-
C:\Windows\SysWOW64\*.dll
-
C:\Users\*
-
C:\Windows\System32\*.exe
-
C:\Users\user\AppData\Local\Temp\bd356d3d2f1e5504a47d5f6d743411c721e4c8f0.exe
-
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\crypt32\DebugHeapFlags
-
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\DisableImprovedZoneCheck
-
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Security_HKLM_only
-
HKEY_CURRENT_USER\Volatile Environment\USERNAME
-
HKEY_CURRENT_USER\Volatile Environment\USERDOMAIN
-
-
HKEY_CURRENT_USER\Volatile Environment\APPDATA
-
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\InstallDate
-
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\AccessProviders\MartaExtension
-
Show More 3
-
kernel32.dll.VirtualAlloc
-
kernel32.dll.LoadLibraryA
-
kernel32.dll.GetProcAddress
-
kernel32.dll.VirtualProtect
-
kernel32.dll.FreeConsole
-
-
kernel32.dll.VirtualQuery
-
advapi32.dll.LookupAccountSidW
-
sechost.dll.LookupAccountSidLocalW
-
advapi32.dll.CreateWellKnownSid
-
rpcrt4.dll.RpcStringBindingComposeW
-
rpcrt4.dll.RpcBindingFromStringBindingW
-
rpcrt4.dll.RpcStringFreeW
-
rpcrt4.dll.RpcBindingSetAuthInfoExW
-
sechost.dll.LookupAccountNameLocalW
-
rpcrt4.dll.NdrClientCall2
-
rpcrt4.dll.RpcBindingFree
-
cryptsp.dll.CryptAcquireContextW
-
cryptsp.dll.CryptCreateHash
-
cryptsp.dll.CryptHashData
-
cryptsp.dll.CryptGetHashParam
-
cryptsp.dll.CryptDestroyHash
-
cryptsp.dll.CryptReleaseContext
-
ntmarta.dll.GetMartaExtensionInterface
-
kernel32.dll.ExitThread
-
kernel32.dll.HeapAlloc
-
kernel32.dll.HeapReAlloc
-
Show More 21
-
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\crypt32
-
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\crypt32\DebugHeapFlags
-
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings
-
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\DisableImprovedZoneCheck
-
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
-
-
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Security_HKLM_only
-
HKEY_USERS\
-
HKEY_USERS\.DEFAULT
-
HKEY_USERS\.DEFAULT\
-
HKEY_USERS\S-1-5-19
-
HKEY_USERS\S-1-5-19\
-
HKEY_USERS\S-1-5-20
-
HKEY_USERS\S-1-5-20\
-
HKEY_USERS\S-1-5-21-2298303332-66077612-2598613238-1000
-
HKEY_CURRENT_USER\
-
HKEY_CURRENT_USER\Volatile Environment
-
HKEY_CURRENT_USER\Volatile Environment\USERNAME
-
HKEY_CURRENT_USER\Volatile Environment\USERDOMAIN
-
HKEY_CURRENT_USER\Volatile Environment\APPDATA
-
HKEY_LOCAL_MACHINE\
-
HKEY_LOCAL_MACHINE\SOFTWARE
-
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft
-
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT
-
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion
-
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\InstallDate
-
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LSA\AccessProviders
-
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\AccessProviders\MartaExtension
-
Show More 22
-
{85d3790e-baa9-6105-70b4-1a7e92572918}
-
{14cba3df-b7ed-9d8c-240c-24e533fdfc64}
-
{6336aa74-ae16-e6c8-8cd6-feeacd6e3bd0}
-
{c7281f10-2f87-a74c-2a20-2d64ece47557}
-
{c8f702a8-cbfb-e181-9e75-d06d91540b0a}
-
-
{fbdf3e68-fffd-fe18-477c-a94c1bbf705d}
-
{ddfa361b-ea7b-00c6-de38-67241850096b}
-
{636158df-7139-1d1f-658b-9b41034a6af3}
-
{db38a22b-52ca-7410-1c00-e9039216e7a1}
-
{613dc117-1a7a-c0b3-61ca-5b830604d170}
-
{11e9708b-503e-6213-185e-04ef3b2ab393}
-
{84867105-b595-de4b-b228-235b2e8da285}
-
{c814c39d-f005-bacf-4316-f7e57ac2e31d}
-
{b355d625-3105-6422-c633-2450c2d13662}
-
Show More 9
bd356d3d2f1e5504a47d5f6d743411c721e4c8f0
