Action | Path | Val_Name | Val_Data |
---|
added | HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/Run | Windows Update System | "C:/Documents and Settings/dmc73144/Application Data/hostsys.exe"
|
added | HKLM/SYSTEM/ControlSet001/Services/SharedAccess/Parameters/FirewallPolicy/StandardProfile/AuthorizedApplications/List | Windows Update System | "C:/Documents and Settings/dmc73144/Application Data/hostsys.exe"
|
added | HKLM/SYSTEM/CurrentControlSet/Services/SharedAccess/Parameters/FirewallPolicy/StandardProfile/AuthorizedApplications/List | Windows Update System | "C:/Documents and Settings/dmc73144/Application Data/hostsys.exe"
|
added | HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Run | Windows Update System | "C:/Documents and Settings/dmc73144/Application Data/hostsys.exe"
|
Action | Path | Val_Name | Val_Data | Mod_Val_Data |
---|
modified | HKLM/SOFTWARE/Microsoft/Cryptography/RNG | Seed | 15 A4 98 C5 94 A2 92 2E 3F 96 F3 CE D3 4C 08 A0 AE 43 EA FD DD B6 0A 29 48 4C 5C | C4 F6 CF 29 0C 4A 13 31 70 0F 5A AD 59 2E 1A D3 EB 7B DF C9 85 11 93 F9 C8 E1 E3 |
modified | HKLM/SYSTEM/ControlSet001/Services/Eventlog/Application/ESENT | EventMessageFile | "c | "C:WINDOWSsystem32ESENT.dll" |
modified | HKLM/SYSTEM/ControlSet001/Services/Eventlog/Application/ESENT | CategoryMessageFile | "c | "C:WINDOWSsystem32ESENT.dll" |
modified | HKLM/SYSTEM/ControlSet001/Services/SharedAccess/Epoch | Epoch | 0x00000107 | 0x00000108 |
modified | HKLM/SYSTEM/CurrentControlSet/Services/Eventlog/Application/ESENT | EventMessageFile | "c | "C:WINDOWSsystem32ESENT.dll" |
modified | HKLM/SYSTEM/CurrentControlSet/Services/Eventlog/Application/ESENT | CategoryMessageFile | "c | "C:WINDOWSsystem32ESENT.dll" |
modified | HKLM/SYSTEM/CurrentControlSet/Services/SharedAccess/Epoch | Epoch | 0x00000107 | 0x00000108 |