arguments	Result
1602142724.68	GetSystemTimeAsFileTime		Status SUCCESS
1602142724.68	SetUnhandledExceptionFilter		Status FAILURE
1602142724.68	NtOpenThread	access: "0x001fffff" thread_name: "" thread_handle: "0x0000006c" process_identifier: 0	Status SUCCESS
1602142724.68	LdrGetDllHandle	module_name: "KERNEL32.DLL" stack_pivoted: 0 module_address: "0x7dd60000"	Status SUCCESS
1602142724.68	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd8a84f" module_address: "0x7dd60000" module: "kernel32" function_name: "SetThreadUILanguage"	Status SUCCESS
1602142724.68	RegOpenKeyExW	access: "0x00020019" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System" regkey_r: "Software\Policies\Microsoft\Windows\System" options: 0	Return Value 2 Status FAILURE
1602142724.68	RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000002" key_handle: "0x00000074" regkey: "HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor" regkey_r: "Software\Microsoft\Command Processor" options: 0	Status SUCCESS
1602142724.68	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DisableUNCCheck" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DisableUNCCheck"	Return Value 2 Status FAILURE
1602142724.68	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "EnableExtensions" reg_type: 4 value: 1 regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\EnableExtensions"	Status SUCCESS
1602142724.68	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DelayedExpansion" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DelayedExpansion"	Return Value 2 Status FAILURE

Showing 1 to 10 of 74 entries

cscript.exe 1248 3036

d79e4c4ceb3abc8a51a01eff14a51694d7c25f9306ee71a922a01fddb48a15fe.exe 2296 2088

reg.exe 2320 2168

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142726.28		GetSystemTimeAsFileTime		Status SUCCESS
1602142726.28		SetUnhandledExceptionFilter		Status FAILURE
1602142726.28		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142726.28	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142726.28		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142726.28		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142726.28		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142726.28		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 2320 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x00a20000"	Status SUCCESS
1602142726.28	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142726.28		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

reg.exe 1884 2168

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142725.17		GetSystemTimeAsFileTime		Status SUCCESS
1602142725.17		SetUnhandledExceptionFilter		Status FAILURE
1602142725.17		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142725.17	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142725.17		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142725.17		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142725.17		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142725.17		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 1884 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x00820000"	Status SUCCESS
1602142725.17	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142725.17		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

reg.exe 2944 2168

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142725.21		GetSystemTimeAsFileTime		Status SUCCESS
1602142725.21		SetUnhandledExceptionFilter		Status FAILURE
1602142725.21		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142725.21	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142725.21		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142725.21		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142725.21		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142725.21		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 2944 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x007d0000"	Status SUCCESS
1602142725.23	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142725.23		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

cmd.exe 2436 2168

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	API	Arguments	Result
1602142727.12	GetSystemTimeAsFileTime		Status SUCCESS
1602142727.12	SetUnhandledExceptionFilter		Status FAILURE
1602142727.12	NtOpenThread	access: "0x001fffff" thread_name: "" thread_handle: "0x0000006c" process_identifier: 0	Status SUCCESS
1602142727.12	LdrGetDllHandle	module_name: "KERNEL32.DLL" stack_pivoted: 0 module_address: "0x7dd60000"	Status SUCCESS
1602142727.12	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd8a84f" module_address: "0x7dd60000" module: "kernel32" function_name: "SetThreadUILanguage"	Status SUCCESS
1602142727.12	RegOpenKeyExW	access: "0x00020019" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System" regkey_r: "Software\Policies\Microsoft\Windows\System" options: 0	Return Value 2 Status FAILURE
1602142727.12	RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000002" key_handle: "0x00000074" regkey: "HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor" regkey_r: "Software\Microsoft\Command Processor" options: 0	Status SUCCESS
1602142727.12	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DisableUNCCheck" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DisableUNCCheck"	Return Value 2 Status FAILURE
1602142727.12	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "EnableExtensions" reg_type: 4 value: 1 regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\EnableExtensions"	Status SUCCESS
1602142727.12	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DelayedExpansion" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DelayedExpansion"	Return Value 2 Status FAILURE

Showing 1 to 10 of 323 entries

cmd.exe 1144 2296

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	API	Arguments	Result
1602142728.27	GetSystemTimeAsFileTime		Status SUCCESS
1602142728.27	SetUnhandledExceptionFilter		Status FAILURE
1602142728.27	NtOpenThread	access: "0x001fffff" thread_name: "" thread_handle: "0x0000006c" process_identifier: 0	Status SUCCESS
1602142728.27	LdrGetDllHandle	module_name: "KERNEL32.DLL" stack_pivoted: 0 module_address: "0x7dd60000"	Status SUCCESS
1602142728.27	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd8a84f" module_address: "0x7dd60000" module: "kernel32" function_name: "SetThreadUILanguage"	Status SUCCESS
1602142728.27	RegOpenKeyExW	access: "0x00020019" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System" regkey_r: "Software\Policies\Microsoft\Windows\System" options: 0	Return Value 2 Status FAILURE
1602142728.27	RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000002" key_handle: "0x00000074" regkey: "HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor" regkey_r: "Software\Microsoft\Command Processor" options: 0	Status SUCCESS
1602142728.27	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DisableUNCCheck" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DisableUNCCheck"	Return Value 2 Status FAILURE
1602142728.27	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "EnableExtensions" reg_type: 4 value: 1 regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\EnableExtensions"	Status SUCCESS
1602142728.27	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DelayedExpansion" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DelayedExpansion"	Return Value 2 Status FAILURE

Showing 1 to 10 of 74 entries

cscript.exe 1900 2436

reg.exe 2532 2296

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142728.61		GetSystemTimeAsFileTime		Status SUCCESS
1602142728.61		SetUnhandledExceptionFilter		Status FAILURE
1602142728.61		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142728.61	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142728.61		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142728.61		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142728.61		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142728.61		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 2532 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x008d0000"	Status SUCCESS
1602142728.61	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142728.61		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

reg.exe 1608 2296

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142728.83		GetSystemTimeAsFileTime		Status SUCCESS
1602142728.83		SetUnhandledExceptionFilter		Status FAILURE
1602142728.83		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142728.83	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142728.85		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142728.85		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142728.85		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142728.85		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 1608 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x00a20000"	Status SUCCESS
1602142728.85	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142728.85		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

d79e4c4ceb3abc8a51a01eff14a51694d7c25f9306ee71a922a01fddb48a15fe.exe 1340 1144

reg.exe 1068 2296

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142729.32		GetSystemTimeAsFileTime		Status SUCCESS
1602142729.32		SetUnhandledExceptionFilter		Status FAILURE
1602142729.32		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142729.32	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142729.32		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142729.32		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142729.32		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142729.32		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 1068 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x007b0000"	Status SUCCESS
1602142729.32	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142729.32		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

cmd.exe 2920 2296

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	API	Arguments	Result
1602142729.32	GetSystemTimeAsFileTime		Status SUCCESS
1602142729.32	SetUnhandledExceptionFilter		Status FAILURE
1602142729.32	NtOpenThread	access: "0x001fffff" thread_name: "" thread_handle: "0x0000006c" process_identifier: 0	Status SUCCESS
1602142729.32	LdrGetDllHandle	module_name: "KERNEL32.DLL" stack_pivoted: 0 module_address: "0x7dd60000"	Status SUCCESS
1602142729.33	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd8a84f" module_address: "0x7dd60000" module: "kernel32" function_name: "SetThreadUILanguage"	Status SUCCESS
1602142729.33	RegOpenKeyExW	access: "0x00020019" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System" regkey_r: "Software\Policies\Microsoft\Windows\System" options: 0	Return Value 2 Status FAILURE
1602142729.33	RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000002" key_handle: "0x00000074" regkey: "HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor" regkey_r: "Software\Microsoft\Command Processor" options: 0	Status SUCCESS
1602142729.33	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DisableUNCCheck" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DisableUNCCheck"	Return Value 2 Status FAILURE
1602142729.33	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "EnableExtensions" reg_type: 4 value: 1 regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\EnableExtensions"	Status SUCCESS
1602142729.33	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DelayedExpansion" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DelayedExpansion"	Return Value 2 Status FAILURE

Showing 1 to 10 of 327 entries

cscript.exe 1788 2920

cmd.exe 2468 1340

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	API	Arguments	Result
1602142730.95	GetSystemTimeAsFileTime		Status SUCCESS
1602142730.95	SetUnhandledExceptionFilter		Status FAILURE
1602142730.95	NtOpenThread	access: "0x001fffff" thread_name: "" thread_handle: "0x0000006c" process_identifier: 0	Status SUCCESS
1602142730.95	LdrGetDllHandle	module_name: "KERNEL32.DLL" stack_pivoted: 0 module_address: "0x7dd60000"	Status SUCCESS
1602142730.95	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd8a84f" module_address: "0x7dd60000" module: "kernel32" function_name: "SetThreadUILanguage"	Status SUCCESS
1602142730.95	RegOpenKeyExW	access: "0x00020019" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System" regkey_r: "Software\Policies\Microsoft\Windows\System" options: 0	Return Value 2 Status FAILURE
1602142730.97	RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000002" key_handle: "0x00000074" regkey: "HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor" regkey_r: "Software\Microsoft\Command Processor" options: 0	Status SUCCESS
1602142730.97	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DisableUNCCheck" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DisableUNCCheck"	Return Value 2 Status FAILURE
1602142730.97	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "EnableExtensions" reg_type: 4 value: 1 regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\EnableExtensions"	Status SUCCESS
1602142730.97	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DelayedExpansion" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DelayedExpansion"	Return Value 2 Status FAILURE

Showing 1 to 10 of 74 entries

reg.exe 848 1340

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142731.31		GetSystemTimeAsFileTime		Status SUCCESS
1602142731.31		SetUnhandledExceptionFilter		Status FAILURE
1602142731.31		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142731.31	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142731.31		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142731.33		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142731.33		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142731.33		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 848 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x00800000"	Status SUCCESS
1602142731.33	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142731.33		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

reg.exe 1792 1340

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142732.95		GetSystemTimeAsFileTime		Status SUCCESS
1602142732.95		SetUnhandledExceptionFilter		Status FAILURE
1602142732.95		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142732.95	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142732.95		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142732.95		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142732.95		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142732.95		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 1792 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x00790000"	Status SUCCESS
1602142732.95	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142732.95		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

d79e4c4ceb3abc8a51a01eff14a51694d7c25f9306ee71a922a01fddb48a15fe.exe 2620 2468

reg.exe 1736 1340

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142733.92		GetSystemTimeAsFileTime		Status SUCCESS
1602142733.92		SetUnhandledExceptionFilter		Status FAILURE
1602142733.92		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142733.92	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142733.92		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142733.92		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142733.92		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142733.92		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 1736 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x007a0000"	Status SUCCESS
1602142733.92	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142733.92		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

cmd.exe 2972 1340

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	API	Arguments	Result
1602142734.03	GetSystemTimeAsFileTime		Status SUCCESS
1602142734.03	SetUnhandledExceptionFilter		Status FAILURE
1602142734.03	NtOpenThread	access: "0x001fffff" thread_name: "" thread_handle: "0x0000006c" process_identifier: 0	Status SUCCESS
1602142734.03	LdrGetDllHandle	module_name: "KERNEL32.DLL" stack_pivoted: 0 module_address: "0x7dd60000"	Status SUCCESS
1602142734.03	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd8a84f" module_address: "0x7dd60000" module: "kernel32" function_name: "SetThreadUILanguage"	Status SUCCESS
1602142734.03	RegOpenKeyExW	access: "0x00020019" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System" regkey_r: "Software\Policies\Microsoft\Windows\System" options: 0	Return Value 2 Status FAILURE
1602142734.03	RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000002" key_handle: "0x00000074" regkey: "HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor" regkey_r: "Software\Microsoft\Command Processor" options: 0	Status SUCCESS
1602142734.03	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DisableUNCCheck" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DisableUNCCheck"	Return Value 2 Status FAILURE
1602142734.03	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "EnableExtensions" reg_type: 4 value: 1 regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\EnableExtensions"	Status SUCCESS
1602142734.03	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DelayedExpansion" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DelayedExpansion"	Return Value 2 Status FAILURE

Showing 1 to 10 of 327 entries

cmd.exe 2968 2620

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	API	Arguments	Result
1602142734.23	GetSystemTimeAsFileTime		Status SUCCESS
1602142734.23	SetUnhandledExceptionFilter		Status FAILURE
1602142734.23	NtOpenThread	access: "0x001fffff" thread_name: "" thread_handle: "0x0000006c" process_identifier: 0	Status SUCCESS
1602142734.23	LdrGetDllHandle	module_name: "KERNEL32.DLL" stack_pivoted: 0 module_address: "0x7dd60000"	Status SUCCESS
1602142734.23	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd8a84f" module_address: "0x7dd60000" module: "kernel32" function_name: "SetThreadUILanguage"	Status SUCCESS
1602142734.23	RegOpenKeyExW	access: "0x00020019" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System" regkey_r: "Software\Policies\Microsoft\Windows\System" options: 0	Return Value 2 Status FAILURE
1602142734.23	RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000002" key_handle: "0x00000074" regkey: "HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor" regkey_r: "Software\Microsoft\Command Processor" options: 0	Status SUCCESS
1602142734.23	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DisableUNCCheck" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DisableUNCCheck"	Return Value 2 Status FAILURE
1602142734.23	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "EnableExtensions" reg_type: 4 value: 1 regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\EnableExtensions"	Status SUCCESS
1602142734.23	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DelayedExpansion" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DelayedExpansion"	Return Value 2 Status FAILURE

Showing 1 to 10 of 74 entries

cscript.exe 664 2972

d79e4c4ceb3abc8a51a01eff14a51694d7c25f9306ee71a922a01fddb48a15fe.exe 2012 2968

reg.exe 2568 2620

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142738.29		GetSystemTimeAsFileTime		Status SUCCESS
1602142738.29		SetUnhandledExceptionFilter		Status FAILURE
1602142738.29		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142738.29	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142738.29		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142738.29		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142738.29		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142738.29		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 2568 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x007e0000"	Status SUCCESS
1602142738.29	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142738.29		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

reg.exe 2840 2620

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142739.08		GetSystemTimeAsFileTime		Status SUCCESS
1602142739.08		SetUnhandledExceptionFilter		Status FAILURE
1602142739.08		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142739.1	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142739.1		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142739.1		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142739.1		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142739.1		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 2840 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x00790000"	Status SUCCESS
1602142739.1	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142739.1		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

cmd.exe 1368 2012

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	API	Arguments	Result
1602142740.35	GetSystemTimeAsFileTime		Status SUCCESS
1602142740.35	SetUnhandledExceptionFilter		Status FAILURE
1602142740.35	NtOpenThread	access: "0x001fffff" thread_name: "" thread_handle: "0x0000006c" process_identifier: 0	Status SUCCESS
1602142740.35	LdrGetDllHandle	module_name: "KERNEL32.DLL" stack_pivoted: 0 module_address: "0x7dd60000"	Status SUCCESS
1602142740.35	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd8a84f" module_address: "0x7dd60000" module: "kernel32" function_name: "SetThreadUILanguage"	Status SUCCESS
1602142740.35	RegOpenKeyExW	access: "0x00020019" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System" regkey_r: "Software\Policies\Microsoft\Windows\System" options: 0	Return Value 2 Status FAILURE
1602142740.36	RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000002" key_handle: "0x00000074" regkey: "HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor" regkey_r: "Software\Microsoft\Command Processor" options: 0	Status SUCCESS
1602142740.36	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DisableUNCCheck" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DisableUNCCheck"	Return Value 2 Status FAILURE
1602142740.36	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "EnableExtensions" reg_type: 4 value: 1 regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\EnableExtensions"	Status SUCCESS
1602142740.36	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DelayedExpansion" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DelayedExpansion"	Return Value 2 Status FAILURE

Showing 1 to 10 of 74 entries

reg.exe 1360 2620

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142740.49		GetSystemTimeAsFileTime		Status SUCCESS
1602142740.49		SetUnhandledExceptionFilter		Status FAILURE
1602142740.49		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142740.49	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142740.49		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142740.49		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142740.49		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142740.49		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 1360 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x00920000"	Status SUCCESS
1602142740.49	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142740.49		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

cmd.exe 876 2620

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	API	Arguments	Result
1602142740.55	GetSystemTimeAsFileTime		Status SUCCESS
1602142740.55	SetUnhandledExceptionFilter		Status FAILURE
1602142740.55	NtOpenThread	access: "0x001fffff" thread_name: "" thread_handle: "0x0000006c" process_identifier: 0	Status SUCCESS
1602142740.55	LdrGetDllHandle	module_name: "KERNEL32.DLL" stack_pivoted: 0 module_address: "0x7dd60000"	Status SUCCESS
1602142740.56	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd8a84f" module_address: "0x7dd60000" module: "kernel32" function_name: "SetThreadUILanguage"	Status SUCCESS
1602142740.56	RegOpenKeyExW	access: "0x00020019" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System" regkey_r: "Software\Policies\Microsoft\Windows\System" options: 0	Return Value 2 Status FAILURE
1602142740.56	RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000002" key_handle: "0x00000074" regkey: "HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor" regkey_r: "Software\Microsoft\Command Processor" options: 0	Status SUCCESS
1602142740.56	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DisableUNCCheck" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DisableUNCCheck"	Return Value 2 Status FAILURE
1602142740.56	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "EnableExtensions" reg_type: 4 value: 1 regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\EnableExtensions"	Status SUCCESS
1602142740.56	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DelayedExpansion" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DelayedExpansion"	Return Value 2 Status FAILURE

Showing 1 to 10 of 337 entries

Previous1 2 3 4 5…34Next

reg.exe 1948 2012

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142740.64		GetSystemTimeAsFileTime		Status SUCCESS
1602142740.64		SetUnhandledExceptionFilter		Status FAILURE
1602142740.66		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142740.66	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142740.66		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142740.66		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142740.66		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142740.66		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 1948 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x007d0000"	Status SUCCESS
1602142740.66	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142740.66		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

reg.exe 1252 2012

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142740.83		GetSystemTimeAsFileTime		Status SUCCESS
1602142740.83		SetUnhandledExceptionFilter		Status FAILURE
1602142740.83		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142740.83	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142740.83		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142740.83		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142740.83		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142740.83		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 1252 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x00810000"	Status SUCCESS
1602142740.83	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142740.83		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

d79e4c4ceb3abc8a51a01eff14a51694d7c25f9306ee71a922a01fddb48a15fe.exe 1232 1368

reg.exe 2172 2012

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142741.83		GetSystemTimeAsFileTime		Status SUCCESS
1602142741.83		SetUnhandledExceptionFilter		Status FAILURE
1602142741.83		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142741.83	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142741.83		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142741.83		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142741.83		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142741.83		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 2172 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x00830000"	Status SUCCESS
1602142741.84	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142741.84		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

cscript.exe 2136 876

cmd.exe 2204 2012

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	API	Arguments	Result
1602142743.67	GetSystemTimeAsFileTime		Status SUCCESS
1602142743.67	SetUnhandledExceptionFilter		Status FAILURE
1602142743.67	NtOpenThread	access: "0x001fffff" thread_name: "" thread_handle: "0x0000006c" process_identifier: 0	Status SUCCESS
1602142743.68	LdrGetDllHandle	module_name: "KERNEL32.DLL" stack_pivoted: 0 module_address: "0x7dd60000"	Status SUCCESS
1602142743.68	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd8a84f" module_address: "0x7dd60000" module: "kernel32" function_name: "SetThreadUILanguage"	Status SUCCESS
1602142743.68	RegOpenKeyExW	access: "0x00020019" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System" regkey_r: "Software\Policies\Microsoft\Windows\System" options: 0	Return Value 2 Status FAILURE
1602142743.68	RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000002" key_handle: "0x00000074" regkey: "HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor" regkey_r: "Software\Microsoft\Command Processor" options: 0	Status SUCCESS
1602142743.68	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DisableUNCCheck" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DisableUNCCheck"	Return Value 2 Status FAILURE
1602142743.68	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "EnableExtensions" reg_type: 4 value: 1 regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\EnableExtensions"	Status SUCCESS
1602142743.68	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DelayedExpansion" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DelayedExpansion"	Return Value 2 Status FAILURE

Showing 1 to 10 of 327 entries

cmd.exe 1612 1232

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	API	Arguments	Result
1602142744.7	GetSystemTimeAsFileTime		Status SUCCESS
1602142744.7	SetUnhandledExceptionFilter		Status FAILURE
1602142744.7	NtOpenThread	access: "0x001fffff" thread_name: "" thread_handle: "0x0000006c" process_identifier: 0	Status SUCCESS
1602142744.7	LdrGetDllHandle	module_name: "KERNEL32.DLL" stack_pivoted: 0 module_address: "0x7dd60000"	Status SUCCESS
1602142744.7	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd8a84f" module_address: "0x7dd60000" module: "kernel32" function_name: "SetThreadUILanguage"	Status SUCCESS
1602142744.7	RegOpenKeyExW	access: "0x00020019" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System" regkey_r: "Software\Policies\Microsoft\Windows\System" options: 0	Return Value 2 Status FAILURE
1602142744.7	RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000002" key_handle: "0x00000074" regkey: "HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor" regkey_r: "Software\Microsoft\Command Processor" options: 0	Status SUCCESS
1602142744.7	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DisableUNCCheck" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DisableUNCCheck"	Return Value 2 Status FAILURE
1602142744.7	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "EnableExtensions" reg_type: 4 value: 1 regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\EnableExtensions"	Status SUCCESS
1602142744.7	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DelayedExpansion" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DelayedExpansion"	Return Value 2 Status FAILURE

Showing 1 to 10 of 74 entries

cscript.exe 2772 2204

reg.exe 3040 1232

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142745.98		GetSystemTimeAsFileTime		Status SUCCESS
1602142745.98		SetUnhandledExceptionFilter		Status FAILURE
1602142745.98		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142745.98	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142745.98		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142746.15		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142746.15		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142746.15		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 3040 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x00820000"	Status SUCCESS
1602142746.15	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142746.15		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

d79e4c4ceb3abc8a51a01eff14a51694d7c25f9306ee71a922a01fddb48a15fe.exe 2076 1612

reg.exe 2988 1232

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142746.49		GetSystemTimeAsFileTime		Status SUCCESS
1602142746.49		SetUnhandledExceptionFilter		Status FAILURE
1602142746.49		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142746.49	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142746.49		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142746.49		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142746.49		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142746.49		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 2988 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x00790000"	Status SUCCESS
1602142746.49	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142746.49		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

reg.exe 2064 1232

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142748.01		GetSystemTimeAsFileTime		Status SUCCESS
1602142748.01		SetUnhandledExceptionFilter		Status FAILURE
1602142748.01		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142748.01	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142748.01		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142748.01		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142748.01		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142748.01		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 2064 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x00850000"	Status SUCCESS
1602142748.01	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142748.01		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

cmd.exe 2164 1232

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	API	Arguments	Result
1602142748.21	GetSystemTimeAsFileTime		Status SUCCESS
1602142748.21	SetUnhandledExceptionFilter		Status FAILURE
1602142748.21	NtOpenThread	access: "0x001fffff" thread_name: "" thread_handle: "0x0000006c" process_identifier: 0	Status SUCCESS
1602142748.21	LdrGetDllHandle	module_name: "KERNEL32.DLL" stack_pivoted: 0 module_address: "0x7dd60000"	Status SUCCESS
1602142748.22	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd8a84f" module_address: "0x7dd60000" module: "kernel32" function_name: "SetThreadUILanguage"	Status SUCCESS
1602142748.22	RegOpenKeyExW	access: "0x00020019" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System" regkey_r: "Software\Policies\Microsoft\Windows\System" options: 0	Return Value 2 Status FAILURE
1602142748.22	RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000002" key_handle: "0x00000074" regkey: "HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor" regkey_r: "Software\Microsoft\Command Processor" options: 0	Status SUCCESS
1602142748.22	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DisableUNCCheck" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DisableUNCCheck"	Return Value 2 Status FAILURE
1602142748.22	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "EnableExtensions" reg_type: 4 value: 1 regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\EnableExtensions"	Status SUCCESS
1602142748.22	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DelayedExpansion" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DelayedExpansion"	Return Value 2 Status FAILURE

Showing 1 to 10 of 327 entries

cmd.exe 2564 2076

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	API	Arguments	Result
1602142748.38	GetSystemTimeAsFileTime		Status SUCCESS
1602142748.38	SetUnhandledExceptionFilter		Status FAILURE
1602142748.38	NtOpenThread	access: "0x001fffff" thread_name: "" thread_handle: "0x0000006c" process_identifier: 0	Status SUCCESS
1602142748.38	LdrGetDllHandle	module_name: "KERNEL32.DLL" stack_pivoted: 0 module_address: "0x7dd60000"	Status SUCCESS
1602142748.4	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd8a84f" module_address: "0x7dd60000" module: "kernel32" function_name: "SetThreadUILanguage"	Status SUCCESS
1602142748.4	RegOpenKeyExW	access: "0x00020019" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System" regkey_r: "Software\Policies\Microsoft\Windows\System" options: 0	Return Value 2 Status FAILURE
1602142748.4	RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000002" key_handle: "0x00000074" regkey: "HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor" regkey_r: "Software\Microsoft\Command Processor" options: 0	Status SUCCESS
1602142748.4	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DisableUNCCheck" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DisableUNCCheck"	Return Value 2 Status FAILURE
1602142748.4	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "EnableExtensions" reg_type: 4 value: 1 regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\EnableExtensions"	Status SUCCESS
1602142748.4	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DelayedExpansion" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DelayedExpansion"	Return Value 2 Status FAILURE

Showing 1 to 10 of 74 entries

reg.exe 1940 2076

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142749.64		GetSystemTimeAsFileTime		Status SUCCESS
1602142749.64		SetUnhandledExceptionFilter		Status FAILURE
1602142749.64		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142749.64	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142749.64		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142749.64		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142749.64		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142749.64		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 1940 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x007b0000"	Status SUCCESS
1602142749.64	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142749.64		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

d79e4c4ceb3abc8a51a01eff14a51694d7c25f9306ee71a922a01fddb48a15fe.exe 3000 2564

cscript.exe 2324 2164

reg.exe 680 2076

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142751.11		GetSystemTimeAsFileTime		Status SUCCESS
1602142751.11		SetUnhandledExceptionFilter		Status FAILURE
1602142751.11		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142751.11	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142751.11		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142751.11		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142751.11		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142751.11		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 680 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x00790000"	Status SUCCESS
1602142751.11	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142751.11		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

reg.exe 1648 2076

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142754.01		GetSystemTimeAsFileTime		Status SUCCESS
1602142754.01		SetUnhandledExceptionFilter		Status FAILURE
1602142754.01		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142754.01	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142754.01		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142754.57		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142754.59		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142754.59		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 1648 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x00820000"	Status SUCCESS
1602142754.59	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142754.59		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

cmd.exe 2848 3000

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	API	Arguments	Result
1602142754.54	GetSystemTimeAsFileTime		Status SUCCESS
1602142754.54	SetUnhandledExceptionFilter		Status FAILURE
1602142754.54	NtOpenThread	access: "0x001fffff" thread_name: "" thread_handle: "0x0000006c" process_identifier: 0	Status SUCCESS
1602142754.54	LdrGetDllHandle	module_name: "KERNEL32.DLL" stack_pivoted: 0 module_address: "0x7dd60000"	Status SUCCESS
1602142754.54	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd8a84f" module_address: "0x7dd60000" module: "kernel32" function_name: "SetThreadUILanguage"	Status SUCCESS
1602142754.54	RegOpenKeyExW	access: "0x00020019" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System" regkey_r: "Software\Policies\Microsoft\Windows\System" options: 0	Return Value 2 Status FAILURE
1602142754.54	RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000002" key_handle: "0x00000074" regkey: "HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor" regkey_r: "Software\Microsoft\Command Processor" options: 0	Status SUCCESS
1602142754.54	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DisableUNCCheck" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DisableUNCCheck"	Return Value 2 Status FAILURE
1602142754.54	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "EnableExtensions" reg_type: 4 value: 1 regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\EnableExtensions"	Status SUCCESS
1602142754.54	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DelayedExpansion" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DelayedExpansion"	Return Value 2 Status FAILURE

Showing 1 to 10 of 74 entries

cmd.exe 2472 2076

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	API	Arguments	Result
1602142755.74	GetSystemTimeAsFileTime		Status SUCCESS
1602142755.74	SetUnhandledExceptionFilter		Status FAILURE
1602142755.74	NtOpenThread	access: "0x001fffff" thread_name: "" thread_handle: "0x0000006c" process_identifier: 0	Status SUCCESS
1602142755.74	LdrGetDllHandle	module_name: "KERNEL32.DLL" stack_pivoted: 0 module_address: "0x7dd60000"	Status SUCCESS
1602142755.74	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd8a84f" module_address: "0x7dd60000" module: "kernel32" function_name: "SetThreadUILanguage"	Status SUCCESS
1602142755.74	RegOpenKeyExW	access: "0x00020019" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System" regkey_r: "Software\Policies\Microsoft\Windows\System" options: 0	Return Value 2 Status FAILURE
1602142755.74	RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000002" key_handle: "0x00000074" regkey: "HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor" regkey_r: "Software\Microsoft\Command Processor" options: 0	Status SUCCESS
1602142755.74	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DisableUNCCheck" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DisableUNCCheck"	Return Value 2 Status FAILURE
1602142755.74	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "EnableExtensions" reg_type: 4 value: 1 regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\EnableExtensions"	Status SUCCESS
1602142755.74	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DelayedExpansion" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DelayedExpansion"	Return Value 2 Status FAILURE

Showing 1 to 10 of 327 entries

reg.exe 760 3000

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142756.13		GetSystemTimeAsFileTime		Status SUCCESS
1602142756.13		SetUnhandledExceptionFilter		Status FAILURE
1602142756.13		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142756.13	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142756.13		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142756.13		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142756.13		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142756.13		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 760 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x00820000"	Status SUCCESS
1602142756.13	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142756.13		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

d79e4c4ceb3abc8a51a01eff14a51694d7c25f9306ee71a922a01fddb48a15fe.exe 2868 2848

reg.exe 912 3000

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142758.21		GetSystemTimeAsFileTime		Status SUCCESS
1602142758.21		SetUnhandledExceptionFilter		Status FAILURE
1602142758.21		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142758.21	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142758.21		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142758.21		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142758.21		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142758.21		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 912 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x007a0000"	Status SUCCESS
1602142758.21	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142758.21		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

cscript.exe 2804 2472

reg.exe 852 3000

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142758.6		GetSystemTimeAsFileTime		Status SUCCESS
1602142758.6		SetUnhandledExceptionFilter		Status FAILURE
1602142758.6		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142758.6	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142758.6		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142758.6		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142758.6		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142758.6		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 852 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x008e0000"	Status SUCCESS
1602142758.6	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142758.6		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

cmd.exe 3176 2868

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	API	Arguments	Result
1602142760.47	GetSystemTimeAsFileTime		Status SUCCESS
1602142760.47	SetUnhandledExceptionFilter		Status FAILURE
1602142760.47	NtOpenThread	access: "0x001fffff" thread_name: "" thread_handle: "0x0000006c" process_identifier: 0	Status SUCCESS
1602142760.47	LdrGetDllHandle	module_name: "KERNEL32.DLL" stack_pivoted: 0 module_address: "0x7dd60000"	Status SUCCESS
1602142760.47	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd8a84f" module_address: "0x7dd60000" module: "kernel32" function_name: "SetThreadUILanguage"	Status SUCCESS
1602142760.47	RegOpenKeyExW	access: "0x00020019" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System" regkey_r: "Software\Policies\Microsoft\Windows\System" options: 0	Return Value 2 Status FAILURE
1602142760.47	RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000002" key_handle: "0x00000074" regkey: "HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor" regkey_r: "Software\Microsoft\Command Processor" options: 0	Status SUCCESS
1602142760.47	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DisableUNCCheck" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DisableUNCCheck"	Return Value 2 Status FAILURE
1602142760.47	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "EnableExtensions" reg_type: 4 value: 1 regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\EnableExtensions"	Status SUCCESS
1602142760.47	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DelayedExpansion" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DelayedExpansion"	Return Value 2 Status FAILURE

Showing 1 to 10 of 74 entries

cmd.exe 3144 3000

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	API	Arguments	Result
1602142761.11	GetSystemTimeAsFileTime		Status SUCCESS
1602142761.11	SetUnhandledExceptionFilter		Status FAILURE
1602142761.11	NtOpenThread	access: "0x001fffff" thread_name: "" thread_handle: "0x0000006c" process_identifier: 0	Status SUCCESS
1602142761.11	LdrGetDllHandle	module_name: "KERNEL32.DLL" stack_pivoted: 0 module_address: "0x7dd60000"	Status SUCCESS
1602142761.11	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd8a84f" module_address: "0x7dd60000" module: "kernel32" function_name: "SetThreadUILanguage"	Status SUCCESS
1602142761.11	RegOpenKeyExW	access: "0x00020019" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System" regkey_r: "Software\Policies\Microsoft\Windows\System" options: 0	Return Value 2 Status FAILURE
1602142761.11	RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000002" key_handle: "0x00000074" regkey: "HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor" regkey_r: "Software\Microsoft\Command Processor" options: 0	Status SUCCESS
1602142761.11	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DisableUNCCheck" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DisableUNCCheck"	Return Value 2 Status FAILURE
1602142761.11	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "EnableExtensions" reg_type: 4 value: 1 regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\EnableExtensions"	Status SUCCESS
1602142761.11	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DelayedExpansion" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DelayedExpansion"	Return Value 2 Status FAILURE

Showing 1 to 10 of 327 entries

reg.exe 3248 2868

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142761.48		GetSystemTimeAsFileTime		Status SUCCESS
1602142761.48		SetUnhandledExceptionFilter		Status FAILURE
1602142761.51		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142761.51	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142761.51		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142761.51		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142761.51		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142761.51		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 3248 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x008e0000"	Status SUCCESS
1602142761.51	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142761.51		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

reg.exe 3372 2868

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142762.83		GetSystemTimeAsFileTime		Status SUCCESS
1602142762.83		SetUnhandledExceptionFilter		Status FAILURE
1602142762.83		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142762.83	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142762.83		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142762.83		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142762.83		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142762.83		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 3372 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x00790000"	Status SUCCESS
1602142762.83	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142762.83		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

d79e4c4ceb3abc8a51a01eff14a51694d7c25f9306ee71a922a01fddb48a15fe.exe 3476 3176

cscript.exe 3516 3144

reg.exe 3548 2868

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142763.12		GetSystemTimeAsFileTime		Status SUCCESS
1602142763.12		SetUnhandledExceptionFilter		Status FAILURE
1602142763.12		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142763.12	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142763.12		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142763.14		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142763.14		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142763.14		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 3548 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x00790000"	Status SUCCESS
1602142763.14	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142763.14		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

cmd.exe 3700 2868

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	API	Arguments	Result
1602142764.67	GetSystemTimeAsFileTime		Status SUCCESS
1602142764.67	SetUnhandledExceptionFilter		Status FAILURE
1602142764.67	NtOpenThread	access: "0x001fffff" thread_name: "" thread_handle: "0x0000006c" process_identifier: 0	Status SUCCESS
1602142764.67	LdrGetDllHandle	module_name: "KERNEL32.DLL" stack_pivoted: 0 module_address: "0x7dd60000"	Status SUCCESS
1602142764.67	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd8a84f" module_address: "0x7dd60000" module: "kernel32" function_name: "SetThreadUILanguage"	Status SUCCESS
1602142764.67	RegOpenKeyExW	access: "0x00020019" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System" regkey_r: "Software\Policies\Microsoft\Windows\System" options: 0	Return Value 2 Status FAILURE
1602142764.67	RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000002" key_handle: "0x00000074" regkey: "HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor" regkey_r: "Software\Microsoft\Command Processor" options: 0	Status SUCCESS
1602142764.67	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DisableUNCCheck" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DisableUNCCheck"	Return Value 2 Status FAILURE
1602142764.67	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "EnableExtensions" reg_type: 4 value: 1 regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\EnableExtensions"	Status SUCCESS
1602142764.67	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DelayedExpansion" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DelayedExpansion"	Return Value 2 Status FAILURE

Showing 1 to 10 of 327 entries

cscript.exe 3780 3700

cmd.exe 3896 3476

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	API	Arguments	Result
1602142769.64	GetSystemTimeAsFileTime		Status SUCCESS
1602142769.64	SetUnhandledExceptionFilter		Status FAILURE
1602142769.64	NtOpenThread	access: "0x001fffff" thread_name: "" thread_handle: "0x0000006c" process_identifier: 0	Status SUCCESS
1602142769.64	LdrGetDllHandle	module_name: "KERNEL32.DLL" stack_pivoted: 0 module_address: "0x7dd60000"	Status SUCCESS
1602142769.64	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd8a84f" module_address: "0x7dd60000" module: "kernel32" function_name: "SetThreadUILanguage"	Status SUCCESS
1602142769.64	RegOpenKeyExW	access: "0x00020019" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System" regkey_r: "Software\Policies\Microsoft\Windows\System" options: 0	Return Value 2 Status FAILURE
1602142769.64	RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000002" key_handle: "0x00000074" regkey: "HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor" regkey_r: "Software\Microsoft\Command Processor" options: 0	Status SUCCESS
1602142769.64	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DisableUNCCheck" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DisableUNCCheck"	Return Value 2 Status FAILURE
1602142769.64	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "EnableExtensions" reg_type: 4 value: 1 regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\EnableExtensions"	Status SUCCESS
1602142769.64	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DelayedExpansion" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DelayedExpansion"	Return Value 2 Status FAILURE

Showing 1 to 10 of 74 entries

reg.exe 3948 3476

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142770.49		GetSystemTimeAsFileTime		Status SUCCESS
1602142770.49		SetUnhandledExceptionFilter		Status FAILURE
1602142770.49		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142770.49	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142770.49		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142770.5		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142770.5		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142770.5		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 3948 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x00790000"	Status SUCCESS
1602142770.5	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142770.5		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

d79e4c4ceb3abc8a51a01eff14a51694d7c25f9306ee71a922a01fddb48a15fe.exe 3988 3896

reg.exe 4008 3476

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142771.34		GetSystemTimeAsFileTime		Status SUCCESS
1602142771.34		SetUnhandledExceptionFilter		Status FAILURE
1602142771.34		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142771.34	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142771.34		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142771.34		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142771.34		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142771.34		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 4008 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x00820000"	Status SUCCESS
1602142771.34	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142771.34		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

reg.exe 4092 3476

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142772.12		GetSystemTimeAsFileTime		Status SUCCESS
1602142772.12		SetUnhandledExceptionFilter		Status FAILURE
1602142772.12		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142772.12	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142772.12		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142772.12		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142772.12		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142772.12		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 4092 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x007f0000"	Status SUCCESS
1602142772.14	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142772.14		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

cmd.exe 2092 3476

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	API	Arguments	Result
1602142772.9	GetSystemTimeAsFileTime		Status SUCCESS
1602142772.9	SetUnhandledExceptionFilter		Status FAILURE
1602142772.9	NtOpenThread	access: "0x001fffff" thread_name: "" thread_handle: "0x0000006c" process_identifier: 0	Status SUCCESS
1602142772.9	LdrGetDllHandle	module_name: "KERNEL32.DLL" stack_pivoted: 0 module_address: "0x7dd60000"	Status SUCCESS
1602142772.9	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd8a84f" module_address: "0x7dd60000" module: "kernel32" function_name: "SetThreadUILanguage"	Status SUCCESS
1602142772.9	RegOpenKeyExW	access: "0x00020019" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System" regkey_r: "Software\Policies\Microsoft\Windows\System" options: 0	Return Value 2 Status FAILURE
1602142772.9	RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000002" key_handle: "0x00000074" regkey: "HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor" regkey_r: "Software\Microsoft\Command Processor" options: 0	Status SUCCESS
1602142772.9	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DisableUNCCheck" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DisableUNCCheck"	Return Value 2 Status FAILURE
1602142772.9	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "EnableExtensions" reg_type: 4 value: 1 regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\EnableExtensions"	Status SUCCESS
1602142772.9	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DelayedExpansion" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DelayedExpansion"	Return Value 2 Status FAILURE

Showing 1 to 10 of 327 entries

cmd.exe 3100 3988

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	API	Arguments	Result
1602142773.04	GetSystemTimeAsFileTime		Status SUCCESS
1602142773.04	SetUnhandledExceptionFilter		Status FAILURE
1602142773.04	NtOpenThread	access: "0x001fffff" thread_name: "" thread_handle: "0x0000006c" process_identifier: 0	Status SUCCESS
1602142773.04	LdrGetDllHandle	module_name: "KERNEL32.DLL" stack_pivoted: 0 module_address: "0x7dd60000"	Status SUCCESS
1602142773.04	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd8a84f" module_address: "0x7dd60000" module: "kernel32" function_name: "SetThreadUILanguage"	Status SUCCESS
1602142773.04	RegOpenKeyExW	access: "0x00020019" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System" regkey_r: "Software\Policies\Microsoft\Windows\System" options: 0	Return Value 2 Status FAILURE
1602142773.04	RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000002" key_handle: "0x00000074" regkey: "HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor" regkey_r: "Software\Microsoft\Command Processor" options: 0	Status SUCCESS
1602142773.04	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DisableUNCCheck" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DisableUNCCheck"	Return Value 2 Status FAILURE
1602142773.04	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "EnableExtensions" reg_type: 4 value: 1 regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\EnableExtensions"	Status SUCCESS
1602142773.04	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DelayedExpansion" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DelayedExpansion"	Return Value 2 Status FAILURE

Showing 1 to 10 of 74 entries

reg.exe 3260 3988

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142773.89		GetSystemTimeAsFileTime		Status SUCCESS
1602142773.89		SetUnhandledExceptionFilter		Status FAILURE
1602142773.89		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142773.89	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142773.89		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142773.89		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142773.89		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142773.89		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 3260 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x00790000"	Status SUCCESS
1602142773.89	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142773.89		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

d79e4c4ceb3abc8a51a01eff14a51694d7c25f9306ee71a922a01fddb48a15fe.exe 1740 3100

cscript.exe 2652 2092

reg.exe 3312 3988

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142775.32		GetSystemTimeAsFileTime		Status SUCCESS
1602142775.32		SetUnhandledExceptionFilter		Status FAILURE
1602142775.32		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142775.32	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142775.32		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142775.32		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142775.32		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142775.32		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 3312 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x00820000"	Status SUCCESS
1602142775.32	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142775.32		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

cmd.exe 2244 1740

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	API	Arguments	Result
1602142776.65	GetSystemTimeAsFileTime		Status SUCCESS
1602142776.65	SetUnhandledExceptionFilter		Status FAILURE
1602142776.65	NtOpenThread	access: "0x001fffff" thread_name: "" thread_handle: "0x0000006c" process_identifier: 0	Status SUCCESS
1602142776.65	LdrGetDllHandle	module_name: "KERNEL32.DLL" stack_pivoted: 0 module_address: "0x7dd60000"	Status SUCCESS
1602142776.65	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd8a84f" module_address: "0x7dd60000" module: "kernel32" function_name: "SetThreadUILanguage"	Status SUCCESS
1602142776.65	RegOpenKeyExW	access: "0x00020019" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System" regkey_r: "Software\Policies\Microsoft\Windows\System" options: 0	Return Value 2 Status FAILURE
1602142776.65	RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000002" key_handle: "0x00000074" regkey: "HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor" regkey_r: "Software\Microsoft\Command Processor" options: 0	Status SUCCESS
1602142776.65	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DisableUNCCheck" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DisableUNCCheck"	Return Value 2 Status FAILURE
1602142776.65	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "EnableExtensions" reg_type: 4 value: 1 regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\EnableExtensions"	Status SUCCESS
1602142776.66	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DelayedExpansion" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DelayedExpansion"	Return Value 2 Status FAILURE

Showing 1 to 10 of 74 entries

reg.exe 3488 3988

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142776.82		GetSystemTimeAsFileTime		Status SUCCESS
1602142776.82		SetUnhandledExceptionFilter		Status FAILURE
1602142776.82		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142776.82	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142776.82		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142776.82		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142776.83		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142776.83		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 3488 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x00820000"	Status SUCCESS
1602142776.83	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142776.83		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

reg.exe 3580 1740

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142776.88		GetSystemTimeAsFileTime		Status SUCCESS
1602142776.88		SetUnhandledExceptionFilter		Status FAILURE
1602142776.88		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142776.88	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142776.88		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142776.88		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142776.88		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142776.88		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 3580 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x007b0000"	Status SUCCESS
1602142776.88	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142776.88		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

cmd.exe 1684 3988

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	API	Arguments	Result
1602142776.93	GetSystemTimeAsFileTime		Status SUCCESS
1602142776.93	SetUnhandledExceptionFilter		Status FAILURE
1602142776.93	NtOpenThread	access: "0x001fffff" thread_name: "" thread_handle: "0x0000006c" process_identifier: 0	Status SUCCESS
1602142776.93	LdrGetDllHandle	module_name: "KERNEL32.DLL" stack_pivoted: 0 module_address: "0x7dd60000"	Status SUCCESS
1602142776.93	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd8a84f" module_address: "0x7dd60000" module: "kernel32" function_name: "SetThreadUILanguage"	Status SUCCESS
1602142776.93	RegOpenKeyExW	access: "0x00020019" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System" regkey_r: "Software\Policies\Microsoft\Windows\System" options: 0	Return Value 2 Status FAILURE
1602142776.93	RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000002" key_handle: "0x00000074" regkey: "HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor" regkey_r: "Software\Microsoft\Command Processor" options: 0	Status SUCCESS
1602142776.93	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DisableUNCCheck" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DisableUNCCheck"	Return Value 2 Status FAILURE
1602142776.93	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "EnableExtensions" reg_type: 4 value: 1 regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\EnableExtensions"	Status SUCCESS
1602142776.93	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DelayedExpansion" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DelayedExpansion"	Return Value 2 Status FAILURE

Showing 1 to 10 of 327 entries

d79e4c4ceb3abc8a51a01eff14a51694d7c25f9306ee71a922a01fddb48a15fe.exe 3552 2244

reg.exe 3664 1740

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142777.24		GetSystemTimeAsFileTime		Status SUCCESS
1602142777.24		SetUnhandledExceptionFilter		Status FAILURE
1602142777.24		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142777.24	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142777.24		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142777.24		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142777.24		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142777.24		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 3664 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x00790000"	Status SUCCESS
1602142777.24	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142777.24		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

reg.exe 604 1740

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142777.46		GetSystemTimeAsFileTime		Status SUCCESS
1602142777.46		SetUnhandledExceptionFilter		Status FAILURE
1602142777.46		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142777.46	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142777.46		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142777.46		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142777.46		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142777.46		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 604 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x00790000"	Status SUCCESS
1602142777.46	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142777.46		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

cscript.exe 3148 1684

cmd.exe 3332 1740

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	API	Arguments	Result
1602142777.61	GetSystemTimeAsFileTime		Status SUCCESS
1602142777.61	SetUnhandledExceptionFilter		Status FAILURE
1602142777.61	NtOpenThread	access: "0x001fffff" thread_name: "" thread_handle: "0x0000006c" process_identifier: 0	Status SUCCESS
1602142777.63	LdrGetDllHandle	module_name: "KERNEL32.DLL" stack_pivoted: 0 module_address: "0x7dd60000"	Status SUCCESS
1602142777.63	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd8a84f" module_address: "0x7dd60000" module: "kernel32" function_name: "SetThreadUILanguage"	Status SUCCESS
1602142777.63	RegOpenKeyExW	access: "0x00020019" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System" regkey_r: "Software\Policies\Microsoft\Windows\System" options: 0	Return Value 2 Status FAILURE
1602142777.63	RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000002" key_handle: "0x00000074" regkey: "HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor" regkey_r: "Software\Microsoft\Command Processor" options: 0	Status SUCCESS
1602142777.63	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DisableUNCCheck" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DisableUNCCheck"	Return Value 2 Status FAILURE
1602142777.63	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "EnableExtensions" reg_type: 4 value: 1 regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\EnableExtensions"	Status SUCCESS
1602142777.63	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DelayedExpansion" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DelayedExpansion"	Return Value 2 Status FAILURE

Showing 1 to 10 of 327 entries

cmd.exe 3856 3552

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	API	Arguments	Result
1602142778.44	GetSystemTimeAsFileTime		Status SUCCESS
1602142778.44	SetUnhandledExceptionFilter		Status FAILURE
1602142778.44	NtOpenThread	access: "0x001fffff" thread_name: "" thread_handle: "0x0000006c" process_identifier: 0	Status SUCCESS
1602142778.44	LdrGetDllHandle	module_name: "KERNEL32.DLL" stack_pivoted: 0 module_address: "0x7dd60000"	Status SUCCESS
1602142778.44	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd8a84f" module_address: "0x7dd60000" module: "kernel32" function_name: "SetThreadUILanguage"	Status SUCCESS
1602142778.44	RegOpenKeyExW	access: "0x00020019" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System" regkey_r: "Software\Policies\Microsoft\Windows\System" options: 0	Return Value 2 Status FAILURE
1602142778.44	RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000002" key_handle: "0x00000074" regkey: "HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor" regkey_r: "Software\Microsoft\Command Processor" options: 0	Status SUCCESS
1602142778.44	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DisableUNCCheck" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DisableUNCCheck"	Return Value 2 Status FAILURE
1602142778.44	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "EnableExtensions" reg_type: 4 value: 1 regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\EnableExtensions"	Status SUCCESS
1602142778.44	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DelayedExpansion" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DelayedExpansion"	Return Value 2 Status FAILURE

Showing 1 to 10 of 74 entries

cscript.exe 4024 3332

reg.exe 3980 3552

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142780.0		GetSystemTimeAsFileTime		Status SUCCESS
1602142780.0		SetUnhandledExceptionFilter		Status FAILURE
1602142780.0		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142780.0	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142780.0		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142780.0		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142780.0		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142780.0		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 3980 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x008e0000"	Status SUCCESS
1602142780.0	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142780.0		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

d79e4c4ceb3abc8a51a01eff14a51694d7c25f9306ee71a922a01fddb48a15fe.exe 3952 3856

reg.exe 3084 3552

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142780.23		GetSystemTimeAsFileTime		Status SUCCESS
1602142780.23		SetUnhandledExceptionFilter		Status FAILURE
1602142780.23		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142780.23	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142780.23		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142780.23		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142780.23		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142780.23		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 3084 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x00790000"	Status SUCCESS
1602142780.23	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142780.23		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

reg.exe 3168 3552

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142780.34		GetSystemTimeAsFileTime		Status SUCCESS
1602142780.34		SetUnhandledExceptionFilter		Status FAILURE
1602142780.34		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142780.34	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142780.34		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142780.34		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142780.34		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142780.34		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 3168 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x007d0000"	Status SUCCESS
1602142780.34	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142780.34		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

cmd.exe 3280 3552

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	API	Arguments	Result
1602142782.4	GetSystemTimeAsFileTime		Status SUCCESS
1602142782.4	SetUnhandledExceptionFilter		Status FAILURE
1602142782.4	NtOpenThread	access: "0x001fffff" thread_name: "" thread_handle: "0x0000006c" process_identifier: 0	Status SUCCESS
1602142782.4	LdrGetDllHandle	module_name: "KERNEL32.DLL" stack_pivoted: 0 module_address: "0x7dd60000"	Status SUCCESS
1602142782.4	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd8a84f" module_address: "0x7dd60000" module: "kernel32" function_name: "SetThreadUILanguage"	Status SUCCESS
1602142782.4	RegOpenKeyExW	access: "0x00020019" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System" regkey_r: "Software\Policies\Microsoft\Windows\System" options: 0	Return Value 2 Status FAILURE
1602142782.4	RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000002" key_handle: "0x00000074" regkey: "HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor" regkey_r: "Software\Microsoft\Command Processor" options: 0	Status SUCCESS
1602142782.4	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DisableUNCCheck" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DisableUNCCheck"	Return Value 2 Status FAILURE
1602142782.4	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "EnableExtensions" reg_type: 4 value: 1 regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\EnableExtensions"	Status SUCCESS
1602142782.4	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DelayedExpansion" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DelayedExpansion"	Return Value 2 Status FAILURE

Showing 1 to 10 of 328 entries

cscript.exe 796 3280

cmd.exe 2584 3952

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	API	Arguments	Result
1602142784.93	GetSystemTimeAsFileTime		Status SUCCESS
1602142784.93	SetUnhandledExceptionFilter		Status FAILURE
1602142784.93	NtOpenThread	access: "0x001fffff" thread_name: "" thread_handle: "0x0000006c" process_identifier: 0	Status SUCCESS
1602142784.93	LdrGetDllHandle	module_name: "KERNEL32.DLL" stack_pivoted: 0 module_address: "0x7dd60000"	Status SUCCESS
1602142784.93	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd8a84f" module_address: "0x7dd60000" module: "kernel32" function_name: "SetThreadUILanguage"	Status SUCCESS
1602142784.93	RegOpenKeyExW	access: "0x00020019" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System" regkey_r: "Software\Policies\Microsoft\Windows\System" options: 0	Return Value 2 Status FAILURE
1602142784.93	RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000002" key_handle: "0x00000074" regkey: "HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor" regkey_r: "Software\Microsoft\Command Processor" options: 0	Status SUCCESS
1602142784.93	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DisableUNCCheck" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DisableUNCCheck"	Return Value 2 Status FAILURE
1602142784.93	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "EnableExtensions" reg_type: 4 value: 1 regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\EnableExtensions"	Status SUCCESS
1602142784.93	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DelayedExpansion" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DelayedExpansion"	Return Value 2 Status FAILURE

Showing 1 to 10 of 74 entries

reg.exe 3408 3952

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142786.8		GetSystemTimeAsFileTime		Status SUCCESS
1602142786.8		SetUnhandledExceptionFilter		Status FAILURE
1602142786.8		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142786.82	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142786.82		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142786.82		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142786.82		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142786.82		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 3408 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x007d0000"	Status SUCCESS
1602142786.82	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142786.82		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

d79e4c4ceb3abc8a51a01eff14a51694d7c25f9306ee71a922a01fddb48a15fe.exe 2212 2584

reg.exe 1680 3952

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142787.15		GetSystemTimeAsFileTime		Status SUCCESS
1602142787.15		SetUnhandledExceptionFilter		Status FAILURE
1602142787.15		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142787.15	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142787.15		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142787.15		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142787.16		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142787.16		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 1680 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x007e0000"	Status SUCCESS
1602142787.16	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142787.16		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

reg.exe 3940 3952

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142788.78		GetSystemTimeAsFileTime		Status SUCCESS
1602142788.78		SetUnhandledExceptionFilter		Status FAILURE
1602142788.78		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142788.78	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142788.78		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142788.8		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142788.8		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142788.8		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 3940 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x00790000"	Status SUCCESS
1602142788.8	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142788.8		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

cmd.exe 3736 3952

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	API	Arguments	Result
1602142790.36	GetSystemTimeAsFileTime		Status SUCCESS
1602142790.36	SetUnhandledExceptionFilter		Status FAILURE
1602142790.36	NtOpenThread	access: "0x001fffff" thread_name: "" thread_handle: "0x0000006c" process_identifier: 0	Status SUCCESS
1602142790.36	LdrGetDllHandle	module_name: "KERNEL32.DLL" stack_pivoted: 0 module_address: "0x7dd60000"	Status SUCCESS
1602142790.36	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd8a84f" module_address: "0x7dd60000" module: "kernel32" function_name: "SetThreadUILanguage"	Status SUCCESS
1602142790.36	RegOpenKeyExW	access: "0x00020019" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System" regkey_r: "Software\Policies\Microsoft\Windows\System" options: 0	Return Value 2 Status FAILURE
1602142790.36	RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000002" key_handle: "0x00000074" regkey: "HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor" regkey_r: "Software\Microsoft\Command Processor" options: 0	Status SUCCESS
1602142790.36	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DisableUNCCheck" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DisableUNCCheck"	Return Value 2 Status FAILURE
1602142790.36	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "EnableExtensions" reg_type: 4 value: 1 regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\EnableExtensions"	Status SUCCESS
1602142790.36	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DelayedExpansion" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DelayedExpansion"	Return Value 2 Status FAILURE

Showing 1 to 10 of 327 entries

cmd.exe 3776 2212

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	API	Arguments	Result
1602142790.5	GetSystemTimeAsFileTime		Status SUCCESS
1602142790.5	SetUnhandledExceptionFilter		Status FAILURE
1602142790.5	NtOpenThread	access: "0x001fffff" thread_name: "" thread_handle: "0x0000006c" process_identifier: 0	Status SUCCESS
1602142790.5	LdrGetDllHandle	module_name: "KERNEL32.DLL" stack_pivoted: 0 module_address: "0x7dd60000"	Status SUCCESS
1602142790.5	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd8a84f" module_address: "0x7dd60000" module: "kernel32" function_name: "SetThreadUILanguage"	Status SUCCESS
1602142790.5	RegOpenKeyExW	access: "0x00020019" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System" regkey_r: "Software\Policies\Microsoft\Windows\System" options: 0	Return Value 2 Status FAILURE
1602142790.5	RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000002" key_handle: "0x00000074" regkey: "HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor" regkey_r: "Software\Microsoft\Command Processor" options: 0	Status SUCCESS
1602142790.5	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DisableUNCCheck" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DisableUNCCheck"	Return Value 2 Status FAILURE
1602142790.5	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "EnableExtensions" reg_type: 4 value: 1 regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\EnableExtensions"	Status SUCCESS
1602142790.5	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DelayedExpansion" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DelayedExpansion"	Return Value 2 Status FAILURE

Showing 1 to 10 of 74 entries

cscript.exe 3928 3736

reg.exe 3880 2212

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142790.75		GetSystemTimeAsFileTime		Status SUCCESS
1602142790.75		SetUnhandledExceptionFilter		Status FAILURE
1602142790.75		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142790.75	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142790.75		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142790.75		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142790.76		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142790.76		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 3880 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x007e0000"	Status SUCCESS
1602142790.76	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142790.76		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

d79e4c4ceb3abc8a51a01eff14a51694d7c25f9306ee71a922a01fddb48a15fe.exe 4088 3776

reg.exe 4028 2212

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142790.84		GetSystemTimeAsFileTime		Status SUCCESS
1602142790.84		SetUnhandledExceptionFilter		Status FAILURE
1602142790.84		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142790.84	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142790.84		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142790.84		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142790.84		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142790.84		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 4028 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x00790000"	Status SUCCESS
1602142790.84	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142790.84		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

reg.exe 3112 2212

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142791.19		GetSystemTimeAsFileTime		Status SUCCESS
1602142791.19		SetUnhandledExceptionFilter		Status FAILURE
1602142791.19		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142791.19	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142791.19		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142791.2		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142791.2		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142791.2		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 3112 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x007f0000"	Status SUCCESS
1602142791.2	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142791.2		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

cmd.exe 3164 2212

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	API	Arguments	Result
1602142791.4	GetSystemTimeAsFileTime		Status SUCCESS
1602142791.4	SetUnhandledExceptionFilter		Status FAILURE
1602142791.4	NtOpenThread	access: "0x001fffff" thread_name: "" thread_handle: "0x0000006c" process_identifier: 0	Status SUCCESS
1602142791.4	LdrGetDllHandle	module_name: "KERNEL32.DLL" stack_pivoted: 0 module_address: "0x7dd60000"	Status SUCCESS
1602142791.4	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd8a84f" module_address: "0x7dd60000" module: "kernel32" function_name: "SetThreadUILanguage"	Status SUCCESS
1602142791.4	RegOpenKeyExW	access: "0x00020019" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System" regkey_r: "Software\Policies\Microsoft\Windows\System" options: 0	Return Value 2 Status FAILURE
1602142791.4	RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000002" key_handle: "0x00000074" regkey: "HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor" regkey_r: "Software\Microsoft\Command Processor" options: 0	Status SUCCESS
1602142791.4	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DisableUNCCheck" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DisableUNCCheck"	Return Value 2 Status FAILURE
1602142791.4	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "EnableExtensions" reg_type: 4 value: 1 regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\EnableExtensions"	Status SUCCESS
1602142791.4	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DelayedExpansion" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DelayedExpansion"	Return Value 2 Status FAILURE

Showing 1 to 10 of 327 entries

cmd.exe 3120 4088

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	API	Arguments	Result
1602142791.51	GetSystemTimeAsFileTime		Status SUCCESS
1602142791.51	SetUnhandledExceptionFilter		Status FAILURE
1602142791.51	NtOpenThread	access: "0x001fffff" thread_name: "" thread_handle: "0x0000006c" process_identifier: 0	Status SUCCESS
1602142791.51	LdrGetDllHandle	module_name: "KERNEL32.DLL" stack_pivoted: 0 module_address: "0x7dd60000"	Status SUCCESS
1602142791.51	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd8a84f" module_address: "0x7dd60000" module: "kernel32" function_name: "SetThreadUILanguage"	Status SUCCESS
1602142791.51	RegOpenKeyExW	access: "0x00020019" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System" regkey_r: "Software\Policies\Microsoft\Windows\System" options: 0	Return Value 2 Status FAILURE
1602142791.51	RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000002" key_handle: "0x00000074" regkey: "HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor" regkey_r: "Software\Microsoft\Command Processor" options: 0	Status SUCCESS
1602142791.51	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DisableUNCCheck" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DisableUNCCheck"	Return Value 2 Status FAILURE
1602142791.51	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "EnableExtensions" reg_type: 4 value: 1 regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\EnableExtensions"	Status SUCCESS
1602142791.51	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DelayedExpansion" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DelayedExpansion"	Return Value 2 Status FAILURE

Showing 1 to 10 of 74 entries

reg.exe 3180 4088

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142791.76		GetSystemTimeAsFileTime		Status SUCCESS
1602142791.76		SetUnhandledExceptionFilter		Status FAILURE
1602142791.76		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142791.76	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142791.76		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142791.76		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142791.76		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142791.76		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 3180 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x007e0000"	Status SUCCESS
1602142791.78	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142791.78		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

d79e4c4ceb3abc8a51a01eff14a51694d7c25f9306ee71a922a01fddb48a15fe.exe 3228 3120

cscript.exe 3472 3164

reg.exe 544 4088

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142791.97		GetSystemTimeAsFileTime		Status SUCCESS
1602142791.97		SetUnhandledExceptionFilter		Status FAILURE
1602142791.97		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142791.97	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142791.97		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142791.97		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142791.97		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142791.97		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 544 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x00790000"	Status SUCCESS
1602142791.98	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142791.98		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

reg.exe 1688 4088

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142793.61		GetSystemTimeAsFileTime		Status SUCCESS
1602142793.61		SetUnhandledExceptionFilter		Status FAILURE
1602142793.61		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142793.61	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142793.61		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142793.61		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142793.61		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142793.61		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 1688 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x00820000"	Status SUCCESS
1602142793.61	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142793.61		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

cmd.exe 3612 4088

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	API	Arguments	Result
1602142794.56	GetSystemTimeAsFileTime		Status SUCCESS
1602142794.56	SetUnhandledExceptionFilter		Status FAILURE
1602142794.56	NtOpenThread	access: "0x001fffff" thread_name: "" thread_handle: "0x0000006c" process_identifier: 0	Status SUCCESS
1602142794.56	LdrGetDllHandle	module_name: "KERNEL32.DLL" stack_pivoted: 0 module_address: "0x7dd60000"	Status SUCCESS
1602142794.56	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd8a84f" module_address: "0x7dd60000" module: "kernel32" function_name: "SetThreadUILanguage"	Status SUCCESS
1602142794.56	RegOpenKeyExW	access: "0x00020019" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System" regkey_r: "Software\Policies\Microsoft\Windows\System" options: 0	Return Value 2 Status FAILURE
1602142794.56	RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000002" key_handle: "0x00000074" regkey: "HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor" regkey_r: "Software\Microsoft\Command Processor" options: 0	Status SUCCESS
1602142794.56	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DisableUNCCheck" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DisableUNCCheck"	Return Value 2 Status FAILURE
1602142794.56	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "EnableExtensions" reg_type: 4 value: 1 regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\EnableExtensions"	Status SUCCESS
1602142794.56	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DelayedExpansion" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DelayedExpansion"	Return Value 2 Status FAILURE

Showing 1 to 10 of 327 entries

cmd.exe 3428 3228

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	API	Arguments	Result
1602142796.6	GetSystemTimeAsFileTime		Status SUCCESS
1602142796.6	SetUnhandledExceptionFilter		Status FAILURE
1602142796.6	NtOpenThread	access: "0x001fffff" thread_name: "" thread_handle: "0x0000006c" process_identifier: 0	Status SUCCESS
1602142796.6	LdrGetDllHandle	module_name: "KERNEL32.DLL" stack_pivoted: 0 module_address: "0x7dd60000"	Status SUCCESS
1602142796.6	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd8a84f" module_address: "0x7dd60000" module: "kernel32" function_name: "SetThreadUILanguage"	Status SUCCESS
1602142796.6	RegOpenKeyExW	access: "0x00020019" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System" regkey_r: "Software\Policies\Microsoft\Windows\System" options: 0	Return Value 2 Status FAILURE
1602142796.6	RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000002" key_handle: "0x00000074" regkey: "HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor" regkey_r: "Software\Microsoft\Command Processor" options: 0	Status SUCCESS
1602142796.6	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DisableUNCCheck" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DisableUNCCheck"	Return Value 2 Status FAILURE
1602142796.6	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "EnableExtensions" reg_type: 4 value: 1 regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\EnableExtensions"	Status SUCCESS
1602142796.6	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DelayedExpansion" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DelayedExpansion"	Return Value 2 Status FAILURE

Showing 1 to 10 of 74 entries

cscript.exe 3956 3612

d79e4c4ceb3abc8a51a01eff14a51694d7c25f9306ee71a922a01fddb48a15fe.exe 4020 3428

reg.exe 4060 3228

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142798.5		GetSystemTimeAsFileTime		Status SUCCESS
1602142798.5		SetUnhandledExceptionFilter		Status FAILURE
1602142798.5		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142798.5	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142798.5		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142798.5		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142798.5		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142798.5		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 4060 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x007f0000"	Status SUCCESS
1602142798.5	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142798.52		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

reg.exe 3932 3228

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142798.56		GetSystemTimeAsFileTime		Status SUCCESS
1602142798.56		SetUnhandledExceptionFilter		Status FAILURE
1602142798.56		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142798.56	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142798.56		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142798.56		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142798.56		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142798.56		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 3932 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x00790000"	Status SUCCESS
1602142798.56	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142798.56		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

reg.exe 3268 3228

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142798.55		GetSystemTimeAsFileTime		Status SUCCESS
1602142798.55		SetUnhandledExceptionFilter		Status FAILURE
1602142798.55		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142798.55	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142798.55		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142798.55		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142798.55		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142798.55		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 3268 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x00850000"	Status SUCCESS
1602142798.55	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142798.55		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

cmd.exe 3796 3228

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	API	Arguments	Result
1602142798.67	GetSystemTimeAsFileTime		Status SUCCESS
1602142798.69	SetUnhandledExceptionFilter		Status FAILURE
1602142798.69	NtOpenThread	access: "0x001fffff" thread_name: "" thread_handle: "0x0000006c" process_identifier: 0	Status SUCCESS
1602142798.69	LdrGetDllHandle	module_name: "KERNEL32.DLL" stack_pivoted: 0 module_address: "0x7dd60000"	Status SUCCESS
1602142798.69	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd8a84f" module_address: "0x7dd60000" module: "kernel32" function_name: "SetThreadUILanguage"	Status SUCCESS
1602142798.69	RegOpenKeyExW	access: "0x00020019" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System" regkey_r: "Software\Policies\Microsoft\Windows\System" options: 0	Return Value 2 Status FAILURE
1602142798.69	RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000002" key_handle: "0x00000074" regkey: "HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor" regkey_r: "Software\Microsoft\Command Processor" options: 0	Status SUCCESS
1602142798.69	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DisableUNCCheck" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DisableUNCCheck"	Return Value 2 Status FAILURE
1602142798.69	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "EnableExtensions" reg_type: 4 value: 1 regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\EnableExtensions"	Status SUCCESS
1602142798.69	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DelayedExpansion" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DelayedExpansion"	Return Value 2 Status FAILURE

Showing 1 to 10 of 328 entries

cscript.exe 748 3796

cmd.exe 1348 4020

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	API	Arguments	Result
1602142800.23	GetSystemTimeAsFileTime		Status SUCCESS
1602142800.23	SetUnhandledExceptionFilter		Status FAILURE
1602142800.23	NtOpenThread	access: "0x001fffff" thread_name: "" thread_handle: "0x0000006c" process_identifier: 0	Status SUCCESS
1602142800.23	LdrGetDllHandle	module_name: "KERNEL32.DLL" stack_pivoted: 0 module_address: "0x7dd60000"	Status SUCCESS
1602142800.23	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd8a84f" module_address: "0x7dd60000" module: "kernel32" function_name: "SetThreadUILanguage"	Status SUCCESS
1602142800.23	RegOpenKeyExW	access: "0x00020019" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System" regkey_r: "Software\Policies\Microsoft\Windows\System" options: 0	Return Value 2 Status FAILURE
1602142800.23	RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000002" key_handle: "0x00000074" regkey: "HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor" regkey_r: "Software\Microsoft\Command Processor" options: 0	Status SUCCESS
1602142800.23	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DisableUNCCheck" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DisableUNCCheck"	Return Value 2 Status FAILURE
1602142800.23	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "EnableExtensions" reg_type: 4 value: 1 regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\EnableExtensions"	Status SUCCESS
1602142800.23	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DelayedExpansion" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DelayedExpansion"	Return Value 2 Status FAILURE

Showing 1 to 10 of 74 entries

reg.exe 3536 4020

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142800.36		GetSystemTimeAsFileTime		Status SUCCESS
1602142800.36		SetUnhandledExceptionFilter		Status FAILURE
1602142800.36		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142800.36	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142800.36		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142800.36		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142800.36		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142800.36		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 3536 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x00790000"	Status SUCCESS
1602142800.36	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142800.36		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

reg.exe 2148 4020

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142800.37		GetSystemTimeAsFileTime		Status SUCCESS
1602142800.37		SetUnhandledExceptionFilter		Status FAILURE
1602142800.37		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142800.37	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142800.37		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142800.37		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142800.37		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142800.37		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 2148 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x00890000"	Status SUCCESS
1602142800.37	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142800.37		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

reg.exe 1992 4020

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142800.47		GetSystemTimeAsFileTime		Status SUCCESS
1602142800.47		SetUnhandledExceptionFilter		Status FAILURE
1602142800.47		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142800.47	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142800.47		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142800.47		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142800.47		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142800.47		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 1992 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x007c0000"	Status SUCCESS
1602142800.47	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142800.47		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

d79e4c4ceb3abc8a51a01eff14a51694d7c25f9306ee71a922a01fddb48a15fe.exe 3716 1348

cmd.exe 3920 4020

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	API	Arguments	Result
1602142800.62	GetSystemTimeAsFileTime		Status SUCCESS
1602142800.62	SetUnhandledExceptionFilter		Status FAILURE
1602142800.62	NtOpenThread	access: "0x001fffff" thread_name: "" thread_handle: "0x0000006c" process_identifier: 0	Status SUCCESS
1602142800.62	LdrGetDllHandle	module_name: "KERNEL32.DLL" stack_pivoted: 0 module_address: "0x7dd60000"	Status SUCCESS
1602142800.62	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd8a84f" module_address: "0x7dd60000" module: "kernel32" function_name: "SetThreadUILanguage"	Status SUCCESS
1602142800.62	RegOpenKeyExW	access: "0x00020019" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System" regkey_r: "Software\Policies\Microsoft\Windows\System" options: 0	Return Value 2 Status FAILURE
1602142800.62	RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000002" key_handle: "0x00000074" regkey: "HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor" regkey_r: "Software\Microsoft\Command Processor" options: 0	Status SUCCESS
1602142800.62	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DisableUNCCheck" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DisableUNCCheck"	Return Value 2 Status FAILURE
1602142800.62	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "EnableExtensions" reg_type: 4 value: 1 regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\EnableExtensions"	Status SUCCESS
1602142800.62	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DelayedExpansion" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DelayedExpansion"	Return Value 2 Status FAILURE

Showing 1 to 10 of 327 entries

cscript.exe 3908 3920

cmd.exe 3684 3716

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	API	Arguments	Result
1602142805.9	GetSystemTimeAsFileTime		Status SUCCESS
1602142805.9	SetUnhandledExceptionFilter		Status FAILURE
1602142805.9	NtOpenThread	access: "0x001fffff" thread_name: "" thread_handle: "0x0000006c" process_identifier: 0	Status SUCCESS
1602142805.9	LdrGetDllHandle	module_name: "KERNEL32.DLL" stack_pivoted: 0 module_address: "0x7dd60000"	Status SUCCESS
1602142805.9	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd8a84f" module_address: "0x7dd60000" module: "kernel32" function_name: "SetThreadUILanguage"	Status SUCCESS
1602142805.9	RegOpenKeyExW	access: "0x00020019" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System" regkey_r: "Software\Policies\Microsoft\Windows\System" options: 0	Return Value 2 Status FAILURE
1602142805.9	RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000002" key_handle: "0x00000074" regkey: "HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor" regkey_r: "Software\Microsoft\Command Processor" options: 0	Status SUCCESS
1602142805.9	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DisableUNCCheck" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DisableUNCCheck"	Return Value 2 Status FAILURE
1602142805.9	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "EnableExtensions" reg_type: 4 value: 1 regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\EnableExtensions"	Status SUCCESS
1602142805.9	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DelayedExpansion" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DelayedExpansion"	Return Value 2 Status FAILURE

Showing 1 to 10 of 74 entries

reg.exe 3512 3716

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142811.03		GetSystemTimeAsFileTime		Status SUCCESS
1602142811.03		SetUnhandledExceptionFilter		Status FAILURE
1602142811.09		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142811.09	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142811.09		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142811.09		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142811.09		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142811.09		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 3512 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x00830000"	Status SUCCESS
1602142811.09	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142811.09		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

d79e4c4ceb3abc8a51a01eff14a51694d7c25f9306ee71a922a01fddb48a15fe.exe 1892 3684

reg.exe 1808 3716

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142811.23		GetSystemTimeAsFileTime		Status SUCCESS
1602142811.23		SetUnhandledExceptionFilter		Status FAILURE
1602142811.23		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142811.23	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142811.23		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142811.23		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142811.23		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142811.23		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 1808 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x00790000"	Status SUCCESS
1602142811.23	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142811.23		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

reg.exe 1816 3716

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142814.04		GetSystemTimeAsFileTime		Status SUCCESS
1602142814.04		SetUnhandledExceptionFilter		Status FAILURE
1602142814.04		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142814.04	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142814.04		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142814.04		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142814.04		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142814.04		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 1816 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x008c0000"	Status SUCCESS
1602142814.04	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142814.04		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

cmd.exe 3528 3716

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	API	Arguments	Result
1602142816.55	GetSystemTimeAsFileTime		Status SUCCESS
1602142816.55	SetUnhandledExceptionFilter		Status FAILURE
1602142816.55	NtOpenThread	access: "0x001fffff" thread_name: "" thread_handle: "0x0000006c" process_identifier: 0	Status SUCCESS
1602142816.55	LdrGetDllHandle	module_name: "KERNEL32.DLL" stack_pivoted: 0 module_address: "0x7dd60000"	Status SUCCESS
1602142816.55	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd8a84f" module_address: "0x7dd60000" module: "kernel32" function_name: "SetThreadUILanguage"	Status SUCCESS
1602142816.55	RegOpenKeyExW	access: "0x00020019" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System" regkey_r: "Software\Policies\Microsoft\Windows\System" options: 0	Return Value 2 Status FAILURE
1602142816.55	RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000002" key_handle: "0x00000074" regkey: "HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor" regkey_r: "Software\Microsoft\Command Processor" options: 0	Status SUCCESS
1602142816.55	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DisableUNCCheck" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DisableUNCCheck"	Return Value 2 Status FAILURE
1602142816.55	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "EnableExtensions" reg_type: 4 value: 1 regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\EnableExtensions"	Status SUCCESS
1602142816.55	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DelayedExpansion" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DelayedExpansion"	Return Value 2 Status FAILURE

Showing 1 to 10 of 327 entries

cscript.exe 2456 3528

cmd.exe 1476 1892

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	API	Arguments	Result
1602142828.25	GetSystemTimeAsFileTime		Status SUCCESS
1602142828.25	SetUnhandledExceptionFilter		Status FAILURE
1602142828.25	NtOpenThread	access: "0x001fffff" thread_name: "" thread_handle: "0x0000006c" process_identifier: 0	Status SUCCESS
1602142828.25	LdrGetDllHandle	module_name: "KERNEL32.DLL" stack_pivoted: 0 module_address: "0x7dd60000"	Status SUCCESS
1602142828.25	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd8a84f" module_address: "0x7dd60000" module: "kernel32" function_name: "SetThreadUILanguage"	Status SUCCESS
1602142828.25	RegOpenKeyExW	access: "0x00020019" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System" regkey_r: "Software\Policies\Microsoft\Windows\System" options: 0	Return Value 2 Status FAILURE
1602142828.25	RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000002" key_handle: "0x00000074" regkey: "HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor" regkey_r: "Software\Microsoft\Command Processor" options: 0	Status SUCCESS
1602142828.25	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DisableUNCCheck" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DisableUNCCheck"	Return Value 2 Status FAILURE
1602142828.25	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "EnableExtensions" reg_type: 4 value: 1 regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\EnableExtensions"	Status SUCCESS
1602142828.25	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DelayedExpansion" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DelayedExpansion"	Return Value 2 Status FAILURE

Showing 1 to 10 of 74 entries

d79e4c4ceb3abc8a51a01eff14a51694d7c25f9306ee71a922a01fddb48a15fe.exe 2528 1476

reg.exe 3728 1892

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142830.56		GetSystemTimeAsFileTime		Status SUCCESS
1602142830.56		SetUnhandledExceptionFilter		Status FAILURE
1602142830.56		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142830.56	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142830.56		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142830.56		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142830.56		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142830.56		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 3728 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x007c0000"	Status SUCCESS
1602142830.56	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142830.56		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

reg.exe 3976 1892

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142834.38		GetSystemTimeAsFileTime		Status SUCCESS
1602142834.38		SetUnhandledExceptionFilter		Status FAILURE
1602142834.38		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142834.38	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142834.38		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142834.4		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142834.4		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142834.4		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 3976 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x00840000"	Status SUCCESS
1602142834.4	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142834.4		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

reg.exe 3704 1892

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142836.38		GetSystemTimeAsFileTime		Status SUCCESS
1602142836.38		SetUnhandledExceptionFilter		Status FAILURE
1602142836.4		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142836.4	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142836.4		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142836.4		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142836.4		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142836.4		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 3704 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x00820000"	Status SUCCESS
1602142836.4	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142836.4		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

cmd.exe 3080 1892

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	API	Arguments	Result
1602142836.55	GetSystemTimeAsFileTime		Status SUCCESS
1602142836.55	SetUnhandledExceptionFilter		Status FAILURE
1602142836.55	NtOpenThread	access: "0x001fffff" thread_name: "" thread_handle: "0x0000006c" process_identifier: 0	Status SUCCESS
1602142836.58	LdrGetDllHandle	module_name: "KERNEL32.DLL" stack_pivoted: 0 module_address: "0x7dd60000"	Status SUCCESS
1602142836.61	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd8a84f" module_address: "0x7dd60000" module: "kernel32" function_name: "SetThreadUILanguage"	Status SUCCESS
1602142836.61	RegOpenKeyExW	access: "0x00020019" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System" regkey_r: "Software\Policies\Microsoft\Windows\System" options: 0	Return Value 2 Status FAILURE
1602142836.61	RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000002" key_handle: "0x00000074" regkey: "HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor" regkey_r: "Software\Microsoft\Command Processor" options: 0	Status SUCCESS
1602142836.61	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DisableUNCCheck" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DisableUNCCheck"	Return Value 2 Status FAILURE
1602142836.61	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "EnableExtensions" reg_type: 4 value: 1 regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\EnableExtensions"	Status SUCCESS
1602142836.61	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DelayedExpansion" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DelayedExpansion"	Return Value 2 Status FAILURE

Showing 1 to 10 of 327 entries

cscript.exe 4032 3080

cmd.exe 3116 2528

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	API	Arguments	Result
1602142837.35	GetSystemTimeAsFileTime		Status SUCCESS
1602142837.35	SetUnhandledExceptionFilter		Status FAILURE
1602142837.35	NtOpenThread	access: "0x001fffff" thread_name: "" thread_handle: "0x0000006c" process_identifier: 0	Status SUCCESS
1602142837.35	LdrGetDllHandle	module_name: "KERNEL32.DLL" stack_pivoted: 0 module_address: "0x7dd60000"	Status SUCCESS
1602142837.35	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd8a84f" module_address: "0x7dd60000" module: "kernel32" function_name: "SetThreadUILanguage"	Status SUCCESS
1602142837.35	RegOpenKeyExW	access: "0x00020019" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System" regkey_r: "Software\Policies\Microsoft\Windows\System" options: 0	Return Value 2 Status FAILURE
1602142837.35	RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000002" key_handle: "0x00000074" regkey: "HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor" regkey_r: "Software\Microsoft\Command Processor" options: 0	Status SUCCESS
1602142837.35	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DisableUNCCheck" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DisableUNCCheck"	Return Value 2 Status FAILURE
1602142837.35	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "EnableExtensions" reg_type: 4 value: 1 regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\EnableExtensions"	Status SUCCESS
1602142837.35	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DelayedExpansion" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DelayedExpansion"	Return Value 2 Status FAILURE

Showing 1 to 10 of 74 entries

reg.exe 3764 2528

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142837.49		GetSystemTimeAsFileTime		Status SUCCESS
1602142837.49		SetUnhandledExceptionFilter		Status FAILURE
1602142837.49		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142837.49	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142837.49		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142837.49		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142837.49		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142837.49		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 3764 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x007a0000"	Status SUCCESS
1602142837.49	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142837.49		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

reg.exe 2492 2528

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142837.6		GetSystemTimeAsFileTime		Status SUCCESS
1602142837.6		SetUnhandledExceptionFilter		Status FAILURE
1602142837.6		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142837.6	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142837.6		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142837.6		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142837.6		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142837.6		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 2492 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x00830000"	Status SUCCESS
1602142837.6	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142837.6		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

d79e4c4ceb3abc8a51a01eff14a51694d7c25f9306ee71a922a01fddb48a15fe.exe 1896 3116

reg.exe 3996 2528

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142837.77		GetSystemTimeAsFileTime		Status SUCCESS
1602142837.77		SetUnhandledExceptionFilter		Status FAILURE
1602142837.77		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142837.77	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142837.77		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142837.77		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142837.77		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142837.77		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 3996 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x00790000"	Status SUCCESS
1602142837.77	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142837.77		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

cmd.exe 1672 2528

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	API	Arguments	Result
1602142837.69	GetSystemTimeAsFileTime		Status SUCCESS
1602142837.69	SetUnhandledExceptionFilter		Status FAILURE
1602142837.69	NtOpenThread	access: "0x001fffff" thread_name: "" thread_handle: "0x0000006c" process_identifier: 0	Status SUCCESS
1602142837.69	LdrGetDllHandle	module_name: "KERNEL32.DLL" stack_pivoted: 0 module_address: "0x7dd60000"	Status SUCCESS
1602142837.69	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd8a84f" module_address: "0x7dd60000" module: "kernel32" function_name: "SetThreadUILanguage"	Status SUCCESS
1602142837.69	RegOpenKeyExW	access: "0x00020019" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System" regkey_r: "Software\Policies\Microsoft\Windows\System" options: 0	Return Value 2 Status FAILURE
1602142837.69	RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000002" key_handle: "0x00000074" regkey: "HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor" regkey_r: "Software\Microsoft\Command Processor" options: 0	Status SUCCESS
1602142837.69	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DisableUNCCheck" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DisableUNCCheck"	Return Value 2 Status FAILURE
1602142837.69	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "EnableExtensions" reg_type: 4 value: 1 regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\EnableExtensions"	Status SUCCESS
1602142837.69	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DelayedExpansion" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DelayedExpansion"	Return Value 2 Status FAILURE

Showing 1 to 10 of 327 entries

cscript.exe 1716 1672

cmd.exe 1536 1896

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	API	Arguments	Result
1602142838.24	GetSystemTimeAsFileTime		Status SUCCESS
1602142838.24	SetUnhandledExceptionFilter		Status FAILURE
1602142838.24	NtOpenThread	access: "0x001fffff" thread_name: "" thread_handle: "0x0000006c" process_identifier: 0	Status SUCCESS
1602142838.24	LdrGetDllHandle	module_name: "KERNEL32.DLL" stack_pivoted: 0 module_address: "0x7dd60000"	Status SUCCESS
1602142838.24	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd8a84f" module_address: "0x7dd60000" module: "kernel32" function_name: "SetThreadUILanguage"	Status SUCCESS
1602142838.24	RegOpenKeyExW	access: "0x00020019" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System" regkey_r: "Software\Policies\Microsoft\Windows\System" options: 0	Return Value 2 Status FAILURE
1602142838.24	RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000002" key_handle: "0x00000074" regkey: "HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor" regkey_r: "Software\Microsoft\Command Processor" options: 0	Status SUCCESS
1602142838.24	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DisableUNCCheck" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DisableUNCCheck"	Return Value 2 Status FAILURE
1602142838.24	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "EnableExtensions" reg_type: 4 value: 1 regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\EnableExtensions"	Status SUCCESS
1602142838.24	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DelayedExpansion" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DelayedExpansion"	Return Value 2 Status FAILURE

Showing 1 to 10 of 74 entries

reg.exe 4012 1896

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142838.31		GetSystemTimeAsFileTime		Status SUCCESS
1602142838.31		SetUnhandledExceptionFilter		Status FAILURE
1602142838.31		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142838.31	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142838.31		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142838.31		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142838.31		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142838.31		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 4012 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x008a0000"	Status SUCCESS
1602142838.31	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142838.31		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

reg.exe 3836 1896

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142838.35		GetSystemTimeAsFileTime		Status SUCCESS
1602142838.35		SetUnhandledExceptionFilter		Status FAILURE
1602142838.35		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142838.35	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142838.35		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142838.35		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142838.35		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142838.35		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 3836 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x00800000"	Status SUCCESS
1602142838.35	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142838.35		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

reg.exe 3456 1896

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142838.41		GetSystemTimeAsFileTime		Status SUCCESS
1602142838.41		SetUnhandledExceptionFilter		Status FAILURE
1602142838.41		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142838.41	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142838.41		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142838.41		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142838.41		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142838.41		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 3456 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x00790000"	Status SUCCESS
1602142838.41	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142838.41		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

cmd.exe 3500 1896

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	API	Arguments	Result
1602142838.44	GetSystemTimeAsFileTime		Status SUCCESS
1602142838.44	SetUnhandledExceptionFilter		Status FAILURE
1602142838.44	NtOpenThread	access: "0x001fffff" thread_name: "" thread_handle: "0x0000006c" process_identifier: 0	Status SUCCESS
1602142838.44	LdrGetDllHandle	module_name: "KERNEL32.DLL" stack_pivoted: 0 module_address: "0x7dd60000"	Status SUCCESS
1602142838.44	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd8a84f" module_address: "0x7dd60000" module: "kernel32" function_name: "SetThreadUILanguage"	Status SUCCESS
1602142838.44	RegOpenKeyExW	access: "0x00020019" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System" regkey_r: "Software\Policies\Microsoft\Windows\System" options: 0	Return Value 2 Status FAILURE
1602142838.44	RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000002" key_handle: "0x00000074" regkey: "HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor" regkey_r: "Software\Microsoft\Command Processor" options: 0	Status SUCCESS
1602142838.44	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DisableUNCCheck" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DisableUNCCheck"	Return Value 2 Status FAILURE
1602142838.44	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "EnableExtensions" reg_type: 4 value: 1 regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\EnableExtensions"	Status SUCCESS
1602142838.44	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DelayedExpansion" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DelayedExpansion"	Return Value 2 Status FAILURE

Showing 1 to 10 of 327 entries

d79e4c4ceb3abc8a51a01eff14a51694d7c25f9306ee71a922a01fddb48a15fe.exe 3128 1536

cscript.exe 3752 3500

cmd.exe 860 3128

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	API	Arguments	Result
1602142838.97	GetSystemTimeAsFileTime		Status SUCCESS
1602142838.97	SetUnhandledExceptionFilter		Status FAILURE
1602142838.97	NtOpenThread	access: "0x001fffff" thread_name: "" thread_handle: "0x0000006c" process_identifier: 0	Status SUCCESS
1602142838.97	LdrGetDllHandle	module_name: "KERNEL32.DLL" stack_pivoted: 0 module_address: "0x7dd60000"	Status SUCCESS
1602142838.97	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd8a84f" module_address: "0x7dd60000" module: "kernel32" function_name: "SetThreadUILanguage"	Status SUCCESS
1602142838.97	RegOpenKeyExW	access: "0x00020019" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System" regkey_r: "Software\Policies\Microsoft\Windows\System" options: 0	Return Value 2 Status FAILURE
1602142838.97	RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000002" key_handle: "0x00000074" regkey: "HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor" regkey_r: "Software\Microsoft\Command Processor" options: 0	Status SUCCESS
1602142838.97	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DisableUNCCheck" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DisableUNCCheck"	Return Value 2 Status FAILURE
1602142838.97	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "EnableExtensions" reg_type: 4 value: 1 regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\EnableExtensions"	Status SUCCESS
1602142838.97	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DelayedExpansion" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DelayedExpansion"	Return Value 2 Status FAILURE

Showing 1 to 10 of 74 entries

reg.exe 600 3128

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142839.08		GetSystemTimeAsFileTime		Status SUCCESS
1602142839.08		SetUnhandledExceptionFilter		Status FAILURE
1602142839.08		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142839.08	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142839.08		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142839.08		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142839.08		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142839.08		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 600 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x00820000"	Status SUCCESS
1602142839.08	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142839.08		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

reg.exe 3784 3128

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142839.16		GetSystemTimeAsFileTime		Status SUCCESS
1602142839.16		SetUnhandledExceptionFilter		Status FAILURE
1602142839.16		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142839.16	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142839.16		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142839.16		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142839.16		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142839.16		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 3784 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x007a0000"	Status SUCCESS
1602142839.16	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142839.16		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

d79e4c4ceb3abc8a51a01eff14a51694d7c25f9306ee71a922a01fddb48a15fe.exe 3244 860

cmd.exe 2392 3128

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	API	Arguments	Result
1602142839.25	GetSystemTimeAsFileTime		Status SUCCESS
1602142839.25	SetUnhandledExceptionFilter		Status FAILURE
1602142839.25	NtOpenThread	access: "0x001fffff" thread_name: "" thread_handle: "0x0000006c" process_identifier: 0	Status SUCCESS
1602142839.25	LdrGetDllHandle	module_name: "KERNEL32.DLL" stack_pivoted: 0 module_address: "0x7dd60000"	Status SUCCESS
1602142839.25	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd8a84f" module_address: "0x7dd60000" module: "kernel32" function_name: "SetThreadUILanguage"	Status SUCCESS
1602142839.25	RegOpenKeyExW	access: "0x00020019" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System" regkey_r: "Software\Policies\Microsoft\Windows\System" options: 0	Return Value 2 Status FAILURE
1602142839.25	RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000002" key_handle: "0x00000074" regkey: "HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor" regkey_r: "Software\Microsoft\Command Processor" options: 0	Status SUCCESS
1602142839.25	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DisableUNCCheck" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DisableUNCCheck"	Return Value 2 Status FAILURE
1602142839.25	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "EnableExtensions" reg_type: 4 value: 1 regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\EnableExtensions"	Status SUCCESS
1602142839.25	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DelayedExpansion" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DelayedExpansion"	Return Value 2 Status FAILURE

Showing 1 to 10 of 327 entries

reg.exe 2112 3128

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142839.33		GetSystemTimeAsFileTime		Status SUCCESS
1602142839.33		SetUnhandledExceptionFilter		Status FAILURE
1602142839.33		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142839.33	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142839.33		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142839.33		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142839.33		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142839.33		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 2112 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x00790000"	Status SUCCESS
1602142839.33	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142839.33		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

cscript.exe 4084 2392

cmd.exe 3508 3244

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	API	Arguments	Result
1602142839.73	GetSystemTimeAsFileTime		Status SUCCESS
1602142839.73	SetUnhandledExceptionFilter		Status FAILURE
1602142839.73	NtOpenThread	access: "0x001fffff" thread_name: "" thread_handle: "0x0000006c" process_identifier: 0	Status SUCCESS
1602142839.73	LdrGetDllHandle	module_name: "KERNEL32.DLL" stack_pivoted: 0 module_address: "0x7dd60000"	Status SUCCESS
1602142839.73	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd8a84f" module_address: "0x7dd60000" module: "kernel32" function_name: "SetThreadUILanguage"	Status SUCCESS
1602142839.73	RegOpenKeyExW	access: "0x00020019" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System" regkey_r: "Software\Policies\Microsoft\Windows\System" options: 0	Return Value 2 Status FAILURE
1602142839.75	RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000002" key_handle: "0x00000074" regkey: "HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor" regkey_r: "Software\Microsoft\Command Processor" options: 0	Status SUCCESS
1602142839.75	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DisableUNCCheck" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DisableUNCCheck"	Return Value 2 Status FAILURE
1602142839.75	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "EnableExtensions" reg_type: 4 value: 1 regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\EnableExtensions"	Status SUCCESS
1602142839.75	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DelayedExpansion" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DelayedExpansion"	Return Value 2 Status FAILURE

Showing 1 to 10 of 74 entries

reg.exe 3160 3244

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142839.86		GetSystemTimeAsFileTime		Status SUCCESS
1602142839.86		SetUnhandledExceptionFilter		Status FAILURE
1602142839.86		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142839.86	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142839.86		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142839.86		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142839.86		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142839.86		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 3160 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x00790000"	Status SUCCESS
1602142839.86	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142839.86		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

reg.exe 3532 3244

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142839.95		GetSystemTimeAsFileTime		Status SUCCESS
1602142839.95		SetUnhandledExceptionFilter		Status FAILURE
1602142839.95		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142839.95	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142839.95		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142839.95		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142839.95		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142839.95		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 3532 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x008f0000"	Status SUCCESS
1602142839.95	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142839.95		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

d79e4c4ceb3abc8a51a01eff14a51694d7c25f9306ee71a922a01fddb48a15fe.exe 3496 3508

reg.exe 1112 3244

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142840.0		GetSystemTimeAsFileTime		Status SUCCESS
1602142840.0		SetUnhandledExceptionFilter		Status FAILURE
1602142840.0		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142840.0	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142840.0		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142840.0		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142840.0		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142840.0		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 1112 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x00790000"	Status SUCCESS
1602142840.0	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142840.0		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

cmd.exe 1352 3244

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	API	Arguments	Result
1602142840.05	GetSystemTimeAsFileTime		Status SUCCESS
1602142840.05	SetUnhandledExceptionFilter		Status FAILURE
1602142840.05	NtOpenThread	access: "0x001fffff" thread_name: "" thread_handle: "0x0000006c" process_identifier: 0	Status SUCCESS
1602142840.05	LdrGetDllHandle	module_name: "KERNEL32.DLL" stack_pivoted: 0 module_address: "0x7dd60000"	Status SUCCESS
1602142840.06	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd8a84f" module_address: "0x7dd60000" module: "kernel32" function_name: "SetThreadUILanguage"	Status SUCCESS
1602142840.06	RegOpenKeyExW	access: "0x00020019" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System" regkey_r: "Software\Policies\Microsoft\Windows\System" options: 0	Return Value 2 Status FAILURE
1602142840.06	RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000002" key_handle: "0x00000074" regkey: "HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor" regkey_r: "Software\Microsoft\Command Processor" options: 0	Status SUCCESS
1602142840.06	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DisableUNCCheck" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DisableUNCCheck"	Return Value 2 Status FAILURE
1602142840.06	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "EnableExtensions" reg_type: 4 value: 1 regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\EnableExtensions"	Status SUCCESS
1602142840.06	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DelayedExpansion" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DelayedExpansion"	Return Value 2 Status FAILURE

Showing 1 to 10 of 327 entries

cscript.exe 504 1352

cmd.exe 3520 3496

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	API	Arguments	Result
1602142840.5	GetSystemTimeAsFileTime		Status SUCCESS
1602142840.5	SetUnhandledExceptionFilter		Status FAILURE
1602142840.5	NtOpenThread	access: "0x001fffff" thread_name: "" thread_handle: "0x0000006c" process_identifier: 0	Status SUCCESS
1602142840.5	LdrGetDllHandle	module_name: "KERNEL32.DLL" stack_pivoted: 0 module_address: "0x7dd60000"	Status SUCCESS
1602142840.5	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd8a84f" module_address: "0x7dd60000" module: "kernel32" function_name: "SetThreadUILanguage"	Status SUCCESS
1602142840.5	RegOpenKeyExW	access: "0x00020019" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System" regkey_r: "Software\Policies\Microsoft\Windows\System" options: 0	Return Value 2 Status FAILURE
1602142840.5	RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000002" key_handle: "0x00000074" regkey: "HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor" regkey_r: "Software\Microsoft\Command Processor" options: 0	Status SUCCESS
1602142840.5	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DisableUNCCheck" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DisableUNCCheck"	Return Value 2 Status FAILURE
1602142840.5	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "EnableExtensions" reg_type: 4 value: 1 regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\EnableExtensions"	Status SUCCESS
1602142840.5	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DelayedExpansion" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DelayedExpansion"	Return Value 2 Status FAILURE

Showing 1 to 10 of 74 entries

reg.exe 3316 3496

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142840.62		GetSystemTimeAsFileTime		Status SUCCESS
1602142840.62		SetUnhandledExceptionFilter		Status FAILURE
1602142840.62		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142840.62	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142840.62		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142840.62		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142840.62		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142840.64		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 3316 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x00800000"	Status SUCCESS
1602142840.64	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142840.64		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

d79e4c4ceb3abc8a51a01eff14a51694d7c25f9306ee71a922a01fddb48a15fe.exe 3276 3520

reg.exe 3264 3496

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142840.7		GetSystemTimeAsFileTime		Status SUCCESS
1602142840.7		SetUnhandledExceptionFilter		Status FAILURE
1602142840.7		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142840.7	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142840.7		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142840.7		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142840.7		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142840.7		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 3264 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x00790000"	Status SUCCESS
1602142840.7	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142840.7		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

reg.exe 2276 3496

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142840.73		GetSystemTimeAsFileTime		Status SUCCESS
1602142840.73		SetUnhandledExceptionFilter		Status FAILURE
1602142840.73		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142840.73	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142840.73		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142840.73		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142840.73		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142840.73		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 2276 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x00850000"	Status SUCCESS
1602142840.73	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142840.73		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

cmd.exe 3648 3496

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	API	Arguments	Result
1602142840.81	GetSystemTimeAsFileTime		Status SUCCESS
1602142840.81	SetUnhandledExceptionFilter		Status FAILURE
1602142840.83	NtOpenThread	access: "0x001fffff" thread_name: "" thread_handle: "0x0000006c" process_identifier: 0	Status SUCCESS
1602142840.83	LdrGetDllHandle	module_name: "KERNEL32.DLL" stack_pivoted: 0 module_address: "0x7dd60000"	Status SUCCESS
1602142840.83	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd8a84f" module_address: "0x7dd60000" module: "kernel32" function_name: "SetThreadUILanguage"	Status SUCCESS
1602142840.83	RegOpenKeyExW	access: "0x00020019" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System" regkey_r: "Software\Policies\Microsoft\Windows\System" options: 0	Return Value 2 Status FAILURE
1602142840.83	RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000002" key_handle: "0x00000074" regkey: "HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor" regkey_r: "Software\Microsoft\Command Processor" options: 0	Status SUCCESS
1602142840.83	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DisableUNCCheck" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DisableUNCCheck"	Return Value 2 Status FAILURE
1602142840.83	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "EnableExtensions" reg_type: 4 value: 1 regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\EnableExtensions"	Status SUCCESS
1602142840.83	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DelayedExpansion" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DelayedExpansion"	Return Value 2 Status FAILURE

Showing 1 to 10 of 327 entries

cscript.exe 2396 3648

cmd.exe 3460 3276

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	API	Arguments	Result
1602142841.28	GetSystemTimeAsFileTime		Status SUCCESS
1602142841.28	SetUnhandledExceptionFilter		Status FAILURE
1602142841.28	NtOpenThread	access: "0x001fffff" thread_name: "" thread_handle: "0x0000006c" process_identifier: 0	Status SUCCESS
1602142841.28	LdrGetDllHandle	module_name: "KERNEL32.DLL" stack_pivoted: 0 module_address: "0x7dd60000"	Status SUCCESS
1602142841.29	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd8a84f" module_address: "0x7dd60000" module: "kernel32" function_name: "SetThreadUILanguage"	Status SUCCESS
1602142841.29	RegOpenKeyExW	access: "0x00020019" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System" regkey_r: "Software\Policies\Microsoft\Windows\System" options: 0	Return Value 2 Status FAILURE
1602142841.29	RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000002" key_handle: "0x00000074" regkey: "HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor" regkey_r: "Software\Microsoft\Command Processor" options: 0	Status SUCCESS
1602142841.29	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DisableUNCCheck" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DisableUNCCheck"	Return Value 2 Status FAILURE
1602142841.29	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "EnableExtensions" reg_type: 4 value: 1 regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\EnableExtensions"	Status SUCCESS
1602142841.29	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DelayedExpansion" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DelayedExpansion"	Return Value 2 Status FAILURE

Showing 1 to 10 of 74 entries

reg.exe 2228 3276

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142841.4		GetSystemTimeAsFileTime		Status SUCCESS
1602142841.4		SetUnhandledExceptionFilter		Status FAILURE
1602142841.4		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142841.4	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142841.4		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142841.4		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142841.4		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142841.4		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 2228 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x00830000"	Status SUCCESS
1602142841.4	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142841.4		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

reg.exe 3876 3276

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142841.47		GetSystemTimeAsFileTime		Status SUCCESS
1602142841.47		SetUnhandledExceptionFilter		Status FAILURE
1602142841.47		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142841.47	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142841.47		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142841.47		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142841.47		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142841.47		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 3876 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x00790000"	Status SUCCESS
1602142841.47	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142841.47		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

d79e4c4ceb3abc8a51a01eff14a51694d7c25f9306ee71a922a01fddb48a15fe.exe 1676 3460

cmd.exe 2224 3276

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	API	Arguments	Result
1602142841.56	GetSystemTimeAsFileTime		Status SUCCESS
1602142841.56	SetUnhandledExceptionFilter		Status FAILURE
1602142841.56	NtOpenThread	access: "0x001fffff" thread_name: "" thread_handle: "0x0000006c" process_identifier: 0	Status SUCCESS
1602142841.56	LdrGetDllHandle	module_name: "KERNEL32.DLL" stack_pivoted: 0 module_address: "0x7dd60000"	Status SUCCESS
1602142841.56	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd8a84f" module_address: "0x7dd60000" module: "kernel32" function_name: "SetThreadUILanguage"	Status SUCCESS
1602142841.56	RegOpenKeyExW	access: "0x00020019" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System" regkey_r: "Software\Policies\Microsoft\Windows\System" options: 0	Return Value 2 Status FAILURE
1602142841.56	RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000002" key_handle: "0x00000074" regkey: "HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor" regkey_r: "Software\Microsoft\Command Processor" options: 0	Status SUCCESS
1602142841.56	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DisableUNCCheck" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DisableUNCCheck"	Return Value 2 Status FAILURE
1602142841.56	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "EnableExtensions" reg_type: 4 value: 1 regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\EnableExtensions"	Status SUCCESS
1602142841.56	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DelayedExpansion" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DelayedExpansion"	Return Value 2 Status FAILURE

Showing 1 to 10 of 327 entries

reg.exe 2220 3276

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142841.62		GetSystemTimeAsFileTime		Status SUCCESS
1602142841.62		SetUnhandledExceptionFilter		Status FAILURE
1602142841.62		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142841.62	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142841.64		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142841.64		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142841.64		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142841.64		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 2220 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x007b0000"	Status SUCCESS
1602142841.64	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142841.64		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

cscript.exe 3668 2224

cmd.exe 2256 1676

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	API	Arguments	Result
1602142842.06	GetSystemTimeAsFileTime		Status SUCCESS
1602142842.06	SetUnhandledExceptionFilter		Status FAILURE
1602142842.06	NtOpenThread	access: "0x001fffff" thread_name: "" thread_handle: "0x0000006c" process_identifier: 0	Status SUCCESS
1602142842.06	LdrGetDllHandle	module_name: "KERNEL32.DLL" stack_pivoted: 0 module_address: "0x7dd60000"	Status SUCCESS
1602142842.06	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd8a84f" module_address: "0x7dd60000" module: "kernel32" function_name: "SetThreadUILanguage"	Status SUCCESS
1602142842.06	RegOpenKeyExW	access: "0x00020019" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System" regkey_r: "Software\Policies\Microsoft\Windows\System" options: 0	Return Value 2 Status FAILURE
1602142842.06	RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000002" key_handle: "0x00000074" regkey: "HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor" regkey_r: "Software\Microsoft\Command Processor" options: 0	Status SUCCESS
1602142842.06	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DisableUNCCheck" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DisableUNCCheck"	Return Value 2 Status FAILURE
1602142842.06	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "EnableExtensions" reg_type: 4 value: 1 regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\EnableExtensions"	Status SUCCESS
1602142842.06	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DelayedExpansion" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DelayedExpansion"	Return Value 2 Status FAILURE

Showing 1 to 10 of 74 entries

d79e4c4ceb3abc8a51a01eff14a51694d7c25f9306ee71a922a01fddb48a15fe.exe 2260 2256

reg.exe 3464 1676

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142842.32		GetSystemTimeAsFileTime		Status SUCCESS
1602142842.32		SetUnhandledExceptionFilter		Status FAILURE
1602142842.32		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142842.32	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142842.32		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142842.32		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142842.32		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142842.32		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 3464 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x008b0000"	Status SUCCESS
1602142842.32	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142842.32		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

reg.exe 1484 1676

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142842.39		GetSystemTimeAsFileTime		Status SUCCESS
1602142842.39		SetUnhandledExceptionFilter		Status FAILURE
1602142842.39		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142842.39	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142842.39		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142842.39		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142842.39		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142842.39		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 1484 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x00790000"	Status SUCCESS
1602142842.39	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142842.39		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

reg.exe 3192 1676

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142842.46		GetSystemTimeAsFileTime		Status SUCCESS
1602142842.46		SetUnhandledExceptionFilter		Status FAILURE
1602142842.46		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142842.46	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142842.46		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142842.46		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142842.46		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142842.46		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 3192 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x00790000"	Status SUCCESS
1602142842.46	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142842.46		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

cmd.exe 3096 1676

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	API	Arguments	Result
1602142842.42	GetSystemTimeAsFileTime		Status SUCCESS
1602142842.42	SetUnhandledExceptionFilter		Status FAILURE
1602142842.42	NtOpenThread	access: "0x001fffff" thread_name: "" thread_handle: "0x0000006c" process_identifier: 0	Status SUCCESS
1602142842.42	LdrGetDllHandle	module_name: "KERNEL32.DLL" stack_pivoted: 0 module_address: "0x7dd60000"	Status SUCCESS
1602142842.42	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd8a84f" module_address: "0x7dd60000" module: "kernel32" function_name: "SetThreadUILanguage"	Status SUCCESS
1602142842.42	RegOpenKeyExW	access: "0x00020019" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System" regkey_r: "Software\Policies\Microsoft\Windows\System" options: 0	Return Value 2 Status FAILURE
1602142842.42	RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000002" key_handle: "0x00000074" regkey: "HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor" regkey_r: "Software\Microsoft\Command Processor" options: 0	Status SUCCESS
1602142842.42	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DisableUNCCheck" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DisableUNCCheck"	Return Value 2 Status FAILURE
1602142842.42	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "EnableExtensions" reg_type: 4 value: 1 regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\EnableExtensions"	Status SUCCESS
1602142842.42	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DelayedExpansion" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DelayedExpansion"	Return Value 2 Status FAILURE

Showing 1 to 10 of 327 entries

cscript.exe 4192 3096

cmd.exe 4240 2260

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	API	Arguments	Result
1602142842.84	GetSystemTimeAsFileTime		Status SUCCESS
1602142842.84	SetUnhandledExceptionFilter		Status FAILURE
1602142842.84	NtOpenThread	access: "0x001fffff" thread_name: "" thread_handle: "0x0000006c" process_identifier: 0	Status SUCCESS
1602142842.84	LdrGetDllHandle	module_name: "KERNEL32.DLL" stack_pivoted: 0 module_address: "0x7dd60000"	Status SUCCESS
1602142842.84	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd8a84f" module_address: "0x7dd60000" module: "kernel32" function_name: "SetThreadUILanguage"	Status SUCCESS
1602142842.84	RegOpenKeyExW	access: "0x00020019" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System" regkey_r: "Software\Policies\Microsoft\Windows\System" options: 0	Return Value 2 Status FAILURE
1602142842.84	RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000002" key_handle: "0x00000074" regkey: "HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor" regkey_r: "Software\Microsoft\Command Processor" options: 0	Status SUCCESS
1602142842.84	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DisableUNCCheck" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DisableUNCCheck"	Return Value 2 Status FAILURE
1602142842.84	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "EnableExtensions" reg_type: 4 value: 1 regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\EnableExtensions"	Status SUCCESS
1602142842.84	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DelayedExpansion" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DelayedExpansion"	Return Value 2 Status FAILURE

Showing 1 to 10 of 74 entries

reg.exe 4308 2260

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142843.01		GetSystemTimeAsFileTime		Status SUCCESS
1602142843.01		SetUnhandledExceptionFilter		Status FAILURE
1602142843.01		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142843.01	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142843.01		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142843.01		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142843.01		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142843.01		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 4308 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x00790000"	Status SUCCESS
1602142843.01	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142843.01		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

d79e4c4ceb3abc8a51a01eff14a51694d7c25f9306ee71a922a01fddb48a15fe.exe 4380 4240

reg.exe 4440 2260

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142843.12		GetSystemTimeAsFileTime		Status SUCCESS
1602142843.12		SetUnhandledExceptionFilter		Status FAILURE
1602142843.12		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142843.12	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142843.12		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142843.12		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142843.12		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142843.12		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 4440 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x00790000"	Status SUCCESS
1602142843.12	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142843.12		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

cmd.exe 4496 2260

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	API	Arguments	Result
1602142843.2	GetSystemTimeAsFileTime		Status SUCCESS
1602142843.2	SetUnhandledExceptionFilter		Status FAILURE
1602142843.2	NtOpenThread	access: "0x001fffff" thread_name: "" thread_handle: "0x0000006c" process_identifier: 0	Status SUCCESS
1602142843.2	LdrGetDllHandle	module_name: "KERNEL32.DLL" stack_pivoted: 0 module_address: "0x7dd60000"	Status SUCCESS
1602142843.2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd8a84f" module_address: "0x7dd60000" module: "kernel32" function_name: "SetThreadUILanguage"	Status SUCCESS
1602142843.2	RegOpenKeyExW	access: "0x00020019" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System" regkey_r: "Software\Policies\Microsoft\Windows\System" options: 0	Return Value 2 Status FAILURE
1602142843.2	RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000002" key_handle: "0x00000074" regkey: "HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor" regkey_r: "Software\Microsoft\Command Processor" options: 0	Status SUCCESS
1602142843.2	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DisableUNCCheck" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DisableUNCCheck"	Return Value 2 Status FAILURE
1602142843.2	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "EnableExtensions" reg_type: 4 value: 1 regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\EnableExtensions"	Status SUCCESS
1602142843.2	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DelayedExpansion" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DelayedExpansion"	Return Value 2 Status FAILURE

Showing 1 to 10 of 327 entries

reg.exe 4348 2260

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142843.17		GetSystemTimeAsFileTime		Status SUCCESS
1602142843.17		SetUnhandledExceptionFilter		Status FAILURE
1602142843.17		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142843.17	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142843.17		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142843.17		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142843.17		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142843.17		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 4348 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x00880000"	Status SUCCESS
1602142843.17	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142843.17		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

cscript.exe 4592 4496

cmd.exe 4640 4380

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	API	Arguments	Result
1602142843.48	GetSystemTimeAsFileTime		Status SUCCESS
1602142843.48	SetUnhandledExceptionFilter		Status FAILURE
1602142843.48	NtOpenThread	access: "0x001fffff" thread_name: "" thread_handle: "0x0000006c" process_identifier: 0	Status SUCCESS
1602142843.48	LdrGetDllHandle	module_name: "KERNEL32.DLL" stack_pivoted: 0 module_address: "0x7dd60000"	Status SUCCESS
1602142843.48	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd8a84f" module_address: "0x7dd60000" module: "kernel32" function_name: "SetThreadUILanguage"	Status SUCCESS
1602142843.48	RegOpenKeyExW	access: "0x00020019" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System" regkey_r: "Software\Policies\Microsoft\Windows\System" options: 0	Return Value 2 Status FAILURE
1602142843.48	RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000002" key_handle: "0x00000074" regkey: "HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor" regkey_r: "Software\Microsoft\Command Processor" options: 0	Status SUCCESS
1602142843.48	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DisableUNCCheck" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DisableUNCCheck"	Return Value 2 Status FAILURE
1602142843.48	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "EnableExtensions" reg_type: 4 value: 1 regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\EnableExtensions"	Status SUCCESS
1602142843.48	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DelayedExpansion" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DelayedExpansion"	Return Value 2 Status FAILURE

Showing 1 to 10 of 74 entries

reg.exe 4700 4380

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142843.81		GetSystemTimeAsFileTime		Status SUCCESS
1602142843.81		SetUnhandledExceptionFilter		Status FAILURE
1602142843.81		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142843.81	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142843.81		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142843.81		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142843.81		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142843.81		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 4700 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x00810000"	Status SUCCESS
1602142843.81	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142843.81		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

d79e4c4ceb3abc8a51a01eff14a51694d7c25f9306ee71a922a01fddb48a15fe.exe 4752 4640

reg.exe 4788 4380

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142843.77		GetSystemTimeAsFileTime		Status SUCCESS
1602142843.77		SetUnhandledExceptionFilter		Status FAILURE
1602142843.77		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142843.77	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142843.77		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142843.77		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142843.77		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142843.77		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 4788 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x00870000"	Status SUCCESS
1602142843.77	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142843.79		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

reg.exe 4848 4380

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142843.88		GetSystemTimeAsFileTime		Status SUCCESS
1602142843.88		SetUnhandledExceptionFilter		Status FAILURE
1602142843.88		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142843.88	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142843.88		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142843.88		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142843.88		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142843.88		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 4848 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x00790000"	Status SUCCESS
1602142843.88	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142843.88		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

cmd.exe 4904 4380

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	API	Arguments	Result
1602142843.91	GetSystemTimeAsFileTime		Status SUCCESS
1602142843.91	SetUnhandledExceptionFilter		Status FAILURE
1602142843.91	NtOpenThread	access: "0x001fffff" thread_name: "" thread_handle: "0x0000006c" process_identifier: 0	Status SUCCESS
1602142843.91	LdrGetDllHandle	module_name: "KERNEL32.DLL" stack_pivoted: 0 module_address: "0x7dd60000"	Status SUCCESS
1602142843.91	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd8a84f" module_address: "0x7dd60000" module: "kernel32" function_name: "SetThreadUILanguage"	Status SUCCESS
1602142843.91	RegOpenKeyExW	access: "0x00020019" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System" regkey_r: "Software\Policies\Microsoft\Windows\System" options: 0	Return Value 2 Status FAILURE
1602142843.91	RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000002" key_handle: "0x00000074" regkey: "HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor" regkey_r: "Software\Microsoft\Command Processor" options: 0	Status SUCCESS
1602142843.91	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DisableUNCCheck" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DisableUNCCheck"	Return Value 2 Status FAILURE
1602142843.91	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "EnableExtensions" reg_type: 4 value: 1 regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\EnableExtensions"	Status SUCCESS
1602142843.91	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DelayedExpansion" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DelayedExpansion"	Return Value 2 Status FAILURE

Showing 1 to 10 of 327 entries

cscript.exe 5000 4904

cmd.exe 5020 4752

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	API	Arguments	Result
1602142844.27	GetSystemTimeAsFileTime		Status SUCCESS
1602142844.27	SetUnhandledExceptionFilter		Status FAILURE
1602142844.27	NtOpenThread	access: "0x001fffff" thread_name: "" thread_handle: "0x0000006c" process_identifier: 0	Status SUCCESS
1602142844.27	LdrGetDllHandle	module_name: "KERNEL32.DLL" stack_pivoted: 0 module_address: "0x7dd60000"	Status SUCCESS
1602142844.27	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd8a84f" module_address: "0x7dd60000" module: "kernel32" function_name: "SetThreadUILanguage"	Status SUCCESS
1602142844.27	RegOpenKeyExW	access: "0x00020019" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System" regkey_r: "Software\Policies\Microsoft\Windows\System" options: 0	Return Value 2 Status FAILURE
1602142844.27	RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000002" key_handle: "0x00000074" regkey: "HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor" regkey_r: "Software\Microsoft\Command Processor" options: 0	Status SUCCESS
1602142844.27	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DisableUNCCheck" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DisableUNCCheck"	Return Value 2 Status FAILURE
1602142844.27	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "EnableExtensions" reg_type: 4 value: 1 regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\EnableExtensions"	Status SUCCESS
1602142844.27	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DelayedExpansion" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DelayedExpansion"	Return Value 2 Status FAILURE

Showing 1 to 10 of 74 entries

reg.exe 5092 4752

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142844.46		GetSystemTimeAsFileTime		Status SUCCESS
1602142844.46		SetUnhandledExceptionFilter		Status FAILURE
1602142844.46		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142844.46	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142844.46		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142844.46		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142844.46		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142844.46		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 5092 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x00790000"	Status SUCCESS
1602142844.46	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142844.46		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

d79e4c4ceb3abc8a51a01eff14a51694d7c25f9306ee71a922a01fddb48a15fe.exe 3756 5020

reg.exe 4104 4752

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142845.05		GetSystemTimeAsFileTime		Status SUCCESS
1602142845.05		SetUnhandledExceptionFilter		Status FAILURE
1602142845.05		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142845.05	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142845.05		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142845.05		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142845.05		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142845.05		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 4104 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x00830000"	Status SUCCESS
1602142845.05	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142845.05		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

reg.exe 2188 4752

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142845.29		GetSystemTimeAsFileTime		Status SUCCESS
1602142845.29		SetUnhandledExceptionFilter		Status FAILURE
1602142845.29		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142845.29	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142845.29		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142845.29		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142845.29		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142845.29		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 2188 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x00840000"	Status SUCCESS
1602142845.29	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142845.29		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

cmd.exe 4100 4752

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	API	Arguments	Result
1602142845.46	GetSystemTimeAsFileTime		Status SUCCESS
1602142845.46	SetUnhandledExceptionFilter		Status FAILURE
1602142845.46	NtOpenThread	access: "0x001fffff" thread_name: "" thread_handle: "0x0000006c" process_identifier: 0	Status SUCCESS
1602142845.46	LdrGetDllHandle	module_name: "KERNEL32.DLL" stack_pivoted: 0 module_address: "0x7dd60000"	Status SUCCESS
1602142845.46	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd8a84f" module_address: "0x7dd60000" module: "kernel32" function_name: "SetThreadUILanguage"	Status SUCCESS
1602142845.46	RegOpenKeyExW	access: "0x00020019" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System" regkey_r: "Software\Policies\Microsoft\Windows\System" options: 0	Return Value 2 Status FAILURE
1602142845.46	RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000002" key_handle: "0x00000074" regkey: "HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor" regkey_r: "Software\Microsoft\Command Processor" options: 0	Status SUCCESS
1602142845.46	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DisableUNCCheck" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DisableUNCCheck"	Return Value 2 Status FAILURE
1602142845.46	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "EnableExtensions" reg_type: 4 value: 1 regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\EnableExtensions"	Status SUCCESS
1602142845.46	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DelayedExpansion" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DelayedExpansion"	Return Value 2 Status FAILURE

Showing 1 to 10 of 327 entries

DUckIoEY.exe 4268 2636

cmd.exe 4392 3756

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	API	Arguments	Result
1602142845.52	GetSystemTimeAsFileTime		Status SUCCESS
1602142845.52	SetUnhandledExceptionFilter		Status FAILURE
1602142845.52	NtOpenThread	access: "0x001fffff" thread_name: "" thread_handle: "0x0000006c" process_identifier: 0	Status SUCCESS
1602142845.52	LdrGetDllHandle	module_name: "KERNEL32.DLL" stack_pivoted: 0 module_address: "0x7dd60000"	Status SUCCESS
1602142845.52	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd8a84f" module_address: "0x7dd60000" module: "kernel32" function_name: "SetThreadUILanguage"	Status SUCCESS
1602142845.52	RegOpenKeyExW	access: "0x00020019" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System" regkey_r: "Software\Policies\Microsoft\Windows\System" options: 0	Return Value 2 Status FAILURE
1602142845.52	RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000002" key_handle: "0x00000074" regkey: "HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor" regkey_r: "Software\Microsoft\Command Processor" options: 0	Status SUCCESS
1602142845.52	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DisableUNCCheck" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DisableUNCCheck"	Return Value 2 Status FAILURE
1602142845.52	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "EnableExtensions" reg_type: 4 value: 1 regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\EnableExtensions"	Status SUCCESS
1602142845.52	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DelayedExpansion" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DelayedExpansion"	Return Value 2 Status FAILURE

Showing 1 to 10 of 74 entries

reg.exe 4472 3756

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142845.74		GetSystemTimeAsFileTime		Status SUCCESS
1602142845.74		SetUnhandledExceptionFilter		Status FAILURE
1602142845.74		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142845.74	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142845.76		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142845.76		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142845.76		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142845.76		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 4472 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x00810000"	Status SUCCESS
1602142845.77	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142845.77		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

cscript.exe 4444 4100

d79e4c4ceb3abc8a51a01eff14a51694d7c25f9306ee71a922a01fddb48a15fe.exe 4352 4392

reg.exe 4560 3756

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142846.11		GetSystemTimeAsFileTime		Status SUCCESS
1602142846.11		SetUnhandledExceptionFilter		Status FAILURE
1602142846.11		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142846.11	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142846.13		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142846.13		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142846.13		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142846.13		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 4560 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x00790000"	Status SUCCESS
1602142846.13	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142846.15		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

reg.exe 4708 3756

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142846.08		GetSystemTimeAsFileTime		Status SUCCESS
1602142846.08		SetUnhandledExceptionFilter		Status FAILURE
1602142846.08		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142846.08	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142846.08		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142846.08		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142846.08		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142846.08		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 4708 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x00910000"	Status SUCCESS
1602142846.08	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142846.08		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

cmd.exe 4732 3756

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	API	Arguments	Result
1602142846.24	GetSystemTimeAsFileTime		Status SUCCESS
1602142846.24	SetUnhandledExceptionFilter		Status FAILURE
1602142846.24	NtOpenThread	access: "0x001fffff" thread_name: "" thread_handle: "0x0000006c" process_identifier: 0	Status SUCCESS
1602142846.24	LdrGetDllHandle	module_name: "KERNEL32.DLL" stack_pivoted: 0 module_address: "0x7dd60000"	Status SUCCESS
1602142846.24	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd8a84f" module_address: "0x7dd60000" module: "kernel32" function_name: "SetThreadUILanguage"	Status SUCCESS
1602142846.24	RegOpenKeyExW	access: "0x00020019" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System" regkey_r: "Software\Policies\Microsoft\Windows\System" options: 0	Return Value 2 Status FAILURE
1602142846.25	RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000002" key_handle: "0x00000074" regkey: "HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor" regkey_r: "Software\Microsoft\Command Processor" options: 0	Status SUCCESS
1602142846.25	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DisableUNCCheck" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DisableUNCCheck"	Return Value 2 Status FAILURE
1602142846.25	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "EnableExtensions" reg_type: 4 value: 1 regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\EnableExtensions"	Status SUCCESS
1602142846.25	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DelayedExpansion" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DelayedExpansion"	Return Value 2 Status FAILURE

Showing 1 to 10 of 327 entries

cscript.exe 4952 4732

cmd.exe 4892 4352

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	API	Arguments	Result
1602142846.61	GetSystemTimeAsFileTime		Status SUCCESS
1602142846.63	SetUnhandledExceptionFilter		Status FAILURE
1602142846.63	NtOpenThread	access: "0x001fffff" thread_name: "" thread_handle: "0x0000006c" process_identifier: 0	Status SUCCESS
1602142846.63	LdrGetDllHandle	module_name: "KERNEL32.DLL" stack_pivoted: 0 module_address: "0x7dd60000"	Status SUCCESS
1602142846.63	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd8a84f" module_address: "0x7dd60000" module: "kernel32" function_name: "SetThreadUILanguage"	Status SUCCESS
1602142846.63	RegOpenKeyExW	access: "0x00020019" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System" regkey_r: "Software\Policies\Microsoft\Windows\System" options: 0	Return Value 2 Status FAILURE
1602142846.63	RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000002" key_handle: "0x00000074" regkey: "HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor" regkey_r: "Software\Microsoft\Command Processor" options: 0	Status SUCCESS
1602142846.63	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DisableUNCCheck" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DisableUNCCheck"	Return Value 2 Status FAILURE
1602142846.63	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "EnableExtensions" reg_type: 4 value: 1 regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\EnableExtensions"	Status SUCCESS
1602142846.63	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DelayedExpansion" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DelayedExpansion"	Return Value 2 Status FAILURE

Showing 1 to 10 of 74 entries

reg.exe 4924 4352

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142846.88		GetSystemTimeAsFileTime		Status SUCCESS
1602142846.88		SetUnhandledExceptionFilter		Status FAILURE
1602142846.88		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142846.88	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142846.88		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142846.88		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142846.88		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142846.88		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 4924 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x00790000"	Status SUCCESS
1602142846.88	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142846.88		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

reg.exe 5064 4352

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142848.75		GetSystemTimeAsFileTime		Status SUCCESS
1602142848.75		SetUnhandledExceptionFilter		Status FAILURE
1602142848.75		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142848.75	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142848.75		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142848.75		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142848.75		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142848.75		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 5064 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x00790000"	Status SUCCESS
1602142848.75	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142848.75		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

d79e4c4ceb3abc8a51a01eff14a51694d7c25f9306ee71a922a01fddb48a15fe.exe 1820 4892

reg.exe 3900 4352

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142849.12		GetSystemTimeAsFileTime		Status SUCCESS
1602142849.12		SetUnhandledExceptionFilter		Status FAILURE
1602142849.12		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142849.12	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142849.12		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142849.12		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142849.12		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142849.12		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 3900 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x008f0000"	Status SUCCESS
1602142849.12	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142849.14		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

cmd.exe 4216 4352

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	API	Arguments	Result
1602142849.19	GetSystemTimeAsFileTime		Status SUCCESS
1602142849.19	SetUnhandledExceptionFilter		Status FAILURE
1602142849.19	NtOpenThread	access: "0x001fffff" thread_name: "" thread_handle: "0x0000006c" process_identifier: 0	Status SUCCESS
1602142849.19	LdrGetDllHandle	module_name: "KERNEL32.DLL" stack_pivoted: 0 module_address: "0x7dd60000"	Status SUCCESS
1602142849.19	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd8a84f" module_address: "0x7dd60000" module: "kernel32" function_name: "SetThreadUILanguage"	Status SUCCESS
1602142849.19	RegOpenKeyExW	access: "0x00020019" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System" regkey_r: "Software\Policies\Microsoft\Windows\System" options: 0	Return Value 2 Status FAILURE
1602142849.19	RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000002" key_handle: "0x00000074" regkey: "HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor" regkey_r: "Software\Microsoft\Command Processor" options: 0	Status SUCCESS
1602142849.19	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DisableUNCCheck" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DisableUNCCheck"	Return Value 2 Status FAILURE
1602142849.19	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "EnableExtensions" reg_type: 4 value: 1 regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\EnableExtensions"	Status SUCCESS
1602142849.19	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DelayedExpansion" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DelayedExpansion"	Return Value 2 Status FAILURE

Showing 1 to 10 of 323 entries

cscript.exe 4356 4216

cmd.exe 4504 1820

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	API	Arguments	Result
1602142849.64	GetSystemTimeAsFileTime		Status SUCCESS
1602142849.64	SetUnhandledExceptionFilter		Status FAILURE
1602142849.64	NtOpenThread	access: "0x001fffff" thread_name: "" thread_handle: "0x0000006c" process_identifier: 0	Status SUCCESS
1602142849.64	LdrGetDllHandle	module_name: "KERNEL32.DLL" stack_pivoted: 0 module_address: "0x7dd60000"	Status SUCCESS
1602142849.64	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd8a84f" module_address: "0x7dd60000" module: "kernel32" function_name: "SetThreadUILanguage"	Status SUCCESS
1602142849.64	RegOpenKeyExW	access: "0x00020019" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System" regkey_r: "Software\Policies\Microsoft\Windows\System" options: 0	Return Value 2 Status FAILURE
1602142849.64	RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000002" key_handle: "0x00000074" regkey: "HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor" regkey_r: "Software\Microsoft\Command Processor" options: 0	Status SUCCESS
1602142849.64	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DisableUNCCheck" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DisableUNCCheck"	Return Value 2 Status FAILURE
1602142849.64	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "EnableExtensions" reg_type: 4 value: 1 regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\EnableExtensions"	Status SUCCESS
1602142849.64	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DelayedExpansion" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DelayedExpansion"	Return Value 2 Status FAILURE

Showing 1 to 10 of 74 entries

reg.exe 4604 1820

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142849.97		GetSystemTimeAsFileTime		Status SUCCESS
1602142849.97		SetUnhandledExceptionFilter		Status FAILURE
1602142849.97		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142849.97	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142849.97		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142849.97		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142849.97		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142849.97		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 4604 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x00800000"	Status SUCCESS
1602142849.97	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142849.97		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

d79e4c4ceb3abc8a51a01eff14a51694d7c25f9306ee71a922a01fddb48a15fe.exe 4796 4504

reg.exe 4648 1820

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142850.14		GetSystemTimeAsFileTime		Status SUCCESS
1602142850.14		SetUnhandledExceptionFilter		Status FAILURE
1602142850.14		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142850.14	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142850.14		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142850.14		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142850.14		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142850.14		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 4648 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x008d0000"	Status SUCCESS
1602142850.14	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142850.14		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

reg.exe 4500 1820

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142850.31		GetSystemTimeAsFileTime		Status SUCCESS
1602142850.31		SetUnhandledExceptionFilter		Status FAILURE
1602142850.31		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142850.31	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142850.31		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142850.31		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142850.31		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142850.31		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 4500 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x007d0000"	Status SUCCESS
1602142850.31	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142850.31		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

cmd.exe 4916 1820

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	API	Arguments	Result
1602142852.29	GetSystemTimeAsFileTime		Status SUCCESS
1602142852.29	SetUnhandledExceptionFilter		Status FAILURE
1602142852.29	NtOpenThread	access: "0x001fffff" thread_name: "" thread_handle: "0x0000006c" process_identifier: 0	Status SUCCESS
1602142852.29	LdrGetDllHandle	module_name: "KERNEL32.DLL" stack_pivoted: 0 module_address: "0x7dd60000"	Status SUCCESS
1602142852.29	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd8a84f" module_address: "0x7dd60000" module: "kernel32" function_name: "SetThreadUILanguage"	Status SUCCESS
1602142852.29	RegOpenKeyExW	access: "0x00020019" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System" regkey_r: "Software\Policies\Microsoft\Windows\System" options: 0	Return Value 2 Status FAILURE
1602142852.29	RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000002" key_handle: "0x00000074" regkey: "HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor" regkey_r: "Software\Microsoft\Command Processor" options: 0	Status SUCCESS
1602142852.29	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DisableUNCCheck" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DisableUNCCheck"	Return Value 2 Status FAILURE
1602142852.29	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "EnableExtensions" reg_type: 4 value: 1 regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\EnableExtensions"	Status SUCCESS
1602142852.29	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DelayedExpansion" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DelayedExpansion"	Return Value 2 Status FAILURE

Showing 1 to 10 of 328 entries

cmd.exe 4244 4796

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	API	Arguments	Result
1602142854.05	GetSystemTimeAsFileTime		Status SUCCESS
1602142854.05	SetUnhandledExceptionFilter		Status FAILURE
1602142854.05	NtOpenThread	access: "0x001fffff" thread_name: "" thread_handle: "0x0000006c" process_identifier: 0	Status SUCCESS
1602142854.05	LdrGetDllHandle	module_name: "KERNEL32.DLL" stack_pivoted: 0 module_address: "0x7dd60000"	Status SUCCESS
1602142854.05	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd8a84f" module_address: "0x7dd60000" module: "kernel32" function_name: "SetThreadUILanguage"	Status SUCCESS
1602142854.05	RegOpenKeyExW	access: "0x00020019" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System" regkey_r: "Software\Policies\Microsoft\Windows\System" options: 0	Return Value 2 Status FAILURE
1602142854.05	RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000002" key_handle: "0x00000074" regkey: "HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor" regkey_r: "Software\Microsoft\Command Processor" options: 0	Status SUCCESS
1602142854.05	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DisableUNCCheck" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DisableUNCCheck"	Return Value 2 Status FAILURE
1602142854.05	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "EnableExtensions" reg_type: 4 value: 1 regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\EnableExtensions"	Status SUCCESS
1602142854.05	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DelayedExpansion" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DelayedExpansion"	Return Value 2 Status FAILURE

Showing 1 to 10 of 74 entries

cscript.exe 5032 4916

reg.exe 5080 4796

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142854.24		GetSystemTimeAsFileTime		Status SUCCESS
1602142854.24		SetUnhandledExceptionFilter		Status FAILURE
1602142854.24		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142854.24	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142854.24		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142854.26		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142854.26		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142854.26		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 5080 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x008e0000"	Status SUCCESS
1602142854.26	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142854.26		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

d79e4c4ceb3abc8a51a01eff14a51694d7c25f9306ee71a922a01fddb48a15fe.exe 4696 4244

reg.exe 3324 4796

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142854.58		GetSystemTimeAsFileTime		Status SUCCESS
1602142854.58		SetUnhandledExceptionFilter		Status FAILURE
1602142854.58		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142854.58	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142854.58		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142854.58		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142854.58		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142854.58		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 3324 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x00800000"	Status SUCCESS
1602142854.58	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142854.58		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

reg.exe 4208 4796

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142855.12		GetSystemTimeAsFileTime		Status SUCCESS
1602142855.12		SetUnhandledExceptionFilter		Status FAILURE
1602142855.12		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142855.12	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142855.12		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142855.12		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142855.12		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142855.12		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 4208 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x00990000"	Status SUCCESS
1602142855.12	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142855.12		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

cmd.exe 4528 4796

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	API	Arguments	Result
1602142855.32	GetSystemTimeAsFileTime		Status SUCCESS
1602142855.32	SetUnhandledExceptionFilter		Status FAILURE
1602142855.32	NtOpenThread	access: "0x001fffff" thread_name: "" thread_handle: "0x0000006c" process_identifier: 0	Status SUCCESS
1602142855.32	LdrGetDllHandle	module_name: "KERNEL32.DLL" stack_pivoted: 0 module_address: "0x7dd60000"	Status SUCCESS
1602142855.32	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd8a84f" module_address: "0x7dd60000" module: "kernel32" function_name: "SetThreadUILanguage"	Status SUCCESS
1602142855.32	RegOpenKeyExW	access: "0x00020019" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System" regkey_r: "Software\Policies\Microsoft\Windows\System" options: 0	Return Value 2 Status FAILURE
1602142855.32	RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000002" key_handle: "0x00000074" regkey: "HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor" regkey_r: "Software\Microsoft\Command Processor" options: 0	Status SUCCESS
1602142855.32	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DisableUNCCheck" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DisableUNCCheck"	Return Value 2 Status FAILURE
1602142855.32	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "EnableExtensions" reg_type: 4 value: 1 regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\EnableExtensions"	Status SUCCESS
1602142855.32	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DelayedExpansion" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DelayedExpansion"	Return Value 2 Status FAILURE

Showing 1 to 10 of 327 entries

cscript.exe 4260 4528

cmd.exe 4424 4696

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	API	Arguments	Result
1602142859.11	GetSystemTimeAsFileTime		Status SUCCESS
1602142859.11	SetUnhandledExceptionFilter		Status FAILURE
1602142859.11	NtOpenThread	access: "0x001fffff" thread_name: "" thread_handle: "0x0000006c" process_identifier: 0	Status SUCCESS
1602142859.11	LdrGetDllHandle	module_name: "KERNEL32.DLL" stack_pivoted: 0 module_address: "0x7dd60000"	Status SUCCESS
1602142859.11	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd8a84f" module_address: "0x7dd60000" module: "kernel32" function_name: "SetThreadUILanguage"	Status SUCCESS
1602142859.14	RegOpenKeyExW	access: "0x00020019" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System" regkey_r: "Software\Policies\Microsoft\Windows\System" options: 0	Return Value 2 Status FAILURE
1602142859.34	RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000002" key_handle: "0x00000074" regkey: "HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor" regkey_r: "Software\Microsoft\Command Processor" options: 0	Status SUCCESS
1602142859.34	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DisableUNCCheck" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DisableUNCCheck"	Return Value 2 Status FAILURE
1602142859.34	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "EnableExtensions" reg_type: 4 value: 1 regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\EnableExtensions"	Status SUCCESS
1602142859.34	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DelayedExpansion" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DelayedExpansion"	Return Value 2 Status FAILURE

Showing 1 to 10 of 74 entries

reg.exe 4660 4696

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142859.67		GetSystemTimeAsFileTime		Status SUCCESS
1602142859.67		SetUnhandledExceptionFilter		Status FAILURE
1602142859.67		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142859.67	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142859.67		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142859.67		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142859.67		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142859.67		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 4660 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x007e0000"	Status SUCCESS
1602142859.67	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142859.67		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

d79e4c4ceb3abc8a51a01eff14a51694d7c25f9306ee71a922a01fddb48a15fe.exe 5084 4424

reg.exe 4748 4696

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142859.8		GetSystemTimeAsFileTime		Status SUCCESS
1602142859.8		SetUnhandledExceptionFilter		Status FAILURE
1602142859.8		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142859.8	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142859.8		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142859.8		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142859.8		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142859.8		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 4748 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x00880000"	Status SUCCESS
1602142859.8	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142859.8		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

reg.exe 4652 4696

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142859.87		GetSystemTimeAsFileTime		Status SUCCESS
1602142859.87		SetUnhandledExceptionFilter		Status FAILURE
1602142859.87		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142859.87	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142859.87		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142859.87		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142859.87		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142859.87		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 4652 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x00830000"	Status SUCCESS
1602142859.87	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142859.87		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

cmd.exe 5108 4696

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	API	Arguments	Result
1602142859.98	GetSystemTimeAsFileTime		Status SUCCESS
1602142859.98	SetUnhandledExceptionFilter		Status FAILURE
1602142859.98	NtOpenThread	access: "0x001fffff" thread_name: "" thread_handle: "0x0000006c" process_identifier: 0	Status SUCCESS
1602142859.98	LdrGetDllHandle	module_name: "KERNEL32.DLL" stack_pivoted: 0 module_address: "0x7dd60000"	Status SUCCESS
1602142859.98	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd8a84f" module_address: "0x7dd60000" module: "kernel32" function_name: "SetThreadUILanguage"	Status SUCCESS
1602142859.98	RegOpenKeyExW	access: "0x00020019" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System" regkey_r: "Software\Policies\Microsoft\Windows\System" options: 0	Return Value 2 Status FAILURE
1602142859.98	RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000002" key_handle: "0x00000074" regkey: "HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor" regkey_r: "Software\Microsoft\Command Processor" options: 0	Status SUCCESS
1602142859.98	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DisableUNCCheck" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DisableUNCCheck"	Return Value 2 Status FAILURE
1602142859.98	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "EnableExtensions" reg_type: 4 value: 1 regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\EnableExtensions"	Status SUCCESS
1602142859.98	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DelayedExpansion" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DelayedExpansion"	Return Value 2 Status FAILURE

Showing 1 to 10 of 327 entries

cscript.exe 4168 5108

cmd.exe 4252 5084

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	API	Arguments	Result
1602142860.34	GetSystemTimeAsFileTime		Status SUCCESS
1602142860.36	SetUnhandledExceptionFilter		Status FAILURE
1602142860.36	NtOpenThread	access: "0x001fffff" thread_name: "" thread_handle: "0x0000006c" process_identifier: 0	Status SUCCESS
1602142860.36	LdrGetDllHandle	module_name: "KERNEL32.DLL" stack_pivoted: 0 module_address: "0x7dd60000"	Status SUCCESS
1602142860.36	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd8a84f" module_address: "0x7dd60000" module: "kernel32" function_name: "SetThreadUILanguage"	Status SUCCESS
1602142860.36	RegOpenKeyExW	access: "0x00020019" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System" regkey_r: "Software\Policies\Microsoft\Windows\System" options: 0	Return Value 2 Status FAILURE
1602142860.36	RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000002" key_handle: "0x00000074" regkey: "HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor" regkey_r: "Software\Microsoft\Command Processor" options: 0	Status SUCCESS
1602142860.36	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DisableUNCCheck" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DisableUNCCheck"	Return Value 2 Status FAILURE
1602142860.36	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "EnableExtensions" reg_type: 4 value: 1 regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\EnableExtensions"	Status SUCCESS
1602142860.36	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DelayedExpansion" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DelayedExpansion"	Return Value 2 Status FAILURE

Showing 1 to 10 of 74 entries

d79e4c4ceb3abc8a51a01eff14a51694d7c25f9306ee71a922a01fddb48a15fe.exe 4820 4252

reg.exe 4780 5084

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142860.73		GetSystemTimeAsFileTime		Status SUCCESS
1602142860.73		SetUnhandledExceptionFilter		Status FAILURE
1602142860.73		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142860.73	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142860.73		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142860.73		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142860.73		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142860.73		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 4780 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x00830000"	Status SUCCESS
1602142860.73	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142860.73		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

reg.exe 4396 5084

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142860.81		GetSystemTimeAsFileTime		Status SUCCESS
1602142860.81		SetUnhandledExceptionFilter		Status FAILURE
1602142860.81		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142860.81	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142860.81		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142860.81		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142860.81		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142860.81		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 4396 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x00840000"	Status SUCCESS
1602142860.81	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142860.81		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

reg.exe 4772 5084

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142861.14		GetSystemTimeAsFileTime		Status SUCCESS
1602142861.14		SetUnhandledExceptionFilter		Status FAILURE
1602142861.14		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142861.15	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142861.15		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142861.15		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142861.15		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142861.15		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 4772 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x00790000"	Status SUCCESS
1602142861.15	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142861.15		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

cmd.exe 4672 5084

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	API	Arguments	Result
1602142861.2	GetSystemTimeAsFileTime		Status SUCCESS
1602142861.2	SetUnhandledExceptionFilter		Status FAILURE
1602142861.2	NtOpenThread	access: "0x001fffff" thread_name: "" thread_handle: "0x0000006c" process_identifier: 0	Status SUCCESS
1602142861.2	LdrGetDllHandle	module_name: "KERNEL32.DLL" stack_pivoted: 0 module_address: "0x7dd60000"	Status SUCCESS
1602142861.2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd8a84f" module_address: "0x7dd60000" module: "kernel32" function_name: "SetThreadUILanguage"	Status SUCCESS
1602142861.2	RegOpenKeyExW	access: "0x00020019" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System" regkey_r: "Software\Policies\Microsoft\Windows\System" options: 0	Return Value 2 Status FAILURE
1602142861.2	RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000002" key_handle: "0x00000074" regkey: "HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor" regkey_r: "Software\Microsoft\Command Processor" options: 0	Status SUCCESS
1602142861.2	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DisableUNCCheck" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DisableUNCCheck"	Return Value 2 Status FAILURE
1602142861.2	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "EnableExtensions" reg_type: 4 value: 1 regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\EnableExtensions"	Status SUCCESS
1602142861.2	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DelayedExpansion" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DelayedExpansion"	Return Value 2 Status FAILURE

Showing 1 to 10 of 327 entries

cmd.exe 5096 4820

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	API	Arguments	Result
1602142861.26	GetSystemTimeAsFileTime		Status SUCCESS
1602142861.28	SetUnhandledExceptionFilter		Status FAILURE
1602142861.28	NtOpenThread	access: "0x001fffff" thread_name: "" thread_handle: "0x0000006c" process_identifier: 0	Status SUCCESS
1602142861.28	LdrGetDllHandle	module_name: "KERNEL32.DLL" stack_pivoted: 0 module_address: "0x7dd60000"	Status SUCCESS
1602142861.28	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd8a84f" module_address: "0x7dd60000" module: "kernel32" function_name: "SetThreadUILanguage"	Status SUCCESS
1602142861.28	RegOpenKeyExW	access: "0x00020019" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System" regkey_r: "Software\Policies\Microsoft\Windows\System" options: 0	Return Value 2 Status FAILURE
1602142861.28	RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000002" key_handle: "0x00000074" regkey: "HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor" regkey_r: "Software\Microsoft\Command Processor" options: 0	Status SUCCESS
1602142861.28	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DisableUNCCheck" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DisableUNCCheck"	Return Value 2 Status FAILURE
1602142861.28	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "EnableExtensions" reg_type: 4 value: 1 regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\EnableExtensions"	Status SUCCESS
1602142861.28	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DelayedExpansion" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DelayedExpansion"	Return Value 2 Status FAILURE

Showing 1 to 10 of 74 entries

cscript.exe 4896 4672

d79e4c4ceb3abc8a51a01eff14a51694d7c25f9306ee71a922a01fddb48a15fe.exe 4136 5096

reg.exe 4556 4820

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142861.85		GetSystemTimeAsFileTime		Status SUCCESS
1602142861.85		SetUnhandledExceptionFilter		Status FAILURE
1602142861.85		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142861.85	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142861.85		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142861.85		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142861.85		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142861.85		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 4556 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x00790000"	Status SUCCESS
1602142861.85	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142861.85		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

reg.exe 756 4820

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142861.56		GetSystemTimeAsFileTime		Status SUCCESS
1602142861.56		SetUnhandledExceptionFilter		Status FAILURE
1602142861.56		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142861.56	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142861.56		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142861.56		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142861.56		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142861.56		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 756 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x00790000"	Status SUCCESS
1602142861.56	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142861.56		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

reg.exe 4988 4820

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142861.73		GetSystemTimeAsFileTime		Status SUCCESS
1602142861.73		SetUnhandledExceptionFilter		Status FAILURE
1602142861.73		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142861.73	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142861.73		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142861.73		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142861.73		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142861.73		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 4988 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x00820000"	Status SUCCESS
1602142861.73	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142861.73		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

cmd.exe 3672 4820

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	API	Arguments	Result
1602142861.95	GetSystemTimeAsFileTime		Status SUCCESS
1602142861.95	SetUnhandledExceptionFilter		Status FAILURE
1602142861.95	NtOpenThread	access: "0x001fffff" thread_name: "" thread_handle: "0x0000006c" process_identifier: 0	Status SUCCESS
1602142861.95	LdrGetDllHandle	module_name: "KERNEL32.DLL" stack_pivoted: 0 module_address: "0x7dd60000"	Status SUCCESS
1602142861.95	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd8a84f" module_address: "0x7dd60000" module: "kernel32" function_name: "SetThreadUILanguage"	Status SUCCESS
1602142861.95	RegOpenKeyExW	access: "0x00020019" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System" regkey_r: "Software\Policies\Microsoft\Windows\System" options: 0	Return Value 2 Status FAILURE
1602142861.95	RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000002" key_handle: "0x00000074" regkey: "HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor" regkey_r: "Software\Microsoft\Command Processor" options: 0	Status SUCCESS
1602142861.95	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DisableUNCCheck" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DisableUNCCheck"	Return Value 2 Status FAILURE
1602142861.95	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "EnableExtensions" reg_type: 4 value: 1 regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\EnableExtensions"	Status SUCCESS
1602142861.95	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DelayedExpansion" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DelayedExpansion"	Return Value 2 Status FAILURE

Showing 1 to 10 of 327 entries

cscript.exe 4956 3672

cmd.exe 5016 4136

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	API	Arguments	Result
1602142862.34	GetSystemTimeAsFileTime		Status SUCCESS
1602142862.34	SetUnhandledExceptionFilter		Status FAILURE
1602142862.34	NtOpenThread	access: "0x001fffff" thread_name: "" thread_handle: "0x0000006c" process_identifier: 0	Status SUCCESS
1602142862.34	LdrGetDllHandle	module_name: "KERNEL32.DLL" stack_pivoted: 0 module_address: "0x7dd60000"	Status SUCCESS
1602142862.34	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd8a84f" module_address: "0x7dd60000" module: "kernel32" function_name: "SetThreadUILanguage"	Status SUCCESS
1602142862.34	RegOpenKeyExW	access: "0x00020019" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System" regkey_r: "Software\Policies\Microsoft\Windows\System" options: 0	Return Value 2 Status FAILURE
1602142862.34	RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000002" key_handle: "0x00000074" regkey: "HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor" regkey_r: "Software\Microsoft\Command Processor" options: 0	Status SUCCESS
1602142862.34	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DisableUNCCheck" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DisableUNCCheck"	Return Value 2 Status FAILURE
1602142862.34	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "EnableExtensions" reg_type: 4 value: 1 regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\EnableExtensions"	Status SUCCESS
1602142862.34	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DelayedExpansion" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DelayedExpansion"	Return Value 2 Status FAILURE

Showing 1 to 10 of 74 entries

d79e4c4ceb3abc8a51a01eff14a51694d7c25f9306ee71a922a01fddb48a15fe.exe 2464 5016

reg.exe 5052 4136

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142862.73		GetSystemTimeAsFileTime		Status SUCCESS
1602142862.73		SetUnhandledExceptionFilter		Status FAILURE
1602142862.73		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142862.73	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142862.73		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142862.73		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142862.73		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142862.73		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 5052 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x00790000"	Status SUCCESS
1602142862.73	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142862.73		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

reg.exe 4328 4136

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142862.79		GetSystemTimeAsFileTime		Status SUCCESS
1602142862.79		SetUnhandledExceptionFilter		Status FAILURE
1602142862.79		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142862.79	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142862.79		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142862.79		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142862.79		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142862.79		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 4328 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x00790000"	Status SUCCESS
1602142862.79	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142862.79		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

reg.exe 5036 4136

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142862.96		GetSystemTimeAsFileTime		Status SUCCESS
1602142862.96		SetUnhandledExceptionFilter		Status FAILURE
1602142862.96		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142862.96	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142862.96		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142862.96		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142862.96		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142862.96		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 5036 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x007c0000"	Status SUCCESS
1602142862.96	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142862.96		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

cmd.exe 2668 4136

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	API	Arguments	Result
1602142862.87	GetSystemTimeAsFileTime		Status SUCCESS
1602142862.87	SetUnhandledExceptionFilter		Status FAILURE
1602142862.87	NtOpenThread	access: "0x001fffff" thread_name: "" thread_handle: "0x0000006c" process_identifier: 0	Status SUCCESS
1602142862.87	LdrGetDllHandle	module_name: "KERNEL32.DLL" stack_pivoted: 0 module_address: "0x7dd60000"	Status SUCCESS
1602142862.87	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd8a84f" module_address: "0x7dd60000" module: "kernel32" function_name: "SetThreadUILanguage"	Status SUCCESS
1602142862.87	RegOpenKeyExW	access: "0x00020019" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System" regkey_r: "Software\Policies\Microsoft\Windows\System" options: 0	Return Value 2 Status FAILURE
1602142862.87	RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000002" key_handle: "0x00000074" regkey: "HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor" regkey_r: "Software\Microsoft\Command Processor" options: 0	Status SUCCESS
1602142862.87	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DisableUNCCheck" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DisableUNCCheck"	Return Value 2 Status FAILURE
1602142862.87	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "EnableExtensions" reg_type: 4 value: 1 regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\EnableExtensions"	Status SUCCESS
1602142862.87	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DelayedExpansion" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DelayedExpansion"	Return Value 2 Status FAILURE

Showing 1 to 10 of 323 entries

cscript.exe 4128 2668

cmd.exe 4664 2464

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	API	Arguments	Result
1602142863.37	GetSystemTimeAsFileTime		Status SUCCESS
1602142863.37	SetUnhandledExceptionFilter		Status FAILURE
1602142863.37	NtOpenThread	access: "0x001fffff" thread_name: "" thread_handle: "0x0000006c" process_identifier: 0	Status SUCCESS
1602142863.37	LdrGetDllHandle	module_name: "KERNEL32.DLL" stack_pivoted: 0 module_address: "0x7dd60000"	Status SUCCESS
1602142863.37	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd8a84f" module_address: "0x7dd60000" module: "kernel32" function_name: "SetThreadUILanguage"	Status SUCCESS
1602142863.37	RegOpenKeyExW	access: "0x00020019" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System" regkey_r: "Software\Policies\Microsoft\Windows\System" options: 0	Return Value 2 Status FAILURE
1602142863.37	RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000002" key_handle: "0x00000074" regkey: "HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor" regkey_r: "Software\Microsoft\Command Processor" options: 0	Status SUCCESS
1602142863.37	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DisableUNCCheck" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DisableUNCCheck"	Return Value 2 Status FAILURE
1602142863.37	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "EnableExtensions" reg_type: 4 value: 1 regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\EnableExtensions"	Status SUCCESS
1602142863.37	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DelayedExpansion" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DelayedExpansion"	Return Value 2 Status FAILURE

Showing 1 to 10 of 74 entries

reg.exe 4408 2464

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142863.54		GetSystemTimeAsFileTime		Status SUCCESS
1602142863.54		SetUnhandledExceptionFilter		Status FAILURE
1602142863.54		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142863.54	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142863.54		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142863.54		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142863.54		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142863.54		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 4408 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x007b0000"	Status SUCCESS
1602142863.54	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142863.54		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

reg.exe 4148 2464

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142863.63		GetSystemTimeAsFileTime		Status SUCCESS
1602142863.63		SetUnhandledExceptionFilter		Status FAILURE
1602142863.63		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142863.63	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142863.63		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142863.65		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142863.65		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142863.65		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 4148 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x007d0000"	Status SUCCESS
1602142863.65	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142863.65		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

reg.exe 4644 2464

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142863.66		GetSystemTimeAsFileTime		Status SUCCESS
1602142863.66		SetUnhandledExceptionFilter		Status FAILURE
1602142863.66		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142863.66	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142863.66		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142863.66		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142863.66		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142863.66		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 4644 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x00790000"	Status SUCCESS
1602142863.66	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142863.66		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

cmd.exe 3404 2464

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	API	Arguments	Result
1602142863.7	GetSystemTimeAsFileTime		Status SUCCESS
1602142863.7	SetUnhandledExceptionFilter		Status FAILURE
1602142863.7	NtOpenThread	access: "0x001fffff" thread_name: "" thread_handle: "0x0000006c" process_identifier: 0	Status SUCCESS
1602142863.7	LdrGetDllHandle	module_name: "KERNEL32.DLL" stack_pivoted: 0 module_address: "0x7dd60000"	Status SUCCESS
1602142863.7	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd8a84f" module_address: "0x7dd60000" module: "kernel32" function_name: "SetThreadUILanguage"	Status SUCCESS
1602142863.7	RegOpenKeyExW	access: "0x00020019" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System" regkey_r: "Software\Policies\Microsoft\Windows\System" options: 0	Return Value 2 Status FAILURE
1602142863.7	RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000002" key_handle: "0x00000074" regkey: "HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor" regkey_r: "Software\Microsoft\Command Processor" options: 0	Status SUCCESS
1602142863.7	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DisableUNCCheck" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DisableUNCCheck"	Return Value 2 Status FAILURE
1602142863.7	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "EnableExtensions" reg_type: 4 value: 1 regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\EnableExtensions"	Status SUCCESS
1602142863.7	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DelayedExpansion" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DelayedExpansion"	Return Value 2 Status FAILURE

Showing 1 to 10 of 327 entries

d79e4c4ceb3abc8a51a01eff14a51694d7c25f9306ee71a922a01fddb48a15fe.exe 4404 4664

cscript.exe 4968 3404

cmd.exe 4856 4404

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	API	Arguments	Result
1602142864.3	GetSystemTimeAsFileTime		Status SUCCESS
1602142864.3	SetUnhandledExceptionFilter		Status FAILURE
1602142864.3	NtOpenThread	access: "0x001fffff" thread_name: "" thread_handle: "0x0000006c" process_identifier: 0	Status SUCCESS
1602142864.3	LdrGetDllHandle	module_name: "KERNEL32.DLL" stack_pivoted: 0 module_address: "0x7dd60000"	Status SUCCESS
1602142864.3	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd8a84f" module_address: "0x7dd60000" module: "kernel32" function_name: "SetThreadUILanguage"	Status SUCCESS
1602142864.3	RegOpenKeyExW	access: "0x00020019" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System" regkey_r: "Software\Policies\Microsoft\Windows\System" options: 0	Return Value 2 Status FAILURE
1602142864.3	RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000002" key_handle: "0x00000074" regkey: "HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor" regkey_r: "Software\Microsoft\Command Processor" options: 0	Status SUCCESS
1602142864.3	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DisableUNCCheck" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DisableUNCCheck"	Return Value 2 Status FAILURE
1602142864.3	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "EnableExtensions" reg_type: 4 value: 1 regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\EnableExtensions"	Status SUCCESS
1602142864.3	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DelayedExpansion" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DelayedExpansion"	Return Value 2 Status FAILURE

Showing 1 to 10 of 74 entries

reg.exe 4684 4404

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142864.41		GetSystemTimeAsFileTime		Status SUCCESS
1602142864.41		SetUnhandledExceptionFilter		Status FAILURE
1602142864.41		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142864.41	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142864.41		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142864.41		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142864.41		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142864.41		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 4684 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x00790000"	Status SUCCESS
1602142864.41	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142864.41		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

reg.exe 4768 4404

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142864.51		GetSystemTimeAsFileTime		Status SUCCESS
1602142864.51		SetUnhandledExceptionFilter		Status FAILURE
1602142864.52		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142864.52	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142864.52		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142864.52		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142864.52		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142864.52		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 4768 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x00790000"	Status SUCCESS
1602142864.52	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142864.52		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

d79e4c4ceb3abc8a51a01eff14a51694d7c25f9306ee71a922a01fddb48a15fe.exe 5116 4856

reg.exe 4344 4404

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142864.6		GetSystemTimeAsFileTime		Status SUCCESS
1602142864.6		SetUnhandledExceptionFilter		Status FAILURE
1602142864.6		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142864.6	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142864.6		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142864.6		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142864.6		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142864.6		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 4344 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x00790000"	Status SUCCESS
1602142864.6	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142864.6		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

cmd.exe 4452 4404

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	API	Arguments	Result
1602142864.62	GetSystemTimeAsFileTime		Status SUCCESS
1602142864.62	SetUnhandledExceptionFilter		Status FAILURE
1602142864.62	NtOpenThread	access: "0x001fffff" thread_name: "" thread_handle: "0x0000006c" process_identifier: 0	Status SUCCESS
1602142864.62	LdrGetDllHandle	module_name: "KERNEL32.DLL" stack_pivoted: 0 module_address: "0x7dd60000"	Status SUCCESS
1602142864.62	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd8a84f" module_address: "0x7dd60000" module: "kernel32" function_name: "SetThreadUILanguage"	Status SUCCESS
1602142864.62	RegOpenKeyExW	access: "0x00020019" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System" regkey_r: "Software\Policies\Microsoft\Windows\System" options: 0	Return Value 2 Status FAILURE
1602142864.62	RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000002" key_handle: "0x00000074" regkey: "HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor" regkey_r: "Software\Microsoft\Command Processor" options: 0	Status SUCCESS
1602142864.62	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DisableUNCCheck" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DisableUNCCheck"	Return Value 2 Status FAILURE
1602142864.62	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "EnableExtensions" reg_type: 4 value: 1 regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\EnableExtensions"	Status SUCCESS
1602142864.62	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DelayedExpansion" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DelayedExpansion"	Return Value 2 Status FAILURE

Showing 1 to 10 of 327 entries

cscript.exe 4928 4452

cmd.exe 4212 5116

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	API	Arguments	Result
1602142865.18	GetSystemTimeAsFileTime		Status SUCCESS
1602142865.18	SetUnhandledExceptionFilter		Status FAILURE
1602142865.18	NtOpenThread	access: "0x001fffff" thread_name: "" thread_handle: "0x0000006c" process_identifier: 0	Status SUCCESS
1602142865.18	LdrGetDllHandle	module_name: "KERNEL32.DLL" stack_pivoted: 0 module_address: "0x7dd60000"	Status SUCCESS
1602142865.18	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd8a84f" module_address: "0x7dd60000" module: "kernel32" function_name: "SetThreadUILanguage"	Status SUCCESS
1602142865.18	RegOpenKeyExW	access: "0x00020019" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System" regkey_r: "Software\Policies\Microsoft\Windows\System" options: 0	Return Value 2 Status FAILURE
1602142865.18	RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000002" key_handle: "0x00000074" regkey: "HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor" regkey_r: "Software\Microsoft\Command Processor" options: 0	Status SUCCESS
1602142865.18	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DisableUNCCheck" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DisableUNCCheck"	Return Value 2 Status FAILURE
1602142865.18	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "EnableExtensions" reg_type: 4 value: 1 regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\EnableExtensions"	Status SUCCESS
1602142865.18	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DelayedExpansion" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DelayedExpansion"	Return Value 2 Status FAILURE

Showing 1 to 10 of 74 entries

reg.exe 1528 5116

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142865.46		GetSystemTimeAsFileTime		Status SUCCESS
1602142865.46		SetUnhandledExceptionFilter		Status FAILURE
1602142865.46		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142865.46	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142865.46		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142865.46		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142865.46		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142865.46		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 1528 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x00790000"	Status SUCCESS
1602142865.46	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142865.46		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

reg.exe 5068 5116

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142865.63		GetSystemTimeAsFileTime		Status SUCCESS
1602142865.63		SetUnhandledExceptionFilter		Status FAILURE
1602142865.63		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142865.63	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142865.63		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142865.63		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142865.63		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142865.63		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 5068 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x00840000"	Status SUCCESS
1602142865.63	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142865.63		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

d79e4c4ceb3abc8a51a01eff14a51694d7c25f9306ee71a922a01fddb48a15fe.exe 4992 4212

reg.exe 4544 5116

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142865.74		GetSystemTimeAsFileTime		Status SUCCESS
1602142865.74		SetUnhandledExceptionFilter		Status FAILURE
1602142865.74		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142865.74	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142865.74		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142865.74		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142865.74		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142865.74		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 4544 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x00930000"	Status SUCCESS
1602142865.74	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142865.74		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

cmd.exe 4152 5116

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	API	Arguments	Result
1602142865.75	GetSystemTimeAsFileTime		Status SUCCESS
1602142865.75	SetUnhandledExceptionFilter		Status FAILURE
1602142865.75	NtOpenThread	access: "0x001fffff" thread_name: "" thread_handle: "0x0000006c" process_identifier: 0	Status SUCCESS
1602142865.75	LdrGetDllHandle	module_name: "KERNEL32.DLL" stack_pivoted: 0 module_address: "0x7dd60000"	Status SUCCESS
1602142865.75	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd8a84f" module_address: "0x7dd60000" module: "kernel32" function_name: "SetThreadUILanguage"	Status SUCCESS
1602142865.75	RegOpenKeyExW	access: "0x00020019" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System" regkey_r: "Software\Policies\Microsoft\Windows\System" options: 0	Return Value 2 Status FAILURE
1602142865.75	RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000002" key_handle: "0x00000074" regkey: "HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor" regkey_r: "Software\Microsoft\Command Processor" options: 0	Status SUCCESS
1602142865.75	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DisableUNCCheck" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DisableUNCCheck"	Return Value 2 Status FAILURE
1602142865.75	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "EnableExtensions" reg_type: 4 value: 1 regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\EnableExtensions"	Status SUCCESS
1602142865.75	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DelayedExpansion" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DelayedExpansion"	Return Value 2 Status FAILURE

Showing 1 to 10 of 327 entries

cscript.exe 5012 4152

cmd.exe 5076 4992

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	API	Arguments	Result
1602142865.99	GetSystemTimeAsFileTime		Status SUCCESS
1602142865.99	SetUnhandledExceptionFilter		Status FAILURE
1602142865.99	NtOpenThread	access: "0x001fffff" thread_name: "" thread_handle: "0x0000006c" process_identifier: 0	Status SUCCESS
1602142865.99	LdrGetDllHandle	module_name: "KERNEL32.DLL" stack_pivoted: 0 module_address: "0x7dd60000"	Status SUCCESS
1602142865.99	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd8a84f" module_address: "0x7dd60000" module: "kernel32" function_name: "SetThreadUILanguage"	Status SUCCESS
1602142865.99	RegOpenKeyExW	access: "0x00020019" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System" regkey_r: "Software\Policies\Microsoft\Windows\System" options: 0	Return Value 2 Status FAILURE
1602142865.99	RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000002" key_handle: "0x00000074" regkey: "HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor" regkey_r: "Software\Microsoft\Command Processor" options: 0	Status SUCCESS
1602142865.99	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DisableUNCCheck" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DisableUNCCheck"	Return Value 2 Status FAILURE
1602142865.99	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "EnableExtensions" reg_type: 4 value: 1 regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\EnableExtensions"	Status SUCCESS
1602142865.99	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DelayedExpansion" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DelayedExpansion"	Return Value 2 Status FAILURE

Showing 1 to 10 of 74 entries

reg.exe 1976 4992

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142866.24		GetSystemTimeAsFileTime		Status SUCCESS
1602142866.24		SetUnhandledExceptionFilter		Status FAILURE
1602142866.24		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142866.24	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142866.24		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142866.24		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142866.24		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142866.24		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 1976 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x00830000"	Status SUCCESS
1602142866.25	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142866.25		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

reg.exe 3660 4992

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142866.3		GetSystemTimeAsFileTime		Status SUCCESS
1602142866.3		SetUnhandledExceptionFilter		Status FAILURE
1602142866.3		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142866.3	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142866.3		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142866.3		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142866.3		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142866.3		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 3660 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x00790000"	Status SUCCESS
1602142866.3	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142866.3		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

d79e4c4ceb3abc8a51a01eff14a51694d7c25f9306ee71a922a01fddb48a15fe.exe 4580 5076

reg.exe 1928 4992

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142866.47		GetSystemTimeAsFileTime		Status SUCCESS
1602142866.47		SetUnhandledExceptionFilter		Status FAILURE
1602142866.47		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142866.47	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142866.47		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142866.47		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142866.47		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142866.47		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 1928 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x00830000"	Status SUCCESS
1602142866.47	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142866.47		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

cmd.exe 4716 4992

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	API	Arguments	Result
1602142866.43	GetSystemTimeAsFileTime		Status SUCCESS
1602142866.43	SetUnhandledExceptionFilter		Status FAILURE
1602142866.43	NtOpenThread	access: "0x001fffff" thread_name: "" thread_handle: "0x0000006c" process_identifier: 0	Status SUCCESS
1602142866.43	LdrGetDllHandle	module_name: "KERNEL32.DLL" stack_pivoted: 0 module_address: "0x7dd60000"	Status SUCCESS
1602142866.43	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd8a84f" module_address: "0x7dd60000" module: "kernel32" function_name: "SetThreadUILanguage"	Status SUCCESS
1602142866.44	RegOpenKeyExW	access: "0x00020019" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System" regkey_r: "Software\Policies\Microsoft\Windows\System" options: 0	Return Value 2 Status FAILURE
1602142866.44	RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000002" key_handle: "0x00000074" regkey: "HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor" regkey_r: "Software\Microsoft\Command Processor" options: 0	Status SUCCESS
1602142866.44	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DisableUNCCheck" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DisableUNCCheck"	Return Value 2 Status FAILURE
1602142866.44	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "EnableExtensions" reg_type: 4 value: 1 regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\EnableExtensions"	Status SUCCESS
1602142866.44	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DelayedExpansion" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DelayedExpansion"	Return Value 2 Status FAILURE

Showing 1 to 10 of 327 entries

cscript.exe 4936 4716

cmd.exe 4164 4580

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	API	Arguments	Result
1602142866.96	GetSystemTimeAsFileTime		Status SUCCESS
1602142866.96	SetUnhandledExceptionFilter		Status FAILURE
1602142866.96	NtOpenThread	access: "0x001fffff" thread_name: "" thread_handle: "0x0000006c" process_identifier: 0	Status SUCCESS
1602142866.96	LdrGetDllHandle	module_name: "KERNEL32.DLL" stack_pivoted: 0 module_address: "0x7dd60000"	Status SUCCESS
1602142866.96	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd8a84f" module_address: "0x7dd60000" module: "kernel32" function_name: "SetThreadUILanguage"	Status SUCCESS
1602142866.96	RegOpenKeyExW	access: "0x00020019" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System" regkey_r: "Software\Policies\Microsoft\Windows\System" options: 0	Return Value 2 Status FAILURE
1602142866.96	RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000002" key_handle: "0x00000074" regkey: "HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor" regkey_r: "Software\Microsoft\Command Processor" options: 0	Status SUCCESS
1602142866.96	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DisableUNCCheck" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DisableUNCCheck"	Return Value 2 Status FAILURE
1602142866.96	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "EnableExtensions" reg_type: 4 value: 1 regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\EnableExtensions"	Status SUCCESS
1602142866.96	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DelayedExpansion" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DelayedExpansion"	Return Value 2 Status FAILURE

Showing 1 to 10 of 74 entries

reg.exe 4480 4580

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142867.08		GetSystemTimeAsFileTime		Status SUCCESS
1602142867.08		SetUnhandledExceptionFilter		Status FAILURE
1602142867.08		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142867.08	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142867.08		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142867.08		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142867.08		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142867.08		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 4480 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x00790000"	Status SUCCESS
1602142867.08	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142867.08		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

reg.exe 2196 4580

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142867.17		GetSystemTimeAsFileTime		Status SUCCESS
1602142867.17		SetUnhandledExceptionFilter		Status FAILURE
1602142867.17		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142867.17	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142867.17		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142867.17		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142867.17		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142867.17		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 2196 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x007a0000"	Status SUCCESS
1602142867.17	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142867.17		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

reg.exe 4108 4580

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142867.69		GetSystemTimeAsFileTime		Status SUCCESS
1602142867.69		SetUnhandledExceptionFilter		Status FAILURE
1602142867.69		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142867.69	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142867.69		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142867.69		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142867.69		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142867.69		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 4108 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x00890000"	Status SUCCESS
1602142867.69	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142867.69		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

d79e4c4ceb3abc8a51a01eff14a51694d7c25f9306ee71a922a01fddb48a15fe.exe 4812 4164

cmd.exe 4456 4580

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	API	Arguments	Result
1602142867.77	GetSystemTimeAsFileTime		Status SUCCESS
1602142867.77	SetUnhandledExceptionFilter		Status FAILURE
1602142867.77	NtOpenThread	access: "0x001fffff" thread_name: "" thread_handle: "0x0000006c" process_identifier: 0	Status SUCCESS
1602142867.77	LdrGetDllHandle	module_name: "KERNEL32.DLL" stack_pivoted: 0 module_address: "0x7dd60000"	Status SUCCESS
1602142867.77	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd8a84f" module_address: "0x7dd60000" module: "kernel32" function_name: "SetThreadUILanguage"	Status SUCCESS
1602142867.77	RegOpenKeyExW	access: "0x00020019" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System" regkey_r: "Software\Policies\Microsoft\Windows\System" options: 0	Return Value 2 Status FAILURE
1602142867.77	RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000002" key_handle: "0x00000074" regkey: "HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor" regkey_r: "Software\Microsoft\Command Processor" options: 0	Status SUCCESS
1602142867.77	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DisableUNCCheck" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DisableUNCCheck"	Return Value 2 Status FAILURE
1602142867.77	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "EnableExtensions" reg_type: 4 value: 1 regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\EnableExtensions"	Status SUCCESS
1602142867.77	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DelayedExpansion" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DelayedExpansion"	Return Value 2 Status FAILURE

Showing 1 to 10 of 327 entries

cscript.exe 4200 4456

cmd.exe 4864 4812

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	API	Arguments	Result
1602142868.02	GetSystemTimeAsFileTime		Status SUCCESS
1602142868.03	SetUnhandledExceptionFilter		Status FAILURE
1602142868.03	NtOpenThread	access: "0x001fffff" thread_name: "" thread_handle: "0x0000006c" process_identifier: 0	Status SUCCESS
1602142868.03	LdrGetDllHandle	module_name: "KERNEL32.DLL" stack_pivoted: 0 module_address: "0x7dd60000"	Status SUCCESS
1602142868.03	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd8a84f" module_address: "0x7dd60000" module: "kernel32" function_name: "SetThreadUILanguage"	Status SUCCESS
1602142868.03	RegOpenKeyExW	access: "0x00020019" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System" regkey_r: "Software\Policies\Microsoft\Windows\System" options: 0	Return Value 2 Status FAILURE
1602142868.03	RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000002" key_handle: "0x00000074" regkey: "HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor" regkey_r: "Software\Microsoft\Command Processor" options: 0	Status SUCCESS
1602142868.03	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DisableUNCCheck" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DisableUNCCheck"	Return Value 2 Status FAILURE
1602142868.03	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "EnableExtensions" reg_type: 4 value: 1 regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\EnableExtensions"	Status SUCCESS
1602142868.03	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DelayedExpansion" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DelayedExpansion"	Return Value 2 Status FAILURE

Showing 1 to 10 of 74 entries

reg.exe 4288 4812

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142868.17		GetSystemTimeAsFileTime		Status SUCCESS
1602142868.17		SetUnhandledExceptionFilter		Status FAILURE
1602142868.17		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142868.17	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142868.17		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142868.17		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142868.17		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142868.19		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 4288 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x008c0000"	Status SUCCESS
1602142868.19	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142868.19		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

d79e4c4ceb3abc8a51a01eff14a51694d7c25f9306ee71a922a01fddb48a15fe.exe 5152 4864

reg.exe 4264 4812

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142868.34		GetSystemTimeAsFileTime		Status SUCCESS
1602142868.34		SetUnhandledExceptionFilter		Status FAILURE
1602142868.34		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142868.34	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142868.34		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142868.34		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142868.34		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142868.34		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 4264 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x00790000"	Status SUCCESS
1602142868.34	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142868.34		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

reg.exe 4720 4812

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142868.38		GetSystemTimeAsFileTime		Status SUCCESS
1602142868.38		SetUnhandledExceptionFilter		Status FAILURE
1602142868.38		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142868.38	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142868.38		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142868.38		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142868.38		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142868.38		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 4720 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x00890000"	Status SUCCESS
1602142868.38	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142868.38		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

cmd.exe 5228 4812

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	API	Arguments	Result
1602142868.39	GetSystemTimeAsFileTime		Status SUCCESS
1602142868.39	SetUnhandledExceptionFilter		Status FAILURE
1602142868.39	NtOpenThread	access: "0x001fffff" thread_name: "" thread_handle: "0x0000006c" process_identifier: 0	Status SUCCESS
1602142868.39	LdrGetDllHandle	module_name: "KERNEL32.DLL" stack_pivoted: 0 module_address: "0x7dd60000"	Status SUCCESS
1602142868.39	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd8a84f" module_address: "0x7dd60000" module: "kernel32" function_name: "SetThreadUILanguage"	Status SUCCESS
1602142868.39	RegOpenKeyExW	access: "0x00020019" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System" regkey_r: "Software\Policies\Microsoft\Windows\System" options: 0	Return Value 2 Status FAILURE
1602142868.39	RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000002" key_handle: "0x00000074" regkey: "HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor" regkey_r: "Software\Microsoft\Command Processor" options: 0	Status SUCCESS
1602142868.39	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DisableUNCCheck" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DisableUNCCheck"	Return Value 2 Status FAILURE
1602142868.39	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "EnableExtensions" reg_type: 4 value: 1 regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\EnableExtensions"	Status SUCCESS
1602142868.39	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DelayedExpansion" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DelayedExpansion"	Return Value 2 Status FAILURE

Showing 1 to 10 of 327 entries

cscript.exe 5324 5228

cmd.exe 5388 5152

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	API	Arguments	Result
1602142869.39	GetSystemTimeAsFileTime		Status SUCCESS
1602142869.39	SetUnhandledExceptionFilter		Status FAILURE
1602142869.39	NtOpenThread	access: "0x001fffff" thread_name: "" thread_handle: "0x0000006c" process_identifier: 0	Status SUCCESS
1602142869.39	LdrGetDllHandle	module_name: "KERNEL32.DLL" stack_pivoted: 0 module_address: "0x7dd60000"	Status SUCCESS
1602142869.39	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd8a84f" module_address: "0x7dd60000" module: "kernel32" function_name: "SetThreadUILanguage"	Status SUCCESS
1602142869.39	RegOpenKeyExW	access: "0x00020019" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System" regkey_r: "Software\Policies\Microsoft\Windows\System" options: 0	Return Value 2 Status FAILURE
1602142869.39	RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000002" key_handle: "0x00000074" regkey: "HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor" regkey_r: "Software\Microsoft\Command Processor" options: 0	Status SUCCESS
1602142869.39	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DisableUNCCheck" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DisableUNCCheck"	Return Value 2 Status FAILURE
1602142869.39	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "EnableExtensions" reg_type: 4 value: 1 regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\EnableExtensions"	Status SUCCESS
1602142869.39	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DelayedExpansion" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DelayedExpansion"	Return Value 2 Status FAILURE

Showing 1 to 10 of 74 entries

reg.exe 5440 5152

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142869.61		GetSystemTimeAsFileTime		Status SUCCESS
1602142869.61		SetUnhandledExceptionFilter		Status FAILURE
1602142869.61		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142869.61	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142869.61		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142869.61		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142869.61		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142869.61		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 5440 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x00790000"	Status SUCCESS
1602142869.61	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142869.61		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

reg.exe 5480 5152

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142869.64		GetSystemTimeAsFileTime		Status SUCCESS
1602142869.64		SetUnhandledExceptionFilter		Status FAILURE
1602142869.65		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142869.65	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142869.65		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142869.65		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142869.65		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142869.65		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 5480 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x00970000"	Status SUCCESS
1602142869.65	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142869.65		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

reg.exe 5572 5152

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142869.69		GetSystemTimeAsFileTime		Status SUCCESS
1602142869.69		SetUnhandledExceptionFilter		Status FAILURE
1602142869.69		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142869.69	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142869.69		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142869.69		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142869.69		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142869.69		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 5572 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x00790000"	Status SUCCESS
1602142869.69	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142869.69		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

cmd.exe 5628 5152

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	API	Arguments	Result
1602142869.7	GetSystemTimeAsFileTime		Status SUCCESS
1602142869.7	SetUnhandledExceptionFilter		Status FAILURE
1602142869.7	NtOpenThread	access: "0x001fffff" thread_name: "" thread_handle: "0x0000006c" process_identifier: 0	Status SUCCESS
1602142869.7	LdrGetDllHandle	module_name: "KERNEL32.DLL" stack_pivoted: 0 module_address: "0x7dd60000"	Status SUCCESS
1602142869.7	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd8a84f" module_address: "0x7dd60000" module: "kernel32" function_name: "SetThreadUILanguage"	Status SUCCESS
1602142869.7	RegOpenKeyExW	access: "0x00020019" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System" regkey_r: "Software\Policies\Microsoft\Windows\System" options: 0	Return Value 2 Status FAILURE
1602142869.7	RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000002" key_handle: "0x00000074" regkey: "HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor" regkey_r: "Software\Microsoft\Command Processor" options: 0	Status SUCCESS
1602142869.7	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DisableUNCCheck" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DisableUNCCheck"	Return Value 2 Status FAILURE
1602142869.7	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "EnableExtensions" reg_type: 4 value: 1 regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\EnableExtensions"	Status SUCCESS
1602142869.7	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DelayedExpansion" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DelayedExpansion"	Return Value 2 Status FAILURE

Showing 1 to 10 of 327 entries

d79e4c4ceb3abc8a51a01eff14a51694d7c25f9306ee71a922a01fddb48a15fe.exe 5508 5388

cscript.exe 5720 5628

cmd.exe 5788 5508

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	API	Arguments	Result
1602142870.29	GetSystemTimeAsFileTime		Status SUCCESS
1602142870.29	SetUnhandledExceptionFilter		Status FAILURE
1602142870.29	NtOpenThread	access: "0x001fffff" thread_name: "" thread_handle: "0x0000006c" process_identifier: 0	Status SUCCESS
1602142870.29	LdrGetDllHandle	module_name: "KERNEL32.DLL" stack_pivoted: 0 module_address: "0x7dd60000"	Status SUCCESS
1602142870.29	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd8a84f" module_address: "0x7dd60000" module: "kernel32" function_name: "SetThreadUILanguage"	Status SUCCESS
1602142870.29	RegOpenKeyExW	access: "0x00020019" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System" regkey_r: "Software\Policies\Microsoft\Windows\System" options: 0	Return Value 2 Status FAILURE
1602142870.29	RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000002" key_handle: "0x00000074" regkey: "HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor" regkey_r: "Software\Microsoft\Command Processor" options: 0	Status SUCCESS
1602142870.29	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DisableUNCCheck" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DisableUNCCheck"	Return Value 2 Status FAILURE
1602142870.29	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "EnableExtensions" reg_type: 4 value: 1 regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\EnableExtensions"	Status SUCCESS
1602142870.29	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DelayedExpansion" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DelayedExpansion"	Return Value 2 Status FAILURE

Showing 1 to 10 of 74 entries

reg.exe 5840 5508

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142870.81		GetSystemTimeAsFileTime		Status SUCCESS
1602142870.81		SetUnhandledExceptionFilter		Status FAILURE
1602142870.81		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142870.81	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142870.81		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142870.81		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142870.81		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142870.81		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 5840 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x00820000"	Status SUCCESS
1602142870.81	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142870.81		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

d79e4c4ceb3abc8a51a01eff14a51694d7c25f9306ee71a922a01fddb48a15fe.exe 5924 5788

reg.exe 5880 5508

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142871.03		GetSystemTimeAsFileTime		Status SUCCESS
1602142871.03		SetUnhandledExceptionFilter		Status FAILURE
1602142871.03		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142871.03	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142871.03		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142871.03		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142871.03		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142871.03		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 5880 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x00870000"	Status SUCCESS
1602142871.03	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142871.03		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

reg.exe 5968 5508

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142871.11		GetSystemTimeAsFileTime		Status SUCCESS
1602142871.11		SetUnhandledExceptionFilter		Status FAILURE
1602142871.11		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142871.11	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142871.11		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142871.11		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142871.11		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142871.11		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 5968 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x007a0000"	Status SUCCESS
1602142871.11	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142871.11		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

cmd.exe 6040 5508

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	API	Arguments	Result
1602142871.18	GetSystemTimeAsFileTime		Status SUCCESS
1602142871.18	SetUnhandledExceptionFilter		Status FAILURE
1602142871.18	NtOpenThread	access: "0x001fffff" thread_name: "" thread_handle: "0x0000006c" process_identifier: 0	Status SUCCESS
1602142871.18	LdrGetDllHandle	module_name: "KERNEL32.DLL" stack_pivoted: 0 module_address: "0x7dd60000"	Status SUCCESS
1602142871.18	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd8a84f" module_address: "0x7dd60000" module: "kernel32" function_name: "SetThreadUILanguage"	Status SUCCESS
1602142871.18	RegOpenKeyExW	access: "0x00020019" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System" regkey_r: "Software\Policies\Microsoft\Windows\System" options: 0	Return Value 2 Status FAILURE
1602142871.18	RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000002" key_handle: "0x00000074" regkey: "HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor" regkey_r: "Software\Microsoft\Command Processor" options: 0	Status SUCCESS
1602142871.18	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DisableUNCCheck" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DisableUNCCheck"	Return Value 2 Status FAILURE
1602142871.18	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "EnableExtensions" reg_type: 4 value: 1 regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\EnableExtensions"	Status SUCCESS
1602142871.18	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DelayedExpansion" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DelayedExpansion"	Return Value 2 Status FAILURE

Showing 1 to 10 of 327 entries

cscript.exe 6124 6040

cmd.exe 5128 5924

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	API	Arguments	Result
1602142872.76	GetSystemTimeAsFileTime		Status SUCCESS
1602142872.76	SetUnhandledExceptionFilter		Status FAILURE
1602142872.76	NtOpenThread	access: "0x001fffff" thread_name: "" thread_handle: "0x0000006c" process_identifier: 0	Status SUCCESS
1602142872.76	LdrGetDllHandle	module_name: "KERNEL32.DLL" stack_pivoted: 0 module_address: "0x7dd60000"	Status SUCCESS
1602142872.76	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd8a84f" module_address: "0x7dd60000" module: "kernel32" function_name: "SetThreadUILanguage"	Status SUCCESS
1602142872.76	RegOpenKeyExW	access: "0x00020019" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System" regkey_r: "Software\Policies\Microsoft\Windows\System" options: 0	Return Value 2 Status FAILURE
1602142872.76	RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000002" key_handle: "0x00000074" regkey: "HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor" regkey_r: "Software\Microsoft\Command Processor" options: 0	Status SUCCESS
1602142872.76	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DisableUNCCheck" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DisableUNCCheck"	Return Value 2 Status FAILURE
1602142872.76	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "EnableExtensions" reg_type: 4 value: 1 regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\EnableExtensions"	Status SUCCESS
1602142872.76	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DelayedExpansion" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DelayedExpansion"	Return Value 2 Status FAILURE

Showing 1 to 10 of 74 entries

reg.exe 5192 5924

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142874.05		GetSystemTimeAsFileTime		Status SUCCESS
1602142874.05		SetUnhandledExceptionFilter		Status FAILURE
1602142874.05		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142874.05	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142874.05		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142874.05		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142874.05		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142874.05		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 5192 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x007e0000"	Status SUCCESS
1602142874.05	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142874.05		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

d79e4c4ceb3abc8a51a01eff14a51694d7c25f9306ee71a922a01fddb48a15fe.exe 5136 5128

reg.exe 4112 5924

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142875.82		GetSystemTimeAsFileTime		Status SUCCESS
1602142875.82		SetUnhandledExceptionFilter		Status FAILURE
1602142875.82		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142875.82	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142875.82		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142875.82		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142875.82		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142875.82		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 4112 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x00850000"	Status SUCCESS
1602142875.82	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142875.82		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

reg.exe 5308 5924

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142877.14		GetSystemTimeAsFileTime		Status SUCCESS
1602142877.14		SetUnhandledExceptionFilter		Status FAILURE
1602142877.14		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142877.14	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142877.14		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142877.14		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142877.14		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142877.14		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 5308 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x00790000"	Status SUCCESS
1602142877.16	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142877.16		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

cmd.exe 5408 5136

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	API	Arguments	Result
1602142877.47	GetSystemTimeAsFileTime		Status SUCCESS
1602142877.47	SetUnhandledExceptionFilter		Status FAILURE
1602142877.47	NtOpenThread	access: "0x001fffff" thread_name: "" thread_handle: "0x0000006c" process_identifier: 0	Status SUCCESS
1602142877.49	LdrGetDllHandle	module_name: "KERNEL32.DLL" stack_pivoted: 0 module_address: "0x7dd60000"	Status SUCCESS
1602142877.49	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd8a84f" module_address: "0x7dd60000" module: "kernel32" function_name: "SetThreadUILanguage"	Status SUCCESS
1602142877.49	RegOpenKeyExW	access: "0x00020019" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System" regkey_r: "Software\Policies\Microsoft\Windows\System" options: 0	Return Value 2 Status FAILURE
1602142877.49	RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000002" key_handle: "0x00000074" regkey: "HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor" regkey_r: "Software\Microsoft\Command Processor" options: 0	Status SUCCESS
1602142877.49	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DisableUNCCheck" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DisableUNCCheck"	Return Value 2 Status FAILURE
1602142877.49	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "EnableExtensions" reg_type: 4 value: 1 regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\EnableExtensions"	Status SUCCESS
1602142877.49	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DelayedExpansion" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DelayedExpansion"	Return Value 2 Status FAILURE

Showing 1 to 10 of 65 entries

Previous1 2 3 4 5 6 7Next

cmd.exe 5452 5924

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	API	Arguments	Result
1602142877.86	GetSystemTimeAsFileTime		Status SUCCESS
1602142877.88	SetUnhandledExceptionFilter		Status FAILURE
1602142877.88	NtOpenThread	access: "0x001fffff" thread_name: "" thread_handle: "0x0000006c" process_identifier: 0	Status SUCCESS
1602142877.88	LdrGetDllHandle	module_name: "KERNEL32.DLL" stack_pivoted: 0 module_address: "0x7dd60000"	Status SUCCESS
1602142877.88	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd8a84f" module_address: "0x7dd60000" module: "kernel32" function_name: "SetThreadUILanguage"	Status SUCCESS
1602142877.88	RegOpenKeyExW	access: "0x00020019" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System" regkey_r: "Software\Policies\Microsoft\Windows\System" options: 0	Return Value 2 Status FAILURE
1602142877.88	RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000002" key_handle: "0x00000074" regkey: "HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor" regkey_r: "Software\Microsoft\Command Processor" options: 0	Status SUCCESS
1602142877.88	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DisableUNCCheck" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DisableUNCCheck"	Return Value 2 Status FAILURE
1602142877.88	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "EnableExtensions" reg_type: 4 value: 1 regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\EnableExtensions"	Status SUCCESS
1602142877.88	RegQueryValueExW	key_handle: "0x00000074" regkey_r: "DelayedExpansion" reg_type: 0 value: "" regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DelayedExpansion"	Return Value 2 Status FAILURE

Showing 1 to 10 of 327 entries

d79e4c4ceb3abc8a51a01eff14a51694d7c25f9306ee71a922a01fddb48a15fe.exe 5668 5408

cscript.exe 5664 5452

reg.exe 5596 5136

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142882.52		GetSystemTimeAsFileTime		Status SUCCESS
1602142882.52		SetUnhandledExceptionFilter		Status FAILURE
1602142882.52		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142882.52	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142882.52		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142882.56		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142882.56		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142882.56		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 5596 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x00910000"	Status SUCCESS
1602142882.57	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142882.57		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries

reg.exe 5732 5136

Filter:

Registry File Process Services Network Synchronization

Show entries

Search:

Time	Repeat	API	Arguments	Result
1602142882.98		GetSystemTimeAsFileTime		Status SUCCESS
1602142882.98		SetUnhandledExceptionFilter		Status FAILURE
1602142882.98		LdrLoadDll	module_name: "kernel32.dll" basename: "kernel32" module_address: "0x7dd60000" flags: 0 stack_pivoted: 0	Status SUCCESS
1602142882.98	2	LdrGetProcedureAddress	ordinal: 0 function_address: "0x7dd7719c" module_address: "0x7dd60000" module: "kernel32" function_name: "SortGetHandle"	Status SUCCESS
1602142882.98		GetSystemWindowsDirectoryW	dirpath: "C:\Windows"	Return Value 10 Status SUCCESS
1602142882.98		NtCreateFile	create_disposition: 1 file_handle: "0x00000078" filepath: "C:\Windows\Globalization\Sorting\sortdefault.nls" desired_access: "0x80100080" file_attributes: 128 filepath_r: "\??\C:\Windows\Globalization\Sorting\sortdefault.nls" create_options: 96 status_info: 1 share_access: 1	Status SUCCESS
1602142882.98		NtCreateSection	section_handle: "0x0000007c" object_handle: "0x00000000" desired_access: "0x000f0005" protection: 2 section_name: "" file_handle: "0x00000078"	Status SUCCESS
1602142882.98		NtMapViewOfSection	section_handle: "0x0000007c" process_identifier: 5732 commit_size: 0 win32_protect: 2 buffer: "" process_handle: "0xffffffff" allocation_type: 0 section_offset: 0 view_size: 2945024 base_address: "0x007f0000"	Status SUCCESS
1602142882.98	2	NtClose	handle: "0x0000007c"	Status SUCCESS
1602142882.98		RegOpenKeyExW	access: "0x02000000" base_handle: "0x80000001" key_handle: "0x00000000" regkey: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" regkey_r: "Software\Microsoft\Windows\CurrentVersion\Policies\System" options: 0	Return Value 2 Status FAILURE

Showing 1 to 10 of 38 entries